Example 1 with OzoneBlockTokenSecretManager
use of org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager in project ozone by apache.
the class TestOzoneContainerWithTLS method setup.
@Before
public void setup() throws Exception {
conf = new OzoneConfiguration();
String ozoneMetaPath = GenericTestUtils.getTempPath("ozoneMeta");
File ozoneMetaFile = new File(ozoneMetaPath);
conf.set(OZONE_METADATA_DIRS, ozoneMetaPath);
FileUtil.fullyDelete(ozoneMetaFile);
String keyDirName = conf.get(HDDS_KEY_DIR_NAME, HDDS_KEY_DIR_NAME_DEFAULT);
File ozoneKeyDir = new File(ozoneMetaFile, keyDirName);
ozoneKeyDir.mkdirs();
conf.setBoolean(OZONE_SECURITY_ENABLED_KEY, true);
conf.setBoolean(HddsConfigKeys.HDDS_GRPC_TLS_ENABLED, true);
conf.setBoolean(HddsConfigKeys.HDDS_GRPC_TLS_TEST_CERT, true);
long expiryTime = conf.getTimeDuration(HddsConfigKeys.HDDS_BLOCK_TOKEN_EXPIRY_TIME, HddsConfigKeys.HDDS_BLOCK_TOKEN_EXPIRY_TIME_DEFAULT, TimeUnit.MILLISECONDS);
caClient = new CertificateClientTestImpl(conf);
secretManager = new OzoneBlockTokenSecretManager(new SecurityConfig(conf), expiryTime, caClient.getCertificate().getSerialNumber().toString());
}
Also used :
CertificateClientTestImpl(org.apache.hadoop.ozone.client.CertificateClientTestImpl)
SecurityConfig(org.apache.hadoop.hdds.security.x509.SecurityConfig)
OzoneConfiguration(org.apache.hadoop.hdds.conf.OzoneConfiguration)
File(java.io.File)
OzoneBlockTokenSecretManager(org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager)
Before(org.junit.Before)
Example 2 with OzoneBlockTokenSecretManager
use of org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager in project ozone by apache.
the class TestOMKeyRequest method setup.
@Before
public void setup() throws Exception {
ozoneManager = Mockito.mock(OzoneManager.class);
omMetrics = OMMetrics.create();
OzoneConfiguration ozoneConfiguration = getOzoneConfiguration();
ozoneConfiguration.set(OMConfigKeys.OZONE_OM_DB_DIRS, folder.newFolder().getAbsolutePath());
ozoneConfiguration.set(OzoneConfigKeys.OZONE_METADATA_DIRS, folder.newFolder().getAbsolutePath());
omMetadataManager = new OmMetadataManagerImpl(ozoneConfiguration);
when(ozoneManager.getMetrics()).thenReturn(omMetrics);
when(ozoneManager.getMetadataManager()).thenReturn(omMetadataManager);
when(ozoneManager.getConfiguration()).thenReturn(ozoneConfiguration);
OMLayoutVersionManager lvm = mock(OMLayoutVersionManager.class);
when(lvm.getMetadataLayoutVersion()).thenReturn(0);
when(ozoneManager.getVersionManager()).thenReturn(lvm);
when(ozoneManager.isRatisEnabled()).thenReturn(true);
auditLogger = Mockito.mock(AuditLogger.class);
when(ozoneManager.getAuditLogger()).thenReturn(auditLogger);
when(ozoneManager.isAdmin(any(String.class))).thenReturn(true);
when(ozoneManager.isAdmin(any(UserGroupInformation.class))).thenReturn(true);
Mockito.doNothing().when(auditLogger).logWrite(any(AuditMessage.class));
scmClient = Mockito.mock(ScmClient.class);
ozoneBlockTokenSecretManager = Mockito.mock(OzoneBlockTokenSecretManager.class);
scmBlockLocationProtocol = Mockito.mock(ScmBlockLocationProtocol.class);
keyManager = new KeyManagerImpl(ozoneManager, scmClient, ozoneConfiguration, "");
when(ozoneManager.getScmClient()).thenReturn(scmClient);
when(ozoneManager.getBlockTokenSecretManager()).thenReturn(ozoneBlockTokenSecretManager);
when(ozoneManager.getScmBlockSize()).thenReturn(scmBlockSize);
