You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "mladjan-gadzic (via GitHub)" <gi...@apache.org> on 2023/02/22 20:02:53 UTC
[GitHub] [ozone] mladjan-gadzic opened a new pull request, #4301: HDDS-8014. Add native ACL integration tests for Snapshotting
mladjan-gadzic opened a new pull request, #4301:
URL: https://github.com/apache/ozone/pull/4301
## What changes were proposed in this pull request?
Added native ACL integration tests for Snapshotting.
## What is the link to the Apache JIRA
https://issues.apache.org/jira/browse/HDDS-8014
## How was this patch tested?
Integration tests.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] GeorgeJahad commented on pull request #4301: HDDS-8014. [Snapshot] Implement Native Acl Integration tests for Snapshotting
Posted by "GeorgeJahad (via GitHub)" <gi...@apache.org>.
GeorgeJahad commented on PR #4301:
URL: https://github.com/apache/ozone/pull/4301#issuecomment-1448636840
LGTM
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] GeorgeJahad commented on pull request #4301: HDDS-8014. [Snapshot] Implement Native Acl Integration tests for Snapshotting
Posted by "GeorgeJahad (via GitHub)" <gi...@apache.org>.
GeorgeJahad commented on PR #4301:
URL: https://github.com/apache/ozone/pull/4301#issuecomment-1456796437
+1
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] aswinshakil commented on pull request #4301: HDDS-8014. [Snapshot] Implement Native Acl Integration tests for Snapshotting
Posted by "aswinshakil (via GitHub)" <gi...@apache.org>.
aswinshakil commented on PR #4301:
URL: https://github.com/apache/ozone/pull/4301#issuecomment-1454326692
Thanks for the patch @mladjan-gadzic, The changes look good to me. One suggestion is to move all the helper methods down, right now it looks scattered.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] mladjan-gadzic commented on pull request #4301: HDDS-8014. [Snapshot] Implement Native Acl Integration tests for Snapshotting
Posted by "mladjan-gadzic (via GitHub)" <gi...@apache.org>.
mladjan-gadzic commented on PR #4301:
URL: https://github.com/apache/ozone/pull/4301#issuecomment-1458296498
Thank you @prashantpogde for the review
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] aswinshakil merged pull request #4301: HDDS-8014. [Snapshot] Implement Native Acl Integration tests for Snapshotting
Posted by "aswinshakil (via GitHub)" <gi...@apache.org>.
aswinshakil merged PR #4301:
URL: https://github.com/apache/ozone/pull/4301
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] GeorgeJahad commented on pull request #4301: HDDS-8014. Add native ACL integration tests for Snapshotting
Posted by "GeorgeJahad (via GitHub)" <gi...@apache.org>.
GeorgeJahad commented on PR #4301:
URL: https://github.com/apache/ozone/pull/4301#issuecomment-1442711710
After fixing the minor nits above, this looks good to me.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] GeorgeJahad commented on a diff in pull request #4301: HDDS-8014. Add native ACL integration tests for Snapshotting
Posted by "GeorgeJahad (via GitHub)" <gi...@apache.org>.
GeorgeJahad commented on code in PR #4301:
URL: https://github.com/apache/ozone/pull/4301#discussion_r1116425367
##########
hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/snapshot/TestOzoneManagerSnapshotAcl.java:
##########
@@ -0,0 +1,538 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.hadoop.ozone.om.snapshot;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.UUID;
+import java.util.concurrent.TimeoutException;
+import java.util.stream.Stream;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.hadoop.hdds.conf.OzoneConfiguration;
+import org.apache.hadoop.hdds.scm.HddsWhiteboxTestUtils;
+import org.apache.hadoop.ozone.MiniOzoneCluster;
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.client.BucketArgs;
+import org.apache.hadoop.ozone.client.ObjectStore;
+import org.apache.hadoop.ozone.client.OzoneBucket;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.client.OzoneVolume;
+import org.apache.hadoop.ozone.client.VolumeArgs;
+import org.apache.hadoop.ozone.client.io.OzoneOutputStream;
+import org.apache.hadoop.ozone.om.KeyManagerImpl;
+import org.apache.hadoop.ozone.om.OMStorage;
+import org.apache.hadoop.ozone.om.OmSnapshotManager;
+import org.apache.hadoop.ozone.om.OzoneManager;
+import org.apache.hadoop.ozone.om.exceptions.OMException;
+import org.apache.hadoop.ozone.om.helpers.BucketLayout;
+import org.apache.hadoop.ozone.om.helpers.OmKeyArgs;
+import org.apache.hadoop.ozone.om.helpers.SnapshotInfo;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.ozone.test.GenericTestUtils;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Timeout;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.EnumSource;
+import org.junit.jupiter.params.provider.MethodSource;
+
+import static java.nio.charset.StandardCharsets.UTF_8;
+import static org.apache.hadoop.fs.FileSystem.FS_DEFAULT_NAME_KEY;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS_NATIVE;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_ENABLED;
+import static org.apache.hadoop.ozone.OzoneConsts.ADMIN;
+import static org.apache.hadoop.ozone.OzoneConsts.OM_DB_NAME;
+import static org.apache.hadoop.ozone.OzoneConsts.OM_KEY_PREFIX;
+import static org.apache.hadoop.ozone.OzoneConsts.OM_SNAPSHOT_DIR;
+import static org.apache.hadoop.ozone.OzoneConsts.OZONE_OFS_URI_SCHEME;
+import static org.junit.jupiter.params.provider.Arguments.arguments;
+
+/**
+ * Test for Snapshot feature with ACL.
+ */
+@Timeout(value = 300)
+public class TestOzoneManagerSnapshotAcl {
+
+ private static final String ADMIN_USER = "om";
+ private static final String ADMIN_GROUP = "ozone";
+ private static final UserGroupInformation ADMIN_UGI =
+ UserGroupInformation
+ .createUserForTesting(ADMIN_USER, new String[] {ADMIN_GROUP});
+ private static final String USER1 = "user1";
+ private static final String GROUP1 = "group1";
+ private static final UserGroupInformation UGI1 =
+ UserGroupInformation.createUserForTesting(USER1, new String[] {GROUP1});
+ private static final String USER2 = "user2";
+ private static final String GROUP2 = "group2";
+ private static final UserGroupInformation UGI2 =
+ UserGroupInformation.createUserForTesting(USER2, new String[] {GROUP2});
+ private static final OzoneObj.ResourceType RESOURCE_TYPE_KEY =
+ OzoneObj.ResourceType.KEY;
+ private static MiniOzoneCluster cluster;
+ private static ObjectStore objectStore;
+ private static File metaDir;
+ private static OzoneManager ozoneManager;
+ private String volumeName;
+ private String bucketName;
+ private static final String KEY_PREFIX = "key-";
+ private String keyName;
+ private String snapshotKeyPrefix;
+
+ @BeforeAll
+ public static void init() throws Exception {
+ UserGroupInformation.setLoginUser(ADMIN_UGI);
+ final OzoneConfiguration conf = new OzoneConfiguration();
+ conf.setBoolean(OZONE_ACL_ENABLED, true);
+ conf.set(OZONE_ACL_AUTHORIZER_CLASS, OZONE_ACL_AUTHORIZER_CLASS_NATIVE);
+ final String omServiceId = "om-service-test-1"
+ + RandomStringUtils.randomNumeric(5);
+
+ cluster = MiniOzoneCluster.newOMHABuilder(conf)
+ .setClusterId(UUID.randomUUID().toString())
+ .setScmId(UUID.randomUUID().toString())
+ .setOMServiceId(omServiceId)
+ .setNumOfOzoneManagers(1)
+ .build();
+ cluster.waitForClusterToBeReady();
+
+ ozoneManager = cluster.getOzoneManager();
+ final OzoneConfiguration ozoneManagerConf = ozoneManager.getConfiguration();
+ cluster.setConf(ozoneManagerConf);
+
+ final String hostPrefix = OZONE_OFS_URI_SCHEME + "://" + omServiceId;
+ final OzoneConfiguration clientConf =
+ new OzoneConfiguration(cluster.getConf());
+ clientConf.set(FS_DEFAULT_NAME_KEY, hostPrefix);
+
+ final OzoneClient client = cluster.getClient();
+ objectStore = client.getObjectStore();
+
