HADOOP-14563. LoadBalancingKMSClientProvider#warmUpEncryptedKeys swallows IOException. Contributed by Rushabh S Shah.
This commit is contained in:
parent
82cb2a6497
commit
8153fe2bd3
|
@ -39,6 +39,7 @@ import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
import com.google.common.annotations.VisibleForTesting;
|
import com.google.common.annotations.VisibleForTesting;
|
||||||
|
import com.google.common.base.Preconditions;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A simple LoadBalancing KMSClientProvider that round-robins requests
|
* A simple LoadBalancing KMSClientProvider that round-robins requests
|
||||||
|
@ -159,15 +160,24 @@ public class LoadBalancingKMSClientProvider extends KeyProvider implements
|
||||||
// This request is sent to all providers in the load-balancing group
|
// This request is sent to all providers in the load-balancing group
|
||||||
@Override
|
@Override
|
||||||
public void warmUpEncryptedKeys(String... keyNames) throws IOException {
|
public void warmUpEncryptedKeys(String... keyNames) throws IOException {
|
||||||
|
Preconditions.checkArgument(providers.length > 0,
|
||||||
|
"No providers are configured");
|
||||||
|
boolean success = false;
|
||||||
|
IOException e = null;
|
||||||
for (KMSClientProvider provider : providers) {
|
for (KMSClientProvider provider : providers) {
|
||||||
try {
|
try {
|
||||||
provider.warmUpEncryptedKeys(keyNames);
|
provider.warmUpEncryptedKeys(keyNames);
|
||||||
|
success = true;
|
||||||
} catch (IOException ioe) {
|
} catch (IOException ioe) {
|
||||||
|
e = ioe;
|
||||||
LOG.error(
|
LOG.error(
|
||||||
"Error warming up keys for provider with url"
|
"Error warming up keys for provider with url"
|
||||||
+ "[" + provider.getKMSUrl() + "]");
|
+ "[" + provider.getKMSUrl() + "]", ioe);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if (!success && e != null) {
|
||||||
|
throw e;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// This request is sent to all providers in the load-balancing group
|
// This request is sent to all providers in the load-balancing group
|
||||||
|
|
|
@ -34,6 +34,7 @@ import org.apache.hadoop.crypto.key.KeyProvider;
|
||||||
import org.apache.hadoop.crypto.key.KeyProvider.Options;
|
import org.apache.hadoop.crypto.key.KeyProvider.Options;
|
||||||
import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
|
import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
|
||||||
import org.apache.hadoop.security.authentication.client.AuthenticationException;
|
import org.apache.hadoop.security.authentication.client.AuthenticationException;
|
||||||
|
import org.apache.hadoop.security.authorize.AuthorizationException;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.mockito.Mockito;
|
import org.mockito.Mockito;
|
||||||
|
|
||||||
|
@ -257,4 +258,66 @@ public class TestLoadBalancingKMSClientProvider {
|
||||||
"AuthenticationException"));
|
"AuthenticationException"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* tests {@link LoadBalancingKMSClientProvider#warmUpEncryptedKeys(String...)}
|
||||||
|
* error handling in case when all the providers throws {@link IOException}.
|
||||||
|
* @throws Exception
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testWarmUpEncryptedKeysWhenAllProvidersFail() throws Exception {
|
||||||
|
Configuration conf = new Configuration();
|
||||||
|
KMSClientProvider p1 = mock(KMSClientProvider.class);
|
||||||
|
String keyName = "key1";
|
||||||
|
Mockito.doThrow(new IOException(new AuthorizationException("p1"))).when(p1)
|
||||||
|
.warmUpEncryptedKeys(Mockito.anyString());
|
||||||
|
KMSClientProvider p2 = mock(KMSClientProvider.class);
|
||||||
|
Mockito.doThrow(new IOException(new AuthorizationException("p2"))).when(p2)
|
||||||
|
.warmUpEncryptedKeys(Mockito.anyString());
|
||||||
|
|
||||||
|
when(p1.getKMSUrl()).thenReturn("p1");
|
||||||
|
when(p2.getKMSUrl()).thenReturn("p2");
|
||||||
|
|
||||||
|
LoadBalancingKMSClientProvider kp = new LoadBalancingKMSClientProvider(
|
||||||
|
new KMSClientProvider[] {p1, p2}, 0, conf);
|
||||||
|
try {
|
||||||
|
kp.warmUpEncryptedKeys(keyName);
|
||||||
|
fail("Should fail since both providers threw IOException");
|
||||||
|
} catch (Exception e) {
|
||||||
|
assertTrue(e.getCause() instanceof IOException);
|
||||||
|
}
|
||||||
|
Mockito.verify(p1, Mockito.times(1)).warmUpEncryptedKeys(keyName);
|
||||||
|
Mockito.verify(p2, Mockito.times(1)).warmUpEncryptedKeys(keyName);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* tests {@link LoadBalancingKMSClientProvider#warmUpEncryptedKeys(String...)}
|
||||||
|
* error handling in case atleast one provider succeeds.
|
||||||
|
* @throws Exception
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testWarmUpEncryptedKeysWhenOneProviderSucceeds()
|
||||||
|
throws Exception {
|
||||||
|
Configuration conf = new Configuration();
|
||||||
|
KMSClientProvider p1 = mock(KMSClientProvider.class);
|
||||||
|
String keyName = "key1";
|
||||||
|
Mockito.doThrow(new IOException(new AuthorizationException("p1"))).when(p1)
|
||||||
|
.warmUpEncryptedKeys(Mockito.anyString());
|
||||||
|
KMSClientProvider p2 = mock(KMSClientProvider.class);
|
||||||
|
Mockito.doNothing().when(p2)
|
||||||
|
.warmUpEncryptedKeys(Mockito.anyString());
|
||||||
|
|
||||||
|
when(p1.getKMSUrl()).thenReturn("p1");
|
||||||
|
when(p2.getKMSUrl()).thenReturn("p2");
|
||||||
|
|
||||||
|
LoadBalancingKMSClientProvider kp = new LoadBalancingKMSClientProvider(
|
||||||
|
new KMSClientProvider[] {p1, p2}, 0, conf);
|
||||||
|
try {
|
||||||
|
kp.warmUpEncryptedKeys(keyName);
|
||||||
|
} catch (Exception e) {
|
||||||
|
fail("Should not throw Exception since p2 doesn't throw Exception");
|
||||||
|
}
|
||||||
|
Mockito.verify(p1, Mockito.times(1)).warmUpEncryptedKeys(keyName);
|
||||||
|
Mockito.verify(p2, Mockito.times(1)).warmUpEncryptedKeys(keyName);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue