HDDS-596. Add robot test for OM Block Token. Contributed by Ajay Kumar.
This closes (#581)
(cherry picked from commit 599e926d46
)
This commit is contained in:
parent
1050bf42fa
commit
6028aefb57
|
@ -224,12 +224,16 @@ public class DefaultCAServer implements CertificateServer {
|
|||
break;
|
||||
case KERBEROS_TRUSTED:
|
||||
case TESTING_AUTOMATIC:
|
||||
X509CertificateHolder xcert = approver.sign(config,
|
||||
getCAKeys().getPrivate(),
|
||||
getCACertificate(), java.sql.Date.valueOf(beginDate),
|
||||
java.sql.Date.valueOf(endDate), csr, scmID, clusterID);
|
||||
store.storeValidCertificate(xcert.getSerialNumber(),
|
||||
CertificateCodec.getX509Certificate(xcert));
|
||||
X509CertificateHolder xcert;
|
||||
try {
|
||||
xcert = signAndStoreCertificate(beginDate, endDate, csr);
|
||||
} catch (SCMSecurityException e) {
|
||||
// Certificate with conflicting serial id, retry again may resolve
|
||||
// this issue.
|
||||
LOG.error("Certificate storage failed, retrying one more time.", e);
|
||||
xcert = signAndStoreCertificate(beginDate, endDate, csr);
|
||||
}
|
||||
|
||||
xcertHolder.complete(xcert);
|
||||
break;
|
||||
default:
|
||||
|
@ -242,6 +246,18 @@ public class DefaultCAServer implements CertificateServer {
|
|||
return xcertHolder;
|
||||
}
|
||||
|
||||
private X509CertificateHolder signAndStoreCertificate(LocalDate beginDate, LocalDate endDate,
|
||||
PKCS10CertificationRequest csr) throws IOException,
|
||||
OperatorCreationException, CertificateException {
|
||||
X509CertificateHolder xcert = approver.sign(config,
|
||||
getCAKeys().getPrivate(),
|
||||
getCACertificate(), java.sql.Date.valueOf(beginDate),
|
||||
java.sql.Date.valueOf(endDate), csr, scmID, clusterID);
|
||||
store.storeValidCertificate(xcert.getSerialNumber(),
|
||||
CertificateCodec.getX509Certificate(xcert));
|
||||
return xcert;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Future<X509CertificateHolder> requestCertificate(String csr,
|
||||
CertificateApprover.ApprovalType type) throws IOException {
|
||||
|
|
|
@ -38,7 +38,6 @@ services:
|
|||
image: apache/hadoop-runner
|
||||
volumes:
|
||||
- ../..:/opt/hadoop
|
||||
hostname: datanode
|
||||
ports:
|
||||
- 9864
|
||||
command: ["/opt/hadoop/bin/ozone","datanode"]
|
||||
|
|
|
@ -23,6 +23,7 @@ OZONE-SITE.XML_ozone.scm.block.client.address=scm
|
|||
OZONE-SITE.XML_ozone.metadata.dirs=/data/metadata
|
||||
OZONE-SITE.XML_ozone.handler.type=distributed
|
||||
OZONE-SITE.XML_ozone.scm.client.address=scm
|
||||
OZONE-SITE.XML_hdds.block.token.enabled=true
|
||||
OZONE-SITE.XML_ozone.replication=1
|
||||
OZONE-SITE.XML_hdds.scm.kerberos.principal=scm/scm@EXAMPLE.COM
|
||||
OZONE-SITE.XML_hdds.scm.kerberos.keytab.file=/etc/security/keytabs/scm.keytab
|
||||
|
|
|
@ -23,7 +23,8 @@ Create volume and bucket
|
|||
${rc} ${output} = Run And Return Rc And Output ozone sh volume create o3://om/fstest --user bilbo --quota 100TB --root
|
||||
Should contain ${output} Client cannot authenticate via
|
||||
# Authenticate testuser
|
||||
Execute kinit -k testuser/datanode@EXAMPLE.COM -t /etc/security/keytabs/testuser.keytab
|
||||
${hostname}= Execute hostname
|
||||
Execute kinit -k testuser/${hostname}@EXAMPLE.COM -t /etc/security/keytabs/testuser.keytab
|
||||
Execute ozone sh volume create o3://om/fstest --user bilbo --quota 100TB --root
|
||||
Execute ozone sh volume create o3://om/fstest2 --user bilbo --quota 100TB --root
|
||||
Execute ozone sh bucket create o3://om/fstest/bucket1
|
||||
|
@ -107,5 +108,5 @@ Run ozoneFS tests
|
|||
Execute ls -l GET.txt
|
||||
${rc} ${result} = Run And Return Rc And Output ozone fs -ls o3fs://abcde.pqrs/
|
||||
Should Be Equal As Integers ${rc} 1
|
||||
Should contain ${result} VOLUME_NOT_FOUND
|
||||
Should contain ${result} Volume pqrs is not found
|
||||
|
||||
|
|
|
@ -151,6 +151,8 @@ if [ "$RUN_ALL" = true ]; then
|
|||
execute_tests ozone-hdfs "${TESTS[@]}"
|
||||
TESTS=("s3")
|
||||
execute_tests ozones3 "${TESTS[@]}"
|
||||
TESTS=("security")
|
||||
execute_tests ozonesecure "${TESTS[@]}"
|
||||
else
|
||||
execute_tests "$DOCKERENV" "${POSITIONAL[@]}"
|
||||
fi
|
||||
|
|
Loading…
Reference in New Issue