+ final KeyManagerImpl keyManager = (KeyManagerImpl) HddsWhiteboxTestUtils
+ .getInternalState(ozoneManager, "keyManager");
+
+ // stop the deletion services so that keys can still be read
+ keyManager.stop();
+ metaDir = OMStorage.getOmDbDir(ozoneManagerConf);
+ }
+
+ @AfterAll
+ public static void tearDown() throws Exception {
+ if (cluster != null) {
+ cluster.shutdown();
+ }
+ }
+
+ @ParameterizedTest
+ @EnumSource(BucketLayout.class)
+ public void testLookupKeyWithAllowedUser(BucketLayout bucketLayout)
+ throws Exception {
+ // GIVEN
+ setup(bucketLayout);
+ final OmKeyArgs snapshotKeyArgs = getOmKeyArgs(true);
+
+ // WHEN-THEN
+ Assertions.assertDoesNotThrow(
+ () -> ozoneManager.lookupKey(snapshotKeyArgs));
+ }
+
+ private OmKeyArgs getOmKeyArgs(boolean isSnapshot) {
+ return new OmKeyArgs.Builder()
+ .setVolumeName(volumeName)
+ .setBucketName(bucketName)
+ .setKeyName(isSnapshot ? snapshotKeyPrefix + keyName : keyName)
+ .build();
+ }
+
+ private void createBucket(BucketLayout bucketLayout,
+ OzoneVolume volume) throws IOException {
+ final String bucketPrefix = "bucket-";
+ bucketName = bucketPrefix + RandomStringUtils.randomNumeric(5);
+ final BucketArgs bucketArgs = BucketArgs.newBuilder()
+ .setOwner(ADMIN)
+ .setBucketLayout(bucketLayout).build();
+ volume.createBucket(bucketName, bucketArgs);
+ }
+
+ private void createVolume() throws IOException {
+ final String volumePrefix = "volume-";
+ volumeName = volumePrefix + RandomStringUtils.randomNumeric(5);
+ final VolumeArgs volumeArgs = new VolumeArgs.Builder()
+ .setAdmin(ADMIN)
+ .setOwner(ADMIN)
+ .build();
+ objectStore.createVolume(volumeName, volumeArgs);
+ }
+
+ @ParameterizedTest
+ @EnumSource(BucketLayout.class)
+ public void testLookupKeyWithNotAllowedUser(BucketLayout bucketLayout)
+ throws Exception {
+ // GIVEN
+ setup(bucketLayout);
+ final OmKeyArgs snapshotKeyArgs = getOmKeyArgs(true);
+ final OmKeyArgs keyArgs = getOmKeyArgs(false);
+
+ // WHEN
Review Comment:
Comment should be something like: "when reading from snapshot, read disallowed."
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] GeorgeJahad commented on a diff in pull request #4301: HDDS-8014. Add native ACL integration tests for Snapshotting
Posted by "GeorgeJahad (via GitHub)" <gi...@apache.org>.
GeorgeJahad commented on code in PR #4301:
URL: https://github.com/apache/ozone/pull/4301#discussion_r1116435846
##########
hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/snapshot/TestOzoneManagerSnapshotAcl.java:
##########
@@ -0,0 +1,538 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.hadoop.ozone.om.snapshot;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.UUID;
+import java.util.concurrent.TimeoutException;
+import java.util.stream.Stream;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.hadoop.hdds.conf.OzoneConfiguration;
+import org.apache.hadoop.hdds.scm.HddsWhiteboxTestUtils;
+import org.apache.hadoop.ozone.MiniOzoneCluster;
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.client.BucketArgs;
+import org.apache.hadoop.ozone.client.ObjectStore;
+import org.apache.hadoop.ozone.client.OzoneBucket;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.client.OzoneVolume;
+import org.apache.hadoop.ozone.client.VolumeArgs;
+import org.apache.hadoop.ozone.client.io.OzoneOutputStream;
+import org.apache.hadoop.ozone.om.KeyManagerImpl;
+import org.apache.hadoop.ozone.om.OMStorage;
+import org.apache.hadoop.ozone.om.OmSnapshotManager;
+import org.apache.hadoop.ozone.om.OzoneManager;
+import org.apache.hadoop.ozone.om.exceptions.OMException;
+import org.apache.hadoop.ozone.om.helpers.BucketLayout;
+import org.apache.hadoop.ozone.om.helpers.OmKeyArgs;
+import org.apache.hadoop.ozone.om.helpers.SnapshotInfo;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.ozone.test.GenericTestUtils;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Timeout;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.EnumSource;
+import org.junit.jupiter.params.provider.MethodSource;
+
+import static java.nio.charset.StandardCharsets.UTF_8;
+import static org.apache.hadoop.fs.FileSystem.FS_DEFAULT_NAME_KEY;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS_NATIVE;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_ENABLED;
+import static org.apache.hadoop.ozone.OzoneConsts.ADMIN;
+import static org.apache.hadoop.ozone.OzoneConsts.OM_DB_NAME;
+import static org.apache.hadoop.ozone.OzoneConsts.OM_KEY_PREFIX;
+import static org.apache.hadoop.ozone.OzoneConsts.OM_SNAPSHOT_DIR;
+import static org.apache.hadoop.ozone.OzoneConsts.OZONE_OFS_URI_SCHEME;
+import static org.junit.jupiter.params.provider.Arguments.arguments;
+
+/**
+ * Test for Snapshot feature with ACL.
