[jira] [Commented] (HADOOP-11110) JavaKeystoreProvider should not report a key as created if it was not flushed to the backing file

Fri, 26 Sep 2014 17:28:08 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-11110?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14150262#comment-14150262
 ] 

Andrew Wang commented on HADOOP-11110:
--------------------------------------

Hi Arun, this looks great. I just have a few small comments:

- KeyShell, I notice that we print the success message before flushing in 
various places. Should these prints be moved down? I think we wouldn't see this 
when testing with the KMS since it always flushes implicitly, but we might when 
using JKS.
- FailureInjectingJKSP, could we make the "failjceks" string a public constant 
like "jceks" is in JKSP? We can also use JKSP#SCHEME_NAME rather than 
hardcoding "jceks" again.

Test:
- Some lines longer than 80 chars
- "faulre furing" is in two comments, typo ;)
- Rather than the wrapper that checks the getClass() is FIJKSP, we could use 
KeyProviderFactory#get to get explicitly a failjceks. This is more of a sure 
thing, and also we'd definitely not skip the test if somehow what we get out is 
not a FIJKSP.

> JavaKeystoreProvider should not report a key as created if it was not flushed 
> to the backing file
> -------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-11110
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11110
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 2.5.0
>            Reporter: Andrew Wang
>            Assignee: Arun Suresh
>         Attachments: HADOOP-11110.1.patch
>
>
> Testing with the KMS backed by JKS reveals the following:
> {noformat}
> [root@dlo-4 ~]# hadoop key create testkey -provider 
> kms://http@localhost:16000/kms
> testkey has not been created. Mkdirs failed to create file:xxxxx
> ....<stack trace>....
> [root@dlo-4 ~]# hadoop key list -provider kms://http@localhost:16000/kms
> Listing keys for KeyProvider: 
> KMSClientProvider[http://localhost:16000/kms/v1/]
> testkey
> {noformat}
> The JKS still has the key in memory and serves it up, but will disappear if 
> the KMS is restarted since it's not flushed to the file.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to