HDDS-596. Add robot test for OM Block Token. Contributed by Ajay Kumar.

This closes (#581)

(cherry picked from commit 599e926d46)
This commit is contained in:
Ajay Yadav 2019-03-11 15:01:04 -07:00 committed by Xiaoyu Yao
parent 1050bf42fa
commit 6028aefb57
5 changed files with 28 additions and 9 deletions

View File

@ -224,12 +224,16 @@ public class DefaultCAServer implements CertificateServer {
break;
case KERBEROS_TRUSTED:
case TESTING_AUTOMATIC:
X509CertificateHolder xcert = approver.sign(config,
getCAKeys().getPrivate(),
getCACertificate(), java.sql.Date.valueOf(beginDate),
java.sql.Date.valueOf(endDate), csr, scmID, clusterID);
store.storeValidCertificate(xcert.getSerialNumber(),
CertificateCodec.getX509Certificate(xcert));
X509CertificateHolder xcert;
try {
xcert = signAndStoreCertificate(beginDate, endDate, csr);
} catch (SCMSecurityException e) {
// Certificate with conflicting serial id, retry again may resolve
// this issue.
LOG.error("Certificate storage failed, retrying one more time.", e);
xcert = signAndStoreCertificate(beginDate, endDate, csr);
}
xcertHolder.complete(xcert);
break;
default:
@ -242,6 +246,18 @@ public class DefaultCAServer implements CertificateServer {
return xcertHolder;
}
private X509CertificateHolder signAndStoreCertificate(LocalDate beginDate, LocalDate endDate,
PKCS10CertificationRequest csr) throws IOException,
OperatorCreationException, CertificateException {
X509CertificateHolder xcert = approver.sign(config,
getCAKeys().getPrivate(),
getCACertificate(), java.sql.Date.valueOf(beginDate),
java.sql.Date.valueOf(endDate), csr, scmID, clusterID);
store.storeValidCertificate(xcert.getSerialNumber(),
CertificateCodec.getX509Certificate(xcert));
return xcert;
}
@Override
public Future<X509CertificateHolder> requestCertificate(String csr,
CertificateApprover.ApprovalType type) throws IOException {

View File

@ -38,7 +38,6 @@ services:
image: apache/hadoop-runner
volumes:
- ../..:/opt/hadoop
hostname: datanode
ports:
- 9864
command: ["/opt/hadoop/bin/ozone","datanode"]

View File

@ -23,6 +23,7 @@ OZONE-SITE.XML_ozone.scm.block.client.address=scm
OZONE-SITE.XML_ozone.metadata.dirs=/data/metadata
OZONE-SITE.XML_ozone.handler.type=distributed
OZONE-SITE.XML_ozone.scm.client.address=scm
OZONE-SITE.XML_hdds.block.token.enabled=true
OZONE-SITE.XML_ozone.replication=1
OZONE-SITE.XML_hdds.scm.kerberos.principal=scm/scm@EXAMPLE.COM
OZONE-SITE.XML_hdds.scm.kerberos.keytab.file=/etc/security/keytabs/scm.keytab

View File

@ -23,7 +23,8 @@ Create volume and bucket
${rc} ${output} = Run And Return Rc And Output ozone sh volume create o3://om/fstest --user bilbo --quota 100TB --root
Should contain ${output} Client cannot authenticate via
# Authenticate testuser
Execute kinit -k testuser/datanode@EXAMPLE.COM -t /etc/security/keytabs/testuser.keytab
${hostname}= Execute hostname
Execute kinit -k testuser/${hostname}@EXAMPLE.COM -t /etc/security/keytabs/testuser.keytab
Execute ozone sh volume create o3://om/fstest --user bilbo --quota 100TB --root
Execute ozone sh volume create o3://om/fstest2 --user bilbo --quota 100TB --root
Execute ozone sh bucket create o3://om/fstest/bucket1
@ -107,5 +108,5 @@ Run ozoneFS tests
Execute ls -l GET.txt
${rc} ${result} = Run And Return Rc And Output ozone fs -ls o3fs://abcde.pqrs/
Should Be Equal As Integers ${rc} 1
Should contain ${result} VOLUME_NOT_FOUND
Should contain ${result} Volume pqrs is not found

View File

@ -151,6 +151,8 @@ if [ "$RUN_ALL" = true ]; then
execute_tests ozone-hdfs "${TESTS[@]}"
TESTS=("s3")
execute_tests ozones3 "${TESTS[@]}"
TESTS=("security")
execute_tests ozonesecure "${TESTS[@]}"
else
execute_tests "$DOCKERENV" "${POSITIONAL[@]}"
fi