+ */
+@Timeout(value = 300)
+public class TestOzoneManagerSnapshotAcl {
+
+ private static final String ADMIN_USER = "om";
+ private static final String ADMIN_GROUP = "ozone";
+ private static final UserGroupInformation ADMIN_UGI =
+ UserGroupInformation
+ .createUserForTesting(ADMIN_USER, new String[] {ADMIN_GROUP});
+ private static final String USER1 = "user1";
+ private static final String GROUP1 = "group1";
+ private static final UserGroupInformation UGI1 =
+ UserGroupInformation.createUserForTesting(USER1, new String[] {GROUP1});
+ private static final String USER2 = "user2";
+ private static final String GROUP2 = "group2";
+ private static final UserGroupInformation UGI2 =
+ UserGroupInformation.createUserForTesting(USER2, new String[] {GROUP2});
+ private static final OzoneObj.ResourceType RESOURCE_TYPE_KEY =
+ OzoneObj.ResourceType.KEY;
+ private static MiniOzoneCluster cluster;
+ private static ObjectStore objectStore;
+ private static File metaDir;
+ private static OzoneManager ozoneManager;
+ private String volumeName;
+ private String bucketName;
+ private static final String KEY_PREFIX = "key-";
+ private String keyName;
+ private String snapshotKeyPrefix;
+
+ @BeforeAll
+ public static void init() throws Exception {
+ UserGroupInformation.setLoginUser(ADMIN_UGI);
+ final OzoneConfiguration conf = new OzoneConfiguration();
+ conf.setBoolean(OZONE_ACL_ENABLED, true);
+ conf.set(OZONE_ACL_AUTHORIZER_CLASS, OZONE_ACL_AUTHORIZER_CLASS_NATIVE);
+ final String omServiceId = "om-service-test-1"
+ + RandomStringUtils.randomNumeric(5);
+
+ cluster = MiniOzoneCluster.newOMHABuilder(conf)
+ .setClusterId(UUID.randomUUID().toString())
+ .setScmId(UUID.randomUUID().toString())
+ .setOMServiceId(omServiceId)
+ .setNumOfOzoneManagers(1)
+ .build();
+ cluster.waitForClusterToBeReady();
+
+ ozoneManager = cluster.getOzoneManager();
+ final OzoneConfiguration ozoneManagerConf = ozoneManager.getConfiguration();
+ cluster.setConf(ozoneManagerConf);
+
+ final String hostPrefix = OZONE_OFS_URI_SCHEME + "://" + omServiceId;
+ final OzoneConfiguration clientConf =
+ new OzoneConfiguration(cluster.getConf());
+ clientConf.set(FS_DEFAULT_NAME_KEY, hostPrefix);
+
+ final OzoneClient client = cluster.getClient();
+ objectStore = client.getObjectStore();
+
+ final KeyManagerImpl keyManager = (KeyManagerImpl) HddsWhiteboxTestUtils
+ .getInternalState(ozoneManager, "keyManager");
+
+ // stop the deletion services so that keys can still be read
+ keyManager.stop();
+ metaDir = OMStorage.getOmDbDir(ozoneManagerConf);
+ }
+
+ @AfterAll
+ public static void tearDown() throws Exception {
+ if (cluster != null) {
+ cluster.shutdown();
+ }
+ }
+
+ @ParameterizedTest
+ @EnumSource(BucketLayout.class)
+ public void testLookupKeyWithAllowedUser(BucketLayout bucketLayout)
+ throws Exception {
+ // GIVEN
+ setup(bucketLayout);
+ final OmKeyArgs snapshotKeyArgs = getOmKeyArgs(true);
+
+ // WHEN-THEN
+ Assertions.assertDoesNotThrow(
+ () -> ozoneManager.lookupKey(snapshotKeyArgs));
+ }
+
+ private OmKeyArgs getOmKeyArgs(boolean isSnapshot) {
+ return new OmKeyArgs.Builder()
+ .setVolumeName(volumeName)
+ .setBucketName(bucketName)
+ .setKeyName(isSnapshot ? snapshotKeyPrefix + keyName : keyName)
+ .build();
+ }
+
+ private void createBucket(BucketLayout bucketLayout,
+ OzoneVolume volume) throws IOException {
+ final String bucketPrefix = "bucket-";
+ bucketName = bucketPrefix + RandomStringUtils.randomNumeric(5);
+ final BucketArgs bucketArgs = BucketArgs.newBuilder()
+ .setOwner(ADMIN)
+ .setBucketLayout(bucketLayout).build();
+ volume.createBucket(bucketName, bucketArgs);
+ }
+
+ private void createVolume() throws IOException {
+ final String volumePrefix = "volume-";
+ volumeName = volumePrefix + RandomStringUtils.randomNumeric(5);
+ final VolumeArgs volumeArgs = new VolumeArgs.Builder()
+ .setAdmin(ADMIN)
+ .setOwner(ADMIN)
+ .build();
+ objectStore.createVolume(volumeName, volumeArgs);
+ }
+
+ @ParameterizedTest
+ @EnumSource(BucketLayout.class)
+ public void testLookupKeyWithNotAllowedUser(BucketLayout bucketLayout)
+ throws Exception {
+ // GIVEN
+ setup(bucketLayout);
+ final OmKeyArgs snapshotKeyArgs = getOmKeyArgs(true);
+ final OmKeyArgs keyArgs = getOmKeyArgs(false);
+
+ // WHEN
+ UserGroupInformation.setLoginUser(UGI2);
+ final OMException ex = Assertions.assertThrows(OMException.class,
+ () -> ozoneManager.lookupKey(snapshotKeyArgs));
+
+ // THEN
+ Assertions.assertEquals(OMException.ResultCodes.PERMISSION_DENIED,
+ ex.getResult());
+ Assertions.assertDoesNotThrow(() -> ozoneManager.lookupKey(keyArgs));
+ }
+
+ private void setKeyAcl() throws IOException {
+ final OzoneObj keyObj = OzoneObjInfo.Builder.newBuilder()
+ .setResType(RESOURCE_TYPE_KEY)
+ .setStoreType(OzoneObj.StoreType.OZONE)
+ .setVolumeName(volumeName)
+ .setBucketName(bucketName)
+ .setKeyName(keyName)
+ .build();
+ objectStore.setAcl(keyObj, OzoneAcl.parseAcls(
+ "user:" + USER1 + ":r," +
+ "user:" + USER1 + ":x," +
+ "user:" + USER2 + ":r," +
+ "user:" + USER2 + ":x"));
+ }
+
+ private void createKey(OzoneBucket bucket)
+ throws IOException {
+ keyName = KEY_PREFIX + RandomStringUtils.randomNumeric(5);
+ byte[] data = RandomStringUtils.randomAscii(1).getBytes(UTF_8);
+ final OzoneOutputStream fileKey = bucket.createKey(keyName, data.length);
+ fileKey.write(data);
+ fileKey.close();
+ }
+
+ private void createSnapshot()
+ throws IOException, InterruptedException, TimeoutException {
+ final String snapshotPrefix = "snapshot-";
+ final String snapshotName =
+ snapshotPrefix + RandomStringUtils.randomNumeric(5);
+ objectStore.createSnapshot(volumeName, bucketName, snapshotName);
+ snapshotKeyPrefix = OmSnapshotManager
+ .getSnapshotPrefix(snapshotName);
+ final SnapshotInfo snapshotInfo = ozoneManager
+ .getMetadataManager()
+ .getSnapshotInfoTable()
+ .get(SnapshotInfo.getTableKey(volumeName, bucketName, snapshotName));
