diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 6e7b661f644..1bbaebc0af6 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -222,6 +222,9 @@ Release 2.6.0 - UNRELEASED HADOOP-10645. TestKMS fails because race condition writing acl files. (tucu) + HADOOP-10611. KMS, keyVersion name should not be assumed to be + keyName@versionNumber. (tucu) + Release 2.5.0 - 2014-08-11 INCOMPATIBLE CHANGES diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java index ff30f86de37..4c87ee1e8b3 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java @@ -517,8 +517,4 @@ public class KMSClientProvider extends KeyProvider { // the server should not keep in memory state on behalf of clients either. } - @VisibleForTesting - public static String buildVersionName(String name, int version) { - return KeyProvider.buildVersionName(name, version); - } } diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSCacheKeyProvider.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSCacheKeyProvider.java index 835326fad50..e453c16980d 100644 --- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSCacheKeyProvider.java +++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSCacheKeyProvider.java @@ -135,14 +135,11 @@ public class KMSCacheKeyProvider extends KeyProvider { @Override public void deleteKey(String name) throws IOException { - Metadata metadata = provider.getMetadata(name); - List versions = new ArrayList(metadata.getVersions()); - for (int i = 0; i < metadata.getVersions(); i++) { - versions.add(KeyProvider.buildVersionName(name, i)); - } provider.deleteKey(name); currentKeyCache.invalidate(name); - keyVersionCache.invalidateAll(versions); + // invalidating all key versions as we don't know which ones belonged to the + // deleted key + keyVersionCache.invalidateAll(); } @Override diff --git a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java index 75e32d49ae8..70aa59896c6 100644 --- a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java +++ b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java @@ -577,7 +577,9 @@ public class TestKMS { Assert.fail(ex.toString()); } try { - kp.getKeyVersion(KMSClientProvider.buildVersionName("k", 0)); + // we are using JavaKeyStoreProvider for testing, so we know how + // the keyversion is created. + kp.getKeyVersion("k@0"); Assert.fail(); } catch (AuthorizationException ex) { //NOP