Search in sources :

Example 1 with OzoneBlockTokenSecretManager

use of org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager in project ozone by apache.

the class TestOzoneContainerWithTLS method setup.

@Before
public void setup() throws Exception {
    conf = new OzoneConfiguration();
    String ozoneMetaPath = GenericTestUtils.getTempPath("ozoneMeta");
    File ozoneMetaFile = new File(ozoneMetaPath);
    conf.set(OZONE_METADATA_DIRS, ozoneMetaPath);
    FileUtil.fullyDelete(ozoneMetaFile);
    String keyDirName = conf.get(HDDS_KEY_DIR_NAME, HDDS_KEY_DIR_NAME_DEFAULT);
    File ozoneKeyDir = new File(ozoneMetaFile, keyDirName);
    ozoneKeyDir.mkdirs();
    conf.setBoolean(OZONE_SECURITY_ENABLED_KEY, true);
    conf.setBoolean(HddsConfigKeys.HDDS_GRPC_TLS_ENABLED, true);
    conf.setBoolean(HddsConfigKeys.HDDS_GRPC_TLS_TEST_CERT, true);
    long expiryTime = conf.getTimeDuration(HddsConfigKeys.HDDS_BLOCK_TOKEN_EXPIRY_TIME, HddsConfigKeys.HDDS_BLOCK_TOKEN_EXPIRY_TIME_DEFAULT, TimeUnit.MILLISECONDS);
    caClient = new CertificateClientTestImpl(conf);
    secretManager = new OzoneBlockTokenSecretManager(new SecurityConfig(conf), expiryTime, caClient.getCertificate().getSerialNumber().toString());
}
Also used : CertificateClientTestImpl(org.apache.hadoop.ozone.client.CertificateClientTestImpl) SecurityConfig(org.apache.hadoop.hdds.security.x509.SecurityConfig) OzoneConfiguration(org.apache.hadoop.hdds.conf.OzoneConfiguration) File(java.io.File) OzoneBlockTokenSecretManager(org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager) Before(org.junit.Before)

Example 2 with OzoneBlockTokenSecretManager

use of org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager in project ozone by apache.

the class TestOMKeyRequest method setup.