+ final String snapshotDirName = metaDir + OM_KEY_PREFIX +
+ OM_SNAPSHOT_DIR + OM_KEY_PREFIX + OM_DB_NAME +
+ snapshotInfo.getCheckpointDirName() + OM_KEY_PREFIX + "CURRENT";
+ GenericTestUtils.waitFor(() -> new File(snapshotDirName).exists(),
+ 1000, 120000);
+ }
+
+ @ParameterizedTest
+ @EnumSource(BucketLayout.class)
+ public void testGeyKeyInfoWithAllowedUser(BucketLayout bucketLayout)
+ throws IOException, InterruptedException, TimeoutException {
+ // GIVEN
+ setup(bucketLayout);
+ final OmKeyArgs snapshotKeyArgs = getOmKeyArgs(true);
+ final boolean assumeS3Context = false;
+
+ // WHEN-THEN
+ Assertions.assertDoesNotThrow(
+ () -> ozoneManager.getKeyInfo(snapshotKeyArgs, assumeS3Context));
+ }
+
+ @ParameterizedTest
+ @EnumSource(BucketLayout.class)
+ public void testGeyKeyInfoWithNotAllowedUser(BucketLayout bucketLayout)
+ throws IOException, InterruptedException, TimeoutException {
+ // GIVEN
+ setup(bucketLayout);
+ final OmKeyArgs snapshotKeyOmKeyArgs = getOmKeyArgs(true);
+ final OmKeyArgs omKeyArgs = getOmKeyArgs(false);
+ final boolean assumeS3Context = false;
+
+ // WHEN
+ UserGroupInformation.setLoginUser(UGI2);
+ final OMException ex =
+ Assertions.assertThrows(OMException.class,
+ () -> ozoneManager.getKeyInfo(snapshotKeyOmKeyArgs,
+ assumeS3Context));
+
+ // THEN
+ Assertions.assertEquals(OMException.ResultCodes.PERMISSION_DENIED,
+ ex.getResult());
+ Assertions.assertDoesNotThrow(
+ () -> ozoneManager.getKeyInfo(omKeyArgs, assumeS3Context));
+ }
+
+ private static Stream<Arguments> getListStatusArguments() {
+ return Stream.of(
+ arguments(BucketLayout.DEFAULT, false, false),
Review Comment:
The default bucketlayout can change, so make these: OBJECT_STORE
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] GeorgeJahad commented on pull request #4301: HDDS-8014. [Snapshot] Implement Native Acl Integration tests for Snapshotting
Posted by "GeorgeJahad (via GitHub)" <gi...@apache.org>.
GeorgeJahad commented on PR #4301:
URL: https://github.com/apache/ozone/pull/4301#issuecomment-1454346547
> One suggestion is to move all the helper methods down, right now it looks scattered.
+1
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] mladjan-gadzic commented on pull request #4301: HDDS-8014. [Snapshot] Implement Native Acl Integration tests for Snapshotting
Posted by "mladjan-gadzic (via GitHub)" <gi...@apache.org>.
mladjan-gadzic commented on PR #4301:
URL: https://github.com/apache/ozone/pull/4301#issuecomment-1455729612
> Thanks for the patch @mladjan-gadzic, The changes look good to me. One suggestion is to move all the helper methods down, right now it looks scattered.
@GeorgeJahad @aswinshakil thank you for the review! I will group helper methods toghether.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org
[GitHub] [ozone] GeorgeJahad commented on a diff in pull request #4301: HDDS-8014. Add native ACL integration tests for Snapshotting
Posted by "GeorgeJahad (via GitHub)" <gi...@apache.org>.
