use of org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager in project ozone by apache.
the class TestOzoneContainerWithTLS method setup.
@Before
public void setup() throws Exception {
conf = new OzoneConfiguration();
String ozoneMetaPath = GenericTestUtils.getTempPath("ozoneMeta");
File ozoneMetaFile = new File(ozoneMetaPath);
conf.set(OZONE_METADATA_DIRS, ozoneMetaPath);
FileUtil.fullyDelete(ozoneMetaFile);
String keyDirName = conf.get(HDDS_KEY_DIR_NAME, HDDS_KEY_DIR_NAME_DEFAULT);
File ozoneKeyDir = new File(ozoneMetaFile, keyDirName);
ozoneKeyDir.mkdirs();
conf.setBoolean(OZONE_SECURITY_ENABLED_KEY, true);
conf.setBoolean(HddsConfigKeys.HDDS_GRPC_TLS_ENABLED, true);
conf.setBoolean(HddsConfigKeys.HDDS_GRPC_TLS_TEST_CERT, true);
long expiryTime = conf.getTimeDuration(HddsConfigKeys.HDDS_BLOCK_TOKEN_EXPIRY_TIME, HddsConfigKeys.HDDS_BLOCK_TOKEN_EXPIRY_TIME_DEFAULT, TimeUnit.MILLISECONDS);
caClient = new CertificateClientTestImpl(conf);
secretManager = new OzoneBlockTokenSecretManager(new SecurityConfig(conf), expiryTime, caClient.getCertificate().getSerialNumber().toString());
}
use of org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager in project ozone by apache.
the class TestOMKeyRequest method setup.
@Before
public void setup() throws Exception {
ozoneManager = Mockito.mock(OzoneManager.class);
omMetrics = OMMetrics.create();
OzoneConfiguration ozoneConfiguration = getOzoneConfiguration();
ozoneConfiguration.set(OMConfigKeys.OZONE_OM_DB_DIRS, folder.newFolder().getAbsolutePath());
ozoneConfiguration.set(OzoneConfigKeys.OZONE_METADATA_DIRS, folder.newFolder().getAbsolutePath());
omMetadataManager = new OmMetadataManagerImpl(ozoneConfiguration);
when(ozoneManager.getMetrics()).thenReturn(omMetrics);
when(ozoneManager.getMetadataManager()).thenReturn(omMetadataManager);
when(ozoneManager.getConfiguration()).thenReturn(ozoneConfiguration);
OMLayoutVersionManager lvm = mock(OMLayoutVersionManager.class);
when(lvm.getMetadataLayoutVersion()).thenReturn(0);
when(ozoneManager.getVersionManager()).thenReturn(lvm);
when(ozoneManager.isRatisEnabled()).thenReturn(true);
auditLogger = Mockito.mock(AuditLogger.class);
when(ozoneManager.getAuditLogger()).thenReturn(auditLogger);
when(ozoneManager.isAdmin(any(String.class))).thenReturn(true);
when(ozoneManager.isAdmin(any(UserGroupInformation.class))).thenReturn(true);
Mockito.doNothing().when(auditLogger).logWrite(any(AuditMessage.class));
scmClient = Mockito.mock(ScmClient.class);
ozoneBlockTokenSecretManager = Mockito.mock(OzoneBlockTokenSecretManager.class);
scmBlockLocationProtocol = Mockito.mock(ScmBlockLocationProtocol.class);
keyManager = new KeyManagerImpl(ozoneManager, scmClient, ozoneConfiguration, "");
when(ozoneManager.getScmClient()).thenReturn(scmClient);
when(ozoneManager.getBlockTokenSecretManager()).thenReturn(ozoneBlockTokenSecretManager);
when(ozoneManager.getScmBlockSize()).thenReturn(scmBlockSize);
when(ozoneManager.getPreallocateBlocksMax()).thenReturn(2);
when(ozoneManager.isGrpcBlockTokenEnabled()).thenReturn(false);
when(ozoneManager.getOMNodeId()).thenReturn(UUID.randomUUID().toString());
when(scmClient.getBlockClient()).thenReturn(scmBlockLocationProtocol);
when(ozoneManager.getKeyManager()).thenReturn(keyManager);
prepareState = new OzoneManagerPrepareState(ozoneConfiguration);
when(ozoneManager.getPrepareState()).thenReturn(prepareState);
Pipeline pipeline = Pipeline.newBuilder().setState(Pipeline.PipelineState.OPEN).setId(PipelineID.randomId()).setReplicationConfig(StandaloneReplicationConfig.getInstance(ReplicationFactor.ONE)).setNodes(new ArrayList<>()).build();
AllocatedBlock allocatedBlock = new AllocatedBlock.Builder().setContainerBlockID(new ContainerBlockID(CONTAINER_ID, LOCAL_ID)).setPipeline(pipeline).build();
List<AllocatedBlock> allocatedBlocks = new ArrayList<>();
allocatedBlocks.add(allocatedBlock);
when(scmBlockLocationProtocol.allocateBlock(anyLong(), anyInt(), any(), anyString(), any())).thenReturn(allocatedBlocks);
volumeName = UUID.randomUUID().toString();
bucketName = UUID.randomUUID().toString();
keyName = UUID.randomUUID().toString();
replicationFactor = HddsProtos.ReplicationFactor.ONE;
replicationType = HddsProtos.ReplicationType.RATIS;
clientID = Time.now();
dataSize = 1000L;
random = new Random();
version = 0L;
Pair<String, String> volumeAndBucket = Pair.of(volumeName, bucketName);
when(ozoneManager.resolveBucketLink(any(KeyArgs.class), any(OMClientRequest.class))).thenReturn(new ResolvedBucket(volumeAndBucket, volumeAndBucket));
when(ozoneManager.resolveBucketLink(any(Pair.class), any(OMClientRequest.class))).thenReturn(new ResolvedBucket(volumeAndBucket, volumeAndBucket));
}
use of org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager in project ozone by apache.
