KMSClientProvider need to be closed to free up the SSLFactory internally. See HADOOP-11368 for details.
Credit to Robert Kanter for finding this.
Implement TokenRenewer to renew and cancel delegation tokens in KMS
This only applies to the KMSTokenRenwer added by HADOOP-13155. Fixing in patch 1.
HDFS clients caches the provider in clientcontext, which closes the provider on cache removal.
The fix seems good to me. Can you add a unit test?
Good catch here Xiao. Do you want to also close the key provider in FSNamesystem? I think this only really affects unit tests, but would be good code hygiene.
This message was automatically generated.
Thanks a lot for the reviews, Robert and Andrew.
Patch adds the unit test for KMS, and also closes the instance in FSN.
Test failure look unrelated, and the checkstyle is about the test method being too long, which was already around the border before this change.
Thanks Xiao Chen. Committed to trunk and branch-2!
Thank you Robert Kanter!
Cherry picked to branch-2.8 as well to match HADOOP-13155.
SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #10902 (See https://builds.apache.org/job/Hadoop-trunk-Commit/10902/)
HADOOP-13838. KMSTokenRenewer should close providers (xiaochen via (rkanter: rev 47ca9e26fba4a639e43bee5bfc001ffc4b42330d)