when(ozoneManager.getPreallocateBlocksMax()).thenReturn(2);
when(ozoneManager.isGrpcBlockTokenEnabled()).thenReturn(false);
when(ozoneManager.getOMNodeId()).thenReturn(UUID.randomUUID().toString());
when(scmClient.getBlockClient()).thenReturn(scmBlockLocationProtocol);
when(ozoneManager.getKeyManager()).thenReturn(keyManager);
prepareState = new OzoneManagerPrepareState(ozoneConfiguration);
when(ozoneManager.getPrepareState()).thenReturn(prepareState);
Pipeline pipeline = Pipeline.newBuilder().setState(Pipeline.PipelineState.OPEN).setId(PipelineID.randomId()).setReplicationConfig(StandaloneReplicationConfig.getInstance(ReplicationFactor.ONE)).setNodes(new ArrayList<>()).build();
AllocatedBlock allocatedBlock = new AllocatedBlock.Builder().setContainerBlockID(new ContainerBlockID(CONTAINER_ID, LOCAL_ID)).setPipeline(pipeline).build();
List<AllocatedBlock> allocatedBlocks = new ArrayList<>();
allocatedBlocks.add(allocatedBlock);
when(scmBlockLocationProtocol.allocateBlock(anyLong(), anyInt(), any(), anyString(), any())).thenReturn(allocatedBlocks);
volumeName = UUID.randomUUID().toString();
bucketName = UUID.randomUUID().toString();
keyName = UUID.randomUUID().toString();
replicationFactor = HddsProtos.ReplicationFactor.ONE;
replicationType = HddsProtos.ReplicationType.RATIS;
clientID = Time.now();
dataSize = 1000L;
random = new Random();
version = 0L;
Pair<String, String> volumeAndBucket = Pair.of(volumeName, bucketName);
when(ozoneManager.resolveBucketLink(any(KeyArgs.class), any(OMClientRequest.class))).thenReturn(new ResolvedBucket(volumeAndBucket, volumeAndBucket));
when(ozoneManager.resolveBucketLink(any(Pair.class), any(OMClientRequest.class))).thenReturn(new ResolvedBucket(volumeAndBucket, volumeAndBucket));
}
Also used :
AuditMessage(org.apache.hadoop.ozone.audit.AuditMessage)
ArrayList(java.util.ArrayList)
OzoneManagerPrepareState(org.apache.hadoop.ozone.om.OzoneManagerPrepareState)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
OMLayoutVersionManager(org.apache.hadoop.ozone.om.upgrade.OMLayoutVersionManager)
Random(java.util.Random)
OzoneManager(org.apache.hadoop.ozone.om.OzoneManager)
ContainerBlockID(org.apache.hadoop.hdds.client.ContainerBlockID)
ResolvedBucket(org.apache.hadoop.ozone.om.ResolvedBucket)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Pair(org.apache.commons.lang3.tuple.Pair)
OMClientRequest(org.apache.hadoop.ozone.om.request.OMClientRequest)
AuditLogger(org.apache.hadoop.ozone.audit.AuditLogger)
OzoneConfiguration(org.apache.hadoop.hdds.conf.OzoneConfiguration)
KeyArgs(org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.KeyArgs)
ScmClient(org.apache.hadoop.ozone.om.ScmClient)
Pipeline(org.apache.hadoop.hdds.scm.pipeline.Pipeline)
OmMetadataManagerImpl(org.apache.hadoop.ozone.om.OmMetadataManagerImpl)
KeyManagerImpl(org.apache.hadoop.ozone.om.KeyManagerImpl)
ScmBlockLocationProtocol(org.apache.hadoop.hdds.scm.protocol.ScmBlockLocationProtocol)
AllocatedBlock(org.apache.hadoop.hdds.scm.container.common.helpers.AllocatedBlock)
OzoneBlockTokenSecretManager(org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager)
Before(org.junit.Before)
Example 3 with OzoneBlockTokenSecretManager
use of org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager in project ozone by apache.
the class TestSecureOzoneRpcClient method init.
/**
* Create a MiniOzoneCluster for testing.
