HADOOP-14563. LoadBalancingKMSClientProvider#warmUpEncryptedKeys swallows IOException. Contributed by Rushabh S Shah.
This commit is contained in:
parent
82cb2a6497
commit
8153fe2bd3
|
@ -39,6 +39,7 @@ import org.slf4j.Logger;
|
|||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import com.google.common.annotations.VisibleForTesting;
|
||||
import com.google.common.base.Preconditions;
|
||||
|
||||
/**
|
||||
* A simple LoadBalancing KMSClientProvider that round-robins requests
|
||||
|
@ -159,15 +160,24 @@ public class LoadBalancingKMSClientProvider extends KeyProvider implements
|
|||
// This request is sent to all providers in the load-balancing group
|
||||
@Override
|
||||
public void warmUpEncryptedKeys(String... keyNames) throws IOException {
|
||||
Preconditions.checkArgument(providers.length > 0,
|
||||
"No providers are configured");
|
||||
boolean success = false;
|
||||
IOException e = null;
|
||||
for (KMSClientProvider provider : providers) {
|
||||
try {
|
||||
provider.warmUpEncryptedKeys(keyNames);
|
||||
success = true;
|
||||
} catch (IOException ioe) {
|
||||
e = ioe;
|
||||
LOG.error(
|
||||
"Error warming up keys for provider with url"
|
||||
+ "[" + provider.getKMSUrl() + "]");
|
||||
+ "[" + provider.getKMSUrl() + "]", ioe);
|
||||
}
|
||||
}
|
||||
if (!success && e != null) {
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
||||
// This request is sent to all providers in the load-balancing group
|
||||
|
|
|
@ -34,6 +34,7 @@ import org.apache.hadoop.crypto.key.KeyProvider;
|
|||
import org.apache.hadoop.crypto.key.KeyProvider.Options;
|
||||
import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
|
||||
import org.apache.hadoop.security.authentication.client.AuthenticationException;
|
||||
import org.apache.hadoop.security.authorize.AuthorizationException;
|
||||
import org.junit.Test;
|
||||
import org.mockito.Mockito;
|
||||
|
||||
|
@ -257,4 +258,66 @@ public class TestLoadBalancingKMSClientProvider {
|
|||
"AuthenticationException"));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* tests {@link LoadBalancingKMSClientProvider#warmUpEncryptedKeys(String...)}
|
||||
* error handling in case when all the providers throws {@link IOException}.
|
||||
* @throws Exception
|
||||
*/
|
||||
@Test
|
||||
public void testWarmUpEncryptedKeysWhenAllProvidersFail() throws Exception {
|
||||
Configuration conf = new Configuration();
|
||||
KMSClientProvider p1 = mock(KMSClientProvider.class);
|
||||
String keyName = "key1";
|
||||
Mockito.doThrow(new IOException(new AuthorizationException("p1"))).when(p1)
|
||||
.warmUpEncryptedKeys(Mockito.anyString());
|
||||
KMSClientProvider p2 = mock(KMSClientProvider.class);
|
||||
Mockito.doThrow(new IOException(new AuthorizationException("p2"))).when(p2)
|
||||
.warmUpEncryptedKeys(Mockito.anyString());
|
||||
|
||||
when(p1.getKMSUrl()).thenReturn("p1");
|
||||
when(p2.getKMSUrl()).thenReturn("p2");
|
||||
|
||||
LoadBalancingKMSClientProvider kp = new LoadBalancingKMSClientProvider(
|
||||
new KMSClientProvider[] {p1, p2}, 0, conf);
|
||||
try {
|
||||
kp.warmUpEncryptedKeys(keyName);
|
||||
fail("Should fail since both providers threw IOException");
|
||||
} catch (Exception e) {
|
||||
assertTrue(e.getCause() instanceof IOException);
|
||||
}
|
||||
Mockito.verify(p1, Mockito.times(1)).warmUpEncryptedKeys(keyName);
|
||||
Mockito.verify(p2, Mockito.times(1)).warmUpEncryptedKeys(keyName);
|
||||
}
|
||||
|
||||
/**
|
||||
* tests {@link LoadBalancingKMSClientProvider#warmUpEncryptedKeys(String...)}
|
||||
* error handling in case atleast one provider succeeds.
|
||||
* @throws Exception
|
||||
*/
|
||||
@Test
|
||||
public void testWarmUpEncryptedKeysWhenOneProviderSucceeds()
|
||||
throws Exception {
|
||||
Configuration conf = new Configuration();
|
||||
KMSClientProvider p1 = mock(KMSClientProvider.class);
|
||||
String keyName = "key1";
|
||||
Mockito.doThrow(new IOException(new AuthorizationException("p1"))).when(p1)
|
||||
.warmUpEncryptedKeys(Mockito.anyString());
|
||||
KMSClientProvider p2 = mock(KMSClientProvider.class);
|
||||
Mockito.doNothing().when(p2)
|
||||
.warmUpEncryptedKeys(Mockito.anyString());
|
||||
|
||||
when(p1.getKMSUrl()).thenReturn("p1");
|
||||
when(p2.getKMSUrl()).thenReturn("p2");
|
||||
|
||||
LoadBalancingKMSClientProvider kp = new LoadBalancingKMSClientProvider(
|
||||
new KMSClientProvider[] {p1, p2}, 0, conf);
|
||||
try {
|
||||
kp.warmUpEncryptedKeys(keyName);
|
||||
} catch (Exception e) {
|
||||
fail("Should not throw Exception since p2 doesn't throw Exception");
|
||||
}
|
||||
Mockito.verify(p1, Mockito.times(1)).warmUpEncryptedKeys(keyName);
|
||||
Mockito.verify(p2, Mockito.times(1)).warmUpEncryptedKeys(keyName);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue