diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index d401b748fc..06fae6a50d 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -336,6 +336,9 @@ Trunk (Unreleased) HADOOP-10645. TestKMS fails because race condition writing acl files. (tucu) + HADOOP-10611. KMS, keyVersion name should not be assumed to be + keyName@versionNumber. (tucu) + OPTIMIZATIONS HADOOP-7761. Improve the performance of raw comparisons. (todd) diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java index ff30f86de3..4c87ee1e8b 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java @@ -517,8 +517,4 @@ public void flush() throws IOException { // the server should not keep in memory state on behalf of clients either. } - @VisibleForTesting - public static String buildVersionName(String name, int version) { - return KeyProvider.buildVersionName(name, version); - } } diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSCacheKeyProvider.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSCacheKeyProvider.java index 835326fad5..e453c16980 100644 --- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSCacheKeyProvider.java +++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSCacheKeyProvider.java @@ -135,14 +135,11 @@ public KeyVersion createKey(String name, @Override public void deleteKey(String name) throws IOException { - Metadata metadata = provider.getMetadata(name); - List versions = new ArrayList(metadata.getVersions()); - for (int i = 0; i < metadata.getVersions(); i++) { - versions.add(KeyProvider.buildVersionName(name, i)); - } provider.deleteKey(name); currentKeyCache.invalidate(name); - keyVersionCache.invalidateAll(versions); + // invalidating all key versions as we don't know which ones belonged to the + // deleted key + keyVersionCache.invalidateAll(); } @Override diff --git a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java index 75e32d49ae..70aa59896c 100644 --- a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java +++ b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java @@ -577,7 +577,9 @@ public Void run() throws Exception { Assert.fail(ex.toString()); } try { - kp.getKeyVersion(KMSClientProvider.buildVersionName("k", 0)); + // we are using JavaKeyStoreProvider for testing, so we know how + // the keyversion is created. + kp.getKeyVersion("k@0"); Assert.fail(); } catch (AuthorizationException ex) { //NOP