the class TestSecureOzoneRpcClient method init.
/**
* Create a MiniOzoneCluster for testing.
* <p>
* Ozone is made active by setting OZONE_ENABLED = true
*
* @throws IOException
*/
@BeforeClass
public static void init() throws Exception {
testDir = GenericTestUtils.getTestDir(TestSecureOzoneRpcClient.class.getSimpleName());
OzoneManager.setTestSecureOmFlag(true);
conf = new OzoneConfiguration();
conf.set(HddsConfigKeys.OZONE_METADATA_DIRS, testDir.getAbsolutePath());
conf.setInt(ScmConfigKeys.OZONE_SCM_PIPELINE_OWNER_CONTAINER_COUNT, 1);
conf.setBoolean(HddsConfigKeys.HDDS_BLOCK_TOKEN_ENABLED, true);
conf.set(OZONE_METADATA_DIRS, testDir.getAbsolutePath());
conf.setBoolean(OzoneConfigKeys.OZONE_ACL_ENABLED, true);
conf.set(OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS, OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS_NATIVE);
CertificateClientTestImpl certificateClientTest = new CertificateClientTestImpl(conf);
cluster = MiniOzoneCluster.newBuilder(conf).setNumDatanodes(10).setScmId(SCM_ID).setClusterId(CLUSTER_ID).setCertificateClient(certificateClientTest).build();
secretManager = new OzoneBlockTokenSecretManager(new SecurityConfig(conf), 60 * 60, certificateClientTest.getCertificate().getSerialNumber().toString());
secretManager.start(certificateClientTest);
cluster.getOzoneManager().startSecretManager();
cluster.waitForClusterToBeReady();
ozClient = OzoneClientFactory.getRpcClient(conf);
store = ozClient.getObjectStore();
storageContainerLocationClient = cluster.getStorageContainerLocationClient();
ozoneManager = cluster.getOzoneManager();
TestOzoneRpcClient.setCluster(cluster);
TestOzoneRpcClient.setOzClient(ozClient);
TestOzoneRpcClient.setOzoneManager(ozoneManager);
TestOzoneRpcClient.setStorageContainerLocationClient(storageContainerLocationClient);
TestOzoneRpcClient.setStore(store);
TestOzoneRpcClient.setClusterId(CLUSTER_ID);
}
use of org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager in project ozone by apache.
the class TestSecureContainerServer method setup.
@BeforeClass
public static void setup() throws Exception {
DefaultMetricsSystem.setMiniClusterMode(true);
ExitUtils.disableSystemExit();
CONF.set(HddsConfigKeys.HDDS_METADATA_DIR_NAME, TEST_DIR);
CONF.setBoolean(OZONE_SECURITY_ENABLED_KEY, true);
CONF.setBoolean(HDDS_BLOCK_TOKEN_ENABLED, true);
caClient = new CertificateClientTestImpl(CONF);
String certSerialId = caClient.getCertificate().getSerialNumber().toString();
SecurityConfig secConf = new SecurityConfig(CONF);
long tokenLifetime = TimeUnit.HOURS.toMillis(1);
blockTokenSecretManager = new OzoneBlockTokenSecretManager(secConf, tokenLifetime, certSerialId);
blockTokenSecretManager.start(caClient);
containerTokenSecretManager = new ContainerTokenSecretManager(secConf, tokenLifetime, certSerialId);
containerTokenSecretManager.start(caClient);
}
Aggregations