* <p>
* Ozone is made active by setting OZONE_ENABLED = true
*
* @throws IOException
*/
@BeforeClass
public static void init() throws Exception {
testDir = GenericTestUtils.getTestDir(TestSecureOzoneRpcClient.class.getSimpleName());
OzoneManager.setTestSecureOmFlag(true);
conf = new OzoneConfiguration();
conf.set(HddsConfigKeys.OZONE_METADATA_DIRS, testDir.getAbsolutePath());
conf.setInt(ScmConfigKeys.OZONE_SCM_PIPELINE_OWNER_CONTAINER_COUNT, 1);
conf.setBoolean(HddsConfigKeys.HDDS_BLOCK_TOKEN_ENABLED, true);
conf.set(OZONE_METADATA_DIRS, testDir.getAbsolutePath());
conf.setBoolean(OzoneConfigKeys.OZONE_ACL_ENABLED, true);
conf.set(OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS, OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS_NATIVE);
CertificateClientTestImpl certificateClientTest = new CertificateClientTestImpl(conf);
cluster = MiniOzoneCluster.newBuilder(conf).setNumDatanodes(10).setScmId(SCM_ID).setClusterId(CLUSTER_ID).setCertificateClient(certificateClientTest).build();
secretManager = new OzoneBlockTokenSecretManager(new SecurityConfig(conf), 60 * 60, certificateClientTest.getCertificate().getSerialNumber().toString());
secretManager.start(certificateClientTest);
cluster.getOzoneManager().startSecretManager();
cluster.waitForClusterToBeReady();
ozClient = OzoneClientFactory.getRpcClient(conf);
store = ozClient.getObjectStore();
storageContainerLocationClient = cluster.getStorageContainerLocationClient();
ozoneManager = cluster.getOzoneManager();
TestOzoneRpcClient.setCluster(cluster);
TestOzoneRpcClient.setOzClient(ozClient);
TestOzoneRpcClient.setOzoneManager(ozoneManager);
TestOzoneRpcClient.setStorageContainerLocationClient(storageContainerLocationClient);
TestOzoneRpcClient.setStore(store);
TestOzoneRpcClient.setClusterId(CLUSTER_ID);
}
Also used :
CertificateClientTestImpl(org.apache.hadoop.ozone.client.CertificateClientTestImpl)
SecurityConfig(org.apache.hadoop.hdds.security.x509.SecurityConfig)
OzoneConfiguration(org.apache.hadoop.hdds.conf.OzoneConfiguration)
OzoneBlockTokenSecretManager(org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager)
BeforeClass(org.junit.BeforeClass)
Example 4 with OzoneBlockTokenSecretManager
use of org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager in project ozone by apache.
the class TestSecureContainerServer method setup.
@BeforeClass
public static void setup() throws Exception {
DefaultMetricsSystem.setMiniClusterMode(true);
ExitUtils.disableSystemExit();
CONF.set(HddsConfigKeys.HDDS_METADATA_DIR_NAME, TEST_DIR);
CONF.setBoolean(OZONE_SECURITY_ENABLED_KEY, true);
CONF.setBoolean(HDDS_BLOCK_TOKEN_ENABLED, true);
caClient = new CertificateClientTestImpl(CONF);
String certSerialId = caClient.getCertificate().getSerialNumber().toString();
SecurityConfig secConf = new SecurityConfig(CONF);
long tokenLifetime = TimeUnit.HOURS.toMillis(1);
blockTokenSecretManager = new OzoneBlockTokenSecretManager(secConf, tokenLifetime, certSerialId);
blockTokenSecretManager.start(caClient);
containerTokenSecretManager = new ContainerTokenSecretManager(secConf, tokenLifetime, certSerialId);
containerTokenSecretManager.start(caClient);
}
Also used :
CertificateClientTestImpl(org.apache.hadoop.ozone.client.CertificateClientTestImpl)
SecurityConfig(org.apache.hadoop.hdds.security.x509.SecurityConfig)
OzoneBlockTokenSecretManager(org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager)
ContainerTokenSecretManager(org.apache.hadoop.hdds.security.token.ContainerTokenSecretManager)
BeforeClass(org.junit.BeforeClass)
Aggregations
OzoneBlockTokenSecretManager (org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager)4
OzoneConfiguration (org.apache.hadoop.hdds.conf.OzoneConfiguration)3
SecurityConfig (org.apache.hadoop.hdds.security.x509.SecurityConfig)3
CertificateClientTestImpl (org.apache.hadoop.ozone.client.CertificateClientTestImpl)3
Before (org.junit.Before)2
BeforeClass (org.junit.BeforeClass)2
File (java.io.File)1
ArrayList (java.util.ArrayList)1
Random (java.util.Random)1
Pair (org.apache.commons.lang3.tuple.Pair)1
ContainerBlockID (org.apache.hadoop.hdds.client.ContainerBlockID)1
AllocatedBlock (org.apache.hadoop.hdds.scm.container.common.helpers.AllocatedBlock)1
Pipeline (org.apache.hadoop.hdds.scm.pipeline.Pipeline)1
ScmBlockLocationProtocol (org.apache.hadoop.hdds.scm.protocol.ScmBlockLocationProtocol)1
ContainerTokenSecretManager (org.apache.hadoop.hdds.security.token.ContainerTokenSecretManager)1
AuditLogger (org.apache.hadoop.ozone.audit.AuditLogger)1
AuditMessage (org.apache.hadoop.ozone.audit.AuditMessage)1
KeyManagerImpl (org.apache.hadoop.ozone.om.KeyManagerImpl)1
OmMetadataManagerImpl (org.apache.hadoop.ozone.om.OmMetadataManagerImpl)1
OzoneManager (org.apache.hadoop.ozone.om.OzoneManager)1
