An error occurred while reading the key ring

[da1rren]

We are running some integration tests in a docker container and it appears that we are encountering the following exception. Everything is pretty standard we don't even directly reference the data protector and it all works outside the container.

.NET core 2.1

Exception

Microsoft (R) Test Execution Command Line Tool Version 15.7.0
Copyright (c) Microsoft Corporation.  All rights reserved.
Starting test execution, please wait...
Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35]
      No XML encryptor configured. Key {d53a4cf9-f22c-4723-833b-1c9d3d92de1c} may be persisted to storage in unencrypted form.
Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35]
      No XML encryptor configured. Key {c882fb25-423d-40b0-af65-175dc37bd26f} may be persisted to storage in unencrypted form.
Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider[48]
      An error occurred while reading the key ring.
System.IO.IOException: The process cannot access the file '/root/.aspnet/DataProtection-Keys/key-c882fb25-423d-40b0-af65-175dc37bd26f.xml' because it is being used by another process.
   at System.IO.FileStream.Init(FileMode mode, FileShare share)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
   at System.IO.File.OpenRead(String path)
   at Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository.ReadElementFromFile(String fullPath)
   at Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository.GetAllElementsCore()+MoveNext()
   at System.Collections.Generic.List`1.AddEnumerable(IEnumerable`1 enumerable)
   at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)
   at Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository.GetAllElements()
   at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.GetAllKeys()
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider.CreateCacheableKeyRingCore(DateTimeOffset now, IKey keyJustAdded)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider.CreateCacheableKeyRingCore(DateTimeOffset now, IKey keyJustAdded)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.ICacheableKeyRingProvider.GetCacheableKeyRing(DateTimeOffset now)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider.GetCurrentKeyRingCore(DateTime utcNow)

Dockerfile

FROM microsoft/dotnet:2.1-sdk AS build
WORKDIR /src

# Copy supporting projects
COPY Onboard.Api.sln ./
COPY docker-compose.dcproj ./
COPY Onboard.Core.Tests/Onboard.Core.Tests.csproj Onboard.Core.Tests/

# Copy Core
COPY Onboard.Core/Onboard.Core.csproj Onboard.Core/
COPY Onboard.Core/Nuget.config Onboard.Core/

# Copy main project
COPY Onboard.Api.People/Onboard.Api.People.csproj Onboard.Api.People/

# Copy test project
COPY Onboard.Api.People.Tests/Onboard.Api.People.Tests.csproj Onboard.Api.People.Tests/


# Restore packages
RUN dotnet restore Onboard.Core --configfile Onboard.Core/Nuget.config -nowarn:msb3202,nu1503
RUN dotnet restore Onboard.Core.Tests --configfile Onboard.Core/Nuget.config -nowarn:msb3202,nu1503
RUN dotnet restore Onboard.Api.People --configfile Onboard.Core/Nuget.config -nowarn:msb3202,nu1503
RUN dotnet restore Onboard.Api.People.Tests --configfile Onboard.Core/Nuget.config -nowarn:msb3202,nu1503

COPY . .

# Build project
WORKDIR /src/Onboard.Api.People.Tests
ENTRYPOINT ["dotnet", "test", "Onboard.Api.People.Tests.csproj", "-l", "trx;LogFileName=/artifacts/people-results.trx"]

[blowdart]

You may not be using directly, but ASP.NET uses it internally for cookies and csrf values.

Does it only happen in tests? Are the tests running parallel? What are the tests doing? How is the test setup configured? (you must have a pipeline somewhere to encounter this)

If you're spinning up the asp.net pipeline you could just configure data protection to use the in memory provider.

[da1rren]

Does it only happen in tests?

Yes, and only when running in docker

Are the tests running parallel?

They are and disabling parallelism appears to resolve the issue

What are the tests doing?

Basic CRUD operations.

How is the test setup configured?

Xunit & Microsoft.AspNetCore.Mvc.Testing

I'll try in the memory provider and see if that allows us to run on multiple threads. It would be a shame to lose that perf.

[blowdart]

Well in memory would increase perf in testing as well, so bonus :D

[da1rren]

So I finally got a chance to look at this problem again. Am I correct in saying I just need to do an implementation of IXmlRepository Interface in order to create an in-memory store. Or is there a prebuilt provider. I don't see any on Here

[blowdart]

Sorry, I missed this. There's a prebuilt one for you, EphemeralXmlRepository, which you can get to via EphemeralDataProtectionProvider, and UseEphemeralDataProtectionProvider