@Before
public void setup() throws Exception {
    ozoneManager = Mockito.mock(OzoneManager.class);
    omMetrics = OMMetrics.create();
    OzoneConfiguration ozoneConfiguration = getOzoneConfiguration();
    ozoneConfiguration.set(OMConfigKeys.OZONE_OM_DB_DIRS, folder.newFolder().getAbsolutePath());
    ozoneConfiguration.set(OzoneConfigKeys.OZONE_METADATA_DIRS, folder.newFolder().getAbsolutePath());
    omMetadataManager = new OmMetadataManagerImpl(ozoneConfiguration);
    when(ozoneManager.getMetrics()).thenReturn(omMetrics);
    when(ozoneManager.getMetadataManager()).thenReturn(omMetadataManager);
    when(ozoneManager.getConfiguration()).thenReturn(ozoneConfiguration);
    OMLayoutVersionManager lvm = mock(OMLayoutVersionManager.class);
    when(lvm.getMetadataLayoutVersion()).thenReturn(0);
    when(ozoneManager.getVersionManager()).thenReturn(lvm);
    when(ozoneManager.isRatisEnabled()).thenReturn(true);
    auditLogger = Mockito.mock(AuditLogger.class);
    when(ozoneManager.getAuditLogger()).thenReturn(auditLogger);
    when(ozoneManager.isAdmin(any(String.class))).thenReturn(true);
    when(ozoneManager.isAdmin(any(UserGroupInformation.class))).thenReturn(true);
    Mockito.doNothing().when(auditLogger).logWrite(any(AuditMessage.class));
    scmClient = Mockito.mock(ScmClient.class);
    ozoneBlockTokenSecretManager = Mockito.mock(OzoneBlockTokenSecretManager.class);
    scmBlockLocationProtocol = Mockito.mock(ScmBlockLocationProtocol.class);
    keyManager = new KeyManagerImpl(ozoneManager, scmClient, ozoneConfiguration, "");
    when(ozoneManager.getScmClient()).thenReturn(scmClient);
    when(ozoneManager.getBlockTokenSecretManager()).thenReturn(ozoneBlockTokenSecretManager);
    when(ozoneManager.getScmBlockSize()).thenReturn(scmBlockSize);
    when(ozoneManager.getPreallocateBlocksMax()).thenReturn(2);
    when(ozoneManager.isGrpcBlockTokenEnabled()).thenReturn(false);
    when(ozoneManager.getOMNodeId()).thenReturn(UUID.randomUUID().toString());
    when(scmClient.getBlockClient()).thenReturn(scmBlockLocationProtocol);
    when(ozoneManager.getKeyManager()).thenReturn(keyManager);
    prepareState = new OzoneManagerPrepareState(ozoneConfiguration);
    when(ozoneManager.getPrepareState()).thenReturn(prepareState);
    Pipeline pipeline = Pipeline.newBuilder().setState(Pipeline.PipelineState.OPEN).setId(PipelineID.randomId()).setReplicationConfig(StandaloneReplicationConfig.getInstance(ReplicationFactor.ONE)).setNodes(new ArrayList<>()).build();
    AllocatedBlock allocatedBlock = new AllocatedBlock.Builder().setContainerBlockID(new ContainerBlockID(CONTAINER_ID, LOCAL_ID)).setPipeline(pipeline).build();
    List<AllocatedBlock> allocatedBlocks = new ArrayList<>();
    allocatedBlocks.add(allocatedBlock);
    when(scmBlockLocationProtocol.allocateBlock(anyLong(), anyInt(), any(), anyString(), any())).thenReturn(allocatedBlocks);
    volumeName = UUID.randomUUID().toString();
    bucketName = UUID.randomUUID().toString();
    keyName = UUID.randomUUID().toString();
    replicationFactor = HddsProtos.ReplicationFactor.ONE;
    replicationType = HddsProtos.ReplicationType.RATIS;
    clientID = Time.now();
    dataSize = 1000L;
    random = new Random();
    version = 0L;
    Pair<String, String> volumeAndBucket = Pair.of(volumeName, bucketName);
    when(ozoneManager.resolveBucketLink(any(KeyArgs.class), any(OMClientRequest.class))).thenReturn(new ResolvedBucket(volumeAndBucket, volumeAndBucket));
    when(ozoneManager.resolveBucketLink(any(Pair.class), any(OMClientRequest.class))).thenReturn(new ResolvedBucket(volumeAndBucket, volumeAndBucket));
}
Also used : AuditMessage(org.apache.hadoop.ozone.audit.AuditMessage) ArrayList(java.util.ArrayList) OzoneManagerPrepareState(org.apache.hadoop.ozone.om.OzoneManagerPrepareState) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) OMLayoutVersionManager(org.apache.hadoop.ozone.om.upgrade.OMLayoutVersionManager) Random(java.util.Random) OzoneManager(org.apache.hadoop.ozone.om.OzoneManager) ContainerBlockID(org.apache.hadoop.hdds.client.ContainerBlockID) ResolvedBucket(org.apache.hadoop.ozone.om.ResolvedBucket) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) Pair(org.apache.commons.lang3.tuple.Pair) OMClientRequest(org.apache.hadoop.ozone.om.request.OMClientRequest) AuditLogger(org.apache.hadoop.ozone.audit.AuditLogger) OzoneConfiguration(org.apache.hadoop.hdds.conf.OzoneConfiguration) KeyArgs(org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.KeyArgs) ScmClient(org.apache.hadoop.ozone.om.ScmClient) Pipeline(org.apache.hadoop.hdds.scm.pipeline.Pipeline) OmMetadataManagerImpl(org.apache.hadoop.ozone.om.OmMetadataManagerImpl) KeyManagerImpl(org.apache.hadoop.ozone.om.KeyManagerImpl) ScmBlockLocationProtocol(org.apache.hadoop.hdds.scm.protocol.ScmBlockLocationProtocol) AllocatedBlock(org.apache.hadoop.hdds.scm.container.common.helpers.AllocatedBlock) OzoneBlockTokenSecretManager(org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager) Before(org.junit.Before)

Example 3 with OzoneBlockTokenSecretManager

use of org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager in project ozone by apache.

the class TestSecureOzoneRpcClient method init.