GeorgeJahad commented on code in PR #4301:
URL: https://github.com/apache/ozone/pull/4301#discussion_r1116425700
##########
hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/snapshot/TestOzoneManagerSnapshotAcl.java:
##########
@@ -0,0 +1,538 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.hadoop.ozone.om.snapshot;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.UUID;
+import java.util.concurrent.TimeoutException;
+import java.util.stream.Stream;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.hadoop.hdds.conf.OzoneConfiguration;
+import org.apache.hadoop.hdds.scm.HddsWhiteboxTestUtils;
+import org.apache.hadoop.ozone.MiniOzoneCluster;
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.client.BucketArgs;
+import org.apache.hadoop.ozone.client.ObjectStore;
+import org.apache.hadoop.ozone.client.OzoneBucket;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.client.OzoneVolume;
+import org.apache.hadoop.ozone.client.VolumeArgs;
+import org.apache.hadoop.ozone.client.io.OzoneOutputStream;
+import org.apache.hadoop.ozone.om.KeyManagerImpl;
+import org.apache.hadoop.ozone.om.OMStorage;
+import org.apache.hadoop.ozone.om.OmSnapshotManager;
+import org.apache.hadoop.ozone.om.OzoneManager;
+import org.apache.hadoop.ozone.om.exceptions.OMException;
+import org.apache.hadoop.ozone.om.helpers.BucketLayout;
+import org.apache.hadoop.ozone.om.helpers.OmKeyArgs;
+import org.apache.hadoop.ozone.om.helpers.SnapshotInfo;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.ozone.test.GenericTestUtils;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Timeout;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.EnumSource;
+import org.junit.jupiter.params.provider.MethodSource;
+
+import static java.nio.charset.StandardCharsets.UTF_8;
+import static org.apache.hadoop.fs.FileSystem.FS_DEFAULT_NAME_KEY;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS_NATIVE;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_ENABLED;
+import static org.apache.hadoop.ozone.OzoneConsts.ADMIN;
+import static org.apache.hadoop.ozone.OzoneConsts.OM_DB_NAME;
+import static org.apache.hadoop.ozone.OzoneConsts.OM_KEY_PREFIX;
+import static org.apache.hadoop.ozone.OzoneConsts.OM_SNAPSHOT_DIR;
+import static org.apache.hadoop.ozone.OzoneConsts.OZONE_OFS_URI_SCHEME;
+import static org.junit.jupiter.params.provider.Arguments.arguments;
+
+/**
+ * Test for Snapshot feature with ACL.
+ */
+@Timeout(value = 300)
+public class TestOzoneManagerSnapshotAcl {
+
+ private static final String ADMIN_USER = "om";
+ private static final String ADMIN_GROUP = "ozone";
+ private static final UserGroupInformation ADMIN_UGI =
+ UserGroupInformation
+ .createUserForTesting(ADMIN_USER, new String[] {ADMIN_GROUP});
+ private static final String USER1 = "user1";
+ private static final String GROUP1 = "group1";
+ private static final UserGroupInformation UGI1 =
+ UserGroupInformation.createUserForTesting(USER1, new String[] {GROUP1});
+ private static final String USER2 = "user2";
+ private static final String GROUP2 = "group2";
+ private static final UserGroupInformation UGI2 =
+ UserGroupInformation.createUserForTesting(USER2, new String[] {GROUP2});
+ private static final OzoneObj.ResourceType RESOURCE_TYPE_KEY =
+ OzoneObj.ResourceType.KEY;
+ private static MiniOzoneCluster cluster;
+ private static ObjectStore objectStore;
+ private static File metaDir;
+ private static OzoneManager ozoneManager;
+ private String volumeName;
+ private String bucketName;
+ private static final String KEY_PREFIX = "key-";
+ private String keyName;
