HDDS-596. Add robot test for OM Block Token. Contributed by Ajay Kumar.
This closes (#581)
This commit is contained in:
parent
4ad295a4f1
commit
599e926d46
@ -224,12 +224,16 @@ public Future<X509CertificateHolder> requestCertificate(
|
|||||||
break;
|
break;
|
||||||
case KERBEROS_TRUSTED:
|
case KERBEROS_TRUSTED:
|
||||||
case TESTING_AUTOMATIC:
|
case TESTING_AUTOMATIC:
|
||||||
X509CertificateHolder xcert = approver.sign(config,
|
X509CertificateHolder xcert;
|
||||||
getCAKeys().getPrivate(),
|
try {
|
||||||
getCACertificate(), java.sql.Date.valueOf(beginDate),
|
xcert = signAndStoreCertificate(beginDate, endDate, csr);
|
||||||
java.sql.Date.valueOf(endDate), csr, scmID, clusterID);
|
} catch (SCMSecurityException e) {
|
||||||
store.storeValidCertificate(xcert.getSerialNumber(),
|
// Certificate with conflicting serial id, retry again may resolve
|
||||||
CertificateCodec.getX509Certificate(xcert));
|
// this issue.
|
||||||
|
LOG.error("Certificate storage failed, retrying one more time.", e);
|
||||||
|
xcert = signAndStoreCertificate(beginDate, endDate, csr);
|
||||||
|
}
|
||||||
|
|
||||||
xcertHolder.complete(xcert);
|
xcertHolder.complete(xcert);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
@ -242,6 +246,18 @@ public Future<X509CertificateHolder> requestCertificate(
|
|||||||
return xcertHolder;
|
return xcertHolder;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private X509CertificateHolder signAndStoreCertificate(LocalDate beginDate, LocalDate endDate,
|
||||||
|
PKCS10CertificationRequest csr) throws IOException,
|
||||||
|
OperatorCreationException, CertificateException {
|
||||||
|
X509CertificateHolder xcert = approver.sign(config,
|
||||||
|
getCAKeys().getPrivate(),
|
||||||
|
getCACertificate(), java.sql.Date.valueOf(beginDate),
|
||||||
|
java.sql.Date.valueOf(endDate), csr, scmID, clusterID);
|
||||||
|
store.storeValidCertificate(xcert.getSerialNumber(),
|
||||||
|
CertificateCodec.getX509Certificate(xcert));
|
||||||
|
return xcert;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Future<X509CertificateHolder> requestCertificate(String csr,
|
public Future<X509CertificateHolder> requestCertificate(String csr,
|
||||||
CertificateApprover.ApprovalType type) throws IOException {
|
CertificateApprover.ApprovalType type) throws IOException {
|
||||||
|
@ -38,7 +38,6 @@ services:
|
|||||||
image: apache/hadoop-runner
|
image: apache/hadoop-runner
|
||||||
volumes:
|
volumes:
|
||||||
- ../..:/opt/hadoop
|
- ../..:/opt/hadoop
|
||||||
hostname: datanode
|
|
||||||
ports:
|
ports:
|
||||||
- 9864
|
- 9864
|
||||||
command: ["/opt/hadoop/bin/ozone","datanode"]
|
command: ["/opt/hadoop/bin/ozone","datanode"]
|
||||||
|
@ -23,6 +23,7 @@ OZONE-SITE.XML_ozone.scm.block.client.address=scm
|
|||||||
OZONE-SITE.XML_ozone.metadata.dirs=/data/metadata
|
OZONE-SITE.XML_ozone.metadata.dirs=/data/metadata
|
||||||
OZONE-SITE.XML_ozone.handler.type=distributed
|
OZONE-SITE.XML_ozone.handler.type=distributed
|
||||||
OZONE-SITE.XML_ozone.scm.client.address=scm
|
OZONE-SITE.XML_ozone.scm.client.address=scm
|
||||||
|
OZONE-SITE.XML_hdds.block.token.enabled=true
|
||||||
OZONE-SITE.XML_ozone.replication=1
|
OZONE-SITE.XML_ozone.replication=1
|
||||||
OZONE-SITE.XML_hdds.scm.kerberos.principal=scm/scm@EXAMPLE.COM
|
OZONE-SITE.XML_hdds.scm.kerberos.principal=scm/scm@EXAMPLE.COM
|
||||||
OZONE-SITE.XML_hdds.scm.kerberos.keytab.file=/etc/security/keytabs/scm.keytab
|
OZONE-SITE.XML_hdds.scm.kerberos.keytab.file=/etc/security/keytabs/scm.keytab
|
||||||
|
@ -23,7 +23,8 @@ Create volume and bucket
|
|||||||
${rc} ${output} = Run And Return Rc And Output ozone sh volume create o3://om/fstest --user bilbo --quota 100TB --root
|
${rc} ${output} = Run And Return Rc And Output ozone sh volume create o3://om/fstest --user bilbo --quota 100TB --root
|
||||||
Should contain ${output} Client cannot authenticate via
|
Should contain ${output} Client cannot authenticate via
|
||||||
# Authenticate testuser
|
# Authenticate testuser
|
||||||
Execute kinit -k testuser/datanode@EXAMPLE.COM -t /etc/security/keytabs/testuser.keytab
|
${hostname}= Execute hostname
|
||||||
|
Execute kinit -k testuser/${hostname}@EXAMPLE.COM -t /etc/security/keytabs/testuser.keytab
|
||||||
Execute ozone sh volume create o3://om/fstest --user bilbo --quota 100TB --root
|
Execute ozone sh volume create o3://om/fstest --user bilbo --quota 100TB --root
|
||||||
Execute ozone sh volume create o3://om/fstest2 --user bilbo --quota 100TB --root
|
Execute ozone sh volume create o3://om/fstest2 --user bilbo --quota 100TB --root
|
||||||
Execute ozone sh bucket create o3://om/fstest/bucket1
|
Execute ozone sh bucket create o3://om/fstest/bucket1
|
||||||
@ -107,5 +108,5 @@ Run ozoneFS tests
|
|||||||
Execute ls -l GET.txt
|
Execute ls -l GET.txt
|
||||||
${rc} ${result} = Run And Return Rc And Output ozone fs -ls o3fs://abcde.pqrs/
|
${rc} ${result} = Run And Return Rc And Output ozone fs -ls o3fs://abcde.pqrs/
|
||||||
Should Be Equal As Integers ${rc} 1
|
Should Be Equal As Integers ${rc} 1
|
||||||
Should contain ${result} VOLUME_NOT_FOUND
|
Should contain ${result} Volume pqrs is not found
|
||||||
|
|
||||||
|
2
hadoop-ozone/dist/src/main/smoketest/test.sh
vendored
2
hadoop-ozone/dist/src/main/smoketest/test.sh
vendored
@ -151,6 +151,8 @@ if [ "$RUN_ALL" = true ]; then
|
|||||||
execute_tests ozone-hdfs "${TESTS[@]}"
|
execute_tests ozone-hdfs "${TESTS[@]}"
|
||||||
TESTS=("s3")
|
TESTS=("s3")
|
||||||
execute_tests ozones3 "${TESTS[@]}"
|
execute_tests ozones3 "${TESTS[@]}"
|
||||||
|
TESTS=("security")
|
||||||
|
execute_tests ozonesecure "${TESTS[@]}"
|
||||||
else
|
else
|
||||||
execute_tests "$DOCKERENV" "${POSITIONAL[@]}"
|
execute_tests "$DOCKERENV" "${POSITIONAL[@]}"
|
||||||
fi
|
fi
|
||||||
|
Loading…
Reference in New Issue
Block a user