Example 1 with ValueQueue
use of org.apache.hadoop.crypto.key.kms.ValueQueue in project hadoop by apache.
the class TestKMS method testKMSProviderCaching.
@Test
public void testKMSProviderCaching() throws Exception {
Configuration conf = new Configuration();
File confDir = getTestDir();
conf = createBaseKMSConf(confDir, conf);
conf.set(KeyAuthorizationKeyProvider.KEY_ACL + "k1.ALL", "*");
writeConf(confDir, conf);
runServer(null, null, confDir, new KMSCallable<Void>() {
@Override
public Void call() throws Exception {
final String keyName = "k1";
final String mockVersionName = "mock";
final Configuration conf = new Configuration();
final URI uri = createKMSUri(getKMSUrl());
KMSClientProvider kmscp = createKMSClientProvider(uri, conf);
// get the reference to the internal cache, to test invalidation.
ValueQueue vq = (ValueQueue) Whitebox.getInternalState(kmscp, "encKeyVersionQueue");
LoadingCache<String, LinkedBlockingQueue<EncryptedKeyVersion>> kq = ((LoadingCache<String, LinkedBlockingQueue<EncryptedKeyVersion>>) Whitebox.getInternalState(vq, "keyQueues"));
EncryptedKeyVersion mockEKV = Mockito.mock(EncryptedKeyVersion.class);
when(mockEKV.getEncryptionKeyName()).thenReturn(keyName);
when(mockEKV.getEncryptionKeyVersionName()).thenReturn(mockVersionName);
// createKey()
KeyProvider.Options options = new KeyProvider.Options(conf);
options.setCipher("AES/CTR/NoPadding");
options.setBitLength(128);
options.setDescription("l1");
KeyProvider.KeyVersion kv0 = kmscp.createKey(keyName, options);
assertNotNull(kv0.getVersionName());
assertEquals("Default key version name is incorrect.", "k1@0", kmscp.generateEncryptedKey(keyName).getEncryptionKeyVersionName());
kmscp.invalidateCache(keyName);
kq.get(keyName).put(mockEKV);
assertEquals("Key version incorrect after invalidating cache + putting" + " mock key.", mockVersionName, kmscp.generateEncryptedKey(keyName).getEncryptionKeyVersionName());
// test new version is returned after invalidation.
for (int i = 0; i < 100; ++i) {
kq.get(keyName).put(mockEKV);
kmscp.invalidateCache(keyName);
assertEquals("Cache invalidation guarantee failed.", "k1@0", kmscp.generateEncryptedKey(keyName).getEncryptionKeyVersionName());
}
return null;
}
});
}
Also used :
KeyProvider(org.apache.hadoop.crypto.key.KeyProvider)
Options(org.apache.hadoop.crypto.key.KeyProvider.Options)
Configuration(org.apache.hadoop.conf.Configuration)
KeyVersion(org.apache.hadoop.crypto.key.KeyProvider.KeyVersion)
EncryptedKeyVersion(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion)
URI(java.net.URI)
KMSClientProvider(org.apache.hadoop.crypto.key.kms.KMSClientProvider)
LoadBalancingKMSClientProvider(org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider)
AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException)
SocketTimeoutException(java.net.SocketTimeoutException)
IOException(java.io.IOException)
EncryptedKeyVersion(org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion)
ValueQueue(org.apache.hadoop.crypto.key.kms.ValueQueue)
Options(org.apache.hadoop.crypto.key.KeyProvider.Options)
LoadingCache(com.google.common.cache.LoadingCache)
File(java.io.File)
Test(org.junit.Test)
Aggregations
LoadingCache (com.google.common.cache.LoadingCache)1
File (java.io.File)1
IOException (java.io.IOException)1
SocketTimeoutException (java.net.SocketTimeoutException)1
URI (java.net.URI)1
Configuration (org.apache.hadoop.conf.Configuration)1
KeyProvider (org.apache.hadoop.crypto.key.KeyProvider)1
KeyVersion (org.apache.hadoop.crypto.key.KeyProvider.KeyVersion)1
Options (org.apache.hadoop.crypto.key.KeyProvider.Options)1
EncryptedKeyVersion (org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.EncryptedKeyVersion)1
KMSClientProvider (org.apache.hadoop.crypto.key.kms.KMSClientProvider)1
LoadBalancingKMSClientProvider (org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider)1
ValueQueue (org.apache.hadoop.crypto.key.kms.ValueQueue)1
AuthorizationException (org.apache.hadoop.security.authorize.AuthorizationException)1
Test (org.junit.Test)1