/**
 * Create a MiniOzoneCluster for testing.
 * <p>
 * Ozone is made active by setting OZONE_ENABLED = true
 *
 * @throws IOException
 */
@BeforeClass
public static void init() throws Exception {
    testDir = GenericTestUtils.getTestDir(TestSecureOzoneRpcClient.class.getSimpleName());
    OzoneManager.setTestSecureOmFlag(true);
    conf = new OzoneConfiguration();
    conf.set(HddsConfigKeys.OZONE_METADATA_DIRS, testDir.getAbsolutePath());
    conf.setInt(ScmConfigKeys.OZONE_SCM_PIPELINE_OWNER_CONTAINER_COUNT, 1);
    conf.setBoolean(HddsConfigKeys.HDDS_BLOCK_TOKEN_ENABLED, true);
    conf.set(OZONE_METADATA_DIRS, testDir.getAbsolutePath());
    conf.setBoolean(OzoneConfigKeys.OZONE_ACL_ENABLED, true);
    conf.set(OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS, OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS_NATIVE);
    CertificateClientTestImpl certificateClientTest = new CertificateClientTestImpl(conf);
    cluster = MiniOzoneCluster.newBuilder(conf).setNumDatanodes(10).setScmId(SCM_ID).setClusterId(CLUSTER_ID).setCertificateClient(certificateClientTest).build();
    secretManager = new OzoneBlockTokenSecretManager(new SecurityConfig(conf), 60 * 60, certificateClientTest.getCertificate().getSerialNumber().toString());
    secretManager.start(certificateClientTest);
    cluster.getOzoneManager().startSecretManager();
    cluster.waitForClusterToBeReady();
    ozClient = OzoneClientFactory.getRpcClient(conf);
    store = ozClient.getObjectStore();
    storageContainerLocationClient = cluster.getStorageContainerLocationClient();
    ozoneManager = cluster.getOzoneManager();
    TestOzoneRpcClient.setCluster(cluster);
    TestOzoneRpcClient.setOzClient(ozClient);
    TestOzoneRpcClient.setOzoneManager(ozoneManager);
    TestOzoneRpcClient.setStorageContainerLocationClient(storageContainerLocationClient);
    TestOzoneRpcClient.setStore(store);
    TestOzoneRpcClient.setClusterId(CLUSTER_ID);
}
Also used : CertificateClientTestImpl(org.apache.hadoop.ozone.client.CertificateClientTestImpl) SecurityConfig(org.apache.hadoop.hdds.security.x509.SecurityConfig) OzoneConfiguration(org.apache.hadoop.hdds.conf.OzoneConfiguration) OzoneBlockTokenSecretManager(org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager) BeforeClass(org.junit.BeforeClass)

Example 4 with OzoneBlockTokenSecretManager

use of org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager in project ozone by apache.

the class TestSecureContainerServer method setup.

@BeforeClass
public static void setup() throws Exception {
    DefaultMetricsSystem.setMiniClusterMode(true);
    ExitUtils.disableSystemExit();
    CONF.set(HddsConfigKeys.HDDS_METADATA_DIR_NAME, TEST_DIR);
    CONF.setBoolean(OZONE_SECURITY_ENABLED_KEY, true);
    CONF.setBoolean(HDDS_BLOCK_TOKEN_ENABLED, true);
    caClient = new CertificateClientTestImpl(CONF);
    String certSerialId = caClient.getCertificate().getSerialNumber().toString();
    SecurityConfig secConf = new SecurityConfig(CONF);
    long tokenLifetime = TimeUnit.HOURS.toMillis(1);
    blockTokenSecretManager = new OzoneBlockTokenSecretManager(secConf, tokenLifetime, certSerialId);
    blockTokenSecretManager.start(caClient);
    containerTokenSecretManager = new ContainerTokenSecretManager(secConf, tokenLifetime, certSerialId);
    containerTokenSecretManager.start(caClient);
}
Also used : CertificateClientTestImpl(org.apache.hadoop.ozone.client.CertificateClientTestImpl) SecurityConfig(org.apache.hadoop.hdds.security.x509.SecurityConfig) OzoneBlockTokenSecretManager(org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager) ContainerTokenSecretManager(org.apache.hadoop.hdds.security.token.ContainerTokenSecretManager) BeforeClass(org.junit.BeforeClass)

Aggregations

OzoneBlockTokenSecretManager (org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager)4 OzoneConfiguration (org.apache.hadoop.hdds.conf.OzoneConfiguration)3 SecurityConfig (org.apache.hadoop.hdds.security.x509.SecurityConfig)3 CertificateClientTestImpl (org.apache.hadoop.ozone.client.CertificateClientTestImpl)3 Before (org.junit.Before)2 BeforeClass (org.junit.BeforeClass)2 File (java.io.File)1 ArrayList (java.util.ArrayList)1 Random (java.util.Random)1 Pair (org.apache.commons.lang3.tuple.Pair)1 ContainerBlockID (org.apache.hadoop.hdds.client.ContainerBlockID)1 AllocatedBlock (org.apache.hadoop.hdds.scm.container.common.helpers.AllocatedBlock)1 Pipeline (org.apache.hadoop.hdds.scm.pipeline.Pipeline)1 ScmBlockLocationProtocol (org.apache.hadoop.hdds.scm.protocol.ScmBlockLocationProtocol)1 ContainerTokenSecretManager (org.apache.hadoop.hdds.security.token.ContainerTokenSecretManager)1 AuditLogger (org.apache.hadoop.ozone.audit.AuditLogger)1 AuditMessage (org.apache.hadoop.ozone.audit.AuditMessage)1 KeyManagerImpl (org.apache.hadoop.ozone.om.KeyManagerImpl)1 OmMetadataManagerImpl (org.apache.hadoop.ozone.om.OmMetadataManagerImpl)1 OzoneManager (org.apache.hadoop.ozone.om.OzoneManager)1