+ private String snapshotKeyPrefix;
+
+ @BeforeAll
+ public static void init() throws Exception {
+ UserGroupInformation.setLoginUser(ADMIN_UGI);
+ final OzoneConfiguration conf = new OzoneConfiguration();
+ conf.setBoolean(OZONE_ACL_ENABLED, true);
+ conf.set(OZONE_ACL_AUTHORIZER_CLASS, OZONE_ACL_AUTHORIZER_CLASS_NATIVE);
+ final String omServiceId = "om-service-test-1"
+ + RandomStringUtils.randomNumeric(5);
+
+ cluster = MiniOzoneCluster.newOMHABuilder(conf)
+ .setClusterId(UUID.randomUUID().toString())
+ .setScmId(UUID.randomUUID().toString())
+ .setOMServiceId(omServiceId)
+ .setNumOfOzoneManagers(1)
+ .build();
+ cluster.waitForClusterToBeReady();
+
+ ozoneManager = cluster.getOzoneManager();
+ final OzoneConfiguration ozoneManagerConf = ozoneManager.getConfiguration();
+ cluster.setConf(ozoneManagerConf);
+
+ final String hostPrefix = OZONE_OFS_URI_SCHEME + "://" + omServiceId;
+ final OzoneConfiguration clientConf =
+ new OzoneConfiguration(cluster.getConf());
+ clientConf.set(FS_DEFAULT_NAME_KEY, hostPrefix);
+
+ final OzoneClient client = cluster.getClient();
+ objectStore = client.getObjectStore();
+
+ final KeyManagerImpl keyManager = (KeyManagerImpl) HddsWhiteboxTestUtils
+ .getInternalState(ozoneManager, "keyManager");
+
+ // stop the deletion services so that keys can still be read
+ keyManager.stop();
+ metaDir = OMStorage.getOmDbDir(ozoneManagerConf);
+ }
+
+ @AfterAll
+ public static void tearDown() throws Exception {
+ if (cluster != null) {
+ cluster.shutdown();
+ }
+ }
+
+ @ParameterizedTest
+ @EnumSource(BucketLayout.class)
+ public void testLookupKeyWithAllowedUser(BucketLayout bucketLayout)
+ throws Exception {
+ // GIVEN
+ setup(bucketLayout);
+ final OmKeyArgs snapshotKeyArgs = getOmKeyArgs(true);
+
+ // WHEN-THEN
+ Assertions.assertDoesNotThrow(
+ () -> ozoneManager.lookupKey(snapshotKeyArgs));
+ }
+
+ private OmKeyArgs getOmKeyArgs(boolean isSnapshot) {
+ return new OmKeyArgs.Builder()
+ .setVolumeName(volumeName)
+ .setBucketName(bucketName)
+ .setKeyName(isSnapshot ? snapshotKeyPrefix + keyName : keyName)
+ .build();
+ }
+
+ private void createBucket(BucketLayout bucketLayout,
+ OzoneVolume volume) throws IOException {
+ final String bucketPrefix = "bucket-";
+ bucketName = bucketPrefix + RandomStringUtils.randomNumeric(5);
+ final BucketArgs bucketArgs = BucketArgs.newBuilder()
+ .setOwner(ADMIN)
+ .setBucketLayout(bucketLayout).build();
+ volume.createBucket(bucketName, bucketArgs);
+ }
+
+ private void createVolume() throws IOException {
+ final String volumePrefix = "volume-";
+ volumeName = volumePrefix + RandomStringUtils.randomNumeric(5);
+ final VolumeArgs volumeArgs = new VolumeArgs.Builder()
+ .setAdmin(ADMIN)
+ .setOwner(ADMIN)
+ .build();
+ objectStore.createVolume(volumeName, volumeArgs);
+ }
+
+ @ParameterizedTest
+ @EnumSource(BucketLayout.class)
+ public void testLookupKeyWithNotAllowedUser(BucketLayout bucketLayout)
+ throws Exception {
+ // GIVEN
+ setup(bucketLayout);
+ final OmKeyArgs snapshotKeyArgs = getOmKeyArgs(true);
+ final OmKeyArgs keyArgs = getOmKeyArgs(false);
+
+ // WHEN
+ UserGroupInformation.setLoginUser(UGI2);
+ final OMException ex = Assertions.assertThrows(OMException.class,
+ () -> ozoneManager.lookupKey(snapshotKeyArgs));
+
+ // THEN
+ Assertions.assertEquals(OMException.ResultCodes.PERMISSION_DENIED,
+ ex.getResult());
+ Assertions.assertDoesNotThrow(() -> ozoneManager.lookupKey(keyArgs));
Review Comment:
add a comment: "when same user reads same key from active fs, read allowed."
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org