You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ozone.apache.org by sa...@apache.org on 2020/07/22 13:00:42 UTC

[hadoop-ozone] 32/39: HDDS-3987. Encrypted bucket creation failed with INVALID_REQUEST Encryption cannot be set for bucket links (#1221)

This is an automated email from the ASF dual-hosted git repository.

sammichen pushed a commit to branch ozone-0.6.0
in repository https://gitbox.apache.org/repos/asf/hadoop-ozone.git

commit de093ec2506d828816659273cb31423df56d9cde
Author: Doroszlai, Attila <64...@users.noreply.github.com>
AuthorDate: Mon Jul 20 22:02:55 2020 +0200

    HDDS-3987. Encrypted bucket creation failed with INVALID_REQUEST Encryption cannot be set for bucket links (#1221)
    
    (cherry picked from commit 8339b38517c879ac9ce410b8cb0679a462b3d5c7)
---
 .../dist/src/main/compose/ozonesecure/test.sh      |  4 +++
 hadoop-ozone/dist/src/main/compose/testlib.sh      |  2 +-
 .../dist/src/main/smoketest/ozone-lib/shell.robot  |  5 +++
 .../smoketest/security/bucket-encryption.robot     | 40 ++++++++++++++++++++++
 .../om/request/bucket/OMBucketCreateRequest.java   |  4 +--
 5 files changed, 52 insertions(+), 3 deletions(-)

diff --git a/hadoop-ozone/dist/src/main/compose/ozonesecure/test.sh b/hadoop-ozone/dist/src/main/compose/ozonesecure/test.sh
index ce50fa0..84de2a9 100755
--- a/hadoop-ozone/dist/src/main/compose/ozonesecure/test.sh
+++ b/hadoop-ozone/dist/src/main/compose/ozonesecure/test.sh
@@ -23,8 +23,12 @@ source "$COMPOSE_DIR/../testlib.sh"
 
 export SECURITY_ENABLED=true
 
+: ${OZONE_BUCKET_KEY_NAME:=key1}
+
 start_docker_env
 
+execute_command_in_container kms hadoop key create ${OZONE_BUCKET_KEY_NAME}
+
 execute_robot_test scm kinit.robot
 
 execute_robot_test scm basic
diff --git a/hadoop-ozone/dist/src/main/compose/testlib.sh b/hadoop-ozone/dist/src/main/compose/testlib.sh
index 56c35c1..5a05633 100755
--- a/hadoop-ozone/dist/src/main/compose/testlib.sh
+++ b/hadoop-ozone/dist/src/main/compose/testlib.sh
@@ -114,7 +114,7 @@ execute_robot_test(){
   OUTPUT_PATH="$RESULT_DIR_INSIDE/${OUTPUT_FILE}"
   # shellcheck disable=SC2068
   docker-compose exec -T "$CONTAINER" mkdir -p "$RESULT_DIR_INSIDE" \
-    && docker-compose exec -T "$CONTAINER" robot -v OM_SERVICE_ID:"${OM_SERVICE_ID}" -v SECURITY_ENABLED:"${SECURITY_ENABLED}" -v OM_HA_PARAM:"${OM_HA_PARAM}" ${ARGUMENTS[@]} --log NONE -N "$TEST_NAME" --report NONE "${OZONE_ROBOT_OPTS[@]}" --output "$OUTPUT_PATH" "$SMOKETEST_DIR_INSIDE/$TEST"
+    && docker-compose exec -T "$CONTAINER" robot -v OM_SERVICE_ID:"${OM_SERVICE_ID}" -v SECURITY_ENABLED:"${SECURITY_ENABLED}" -v OM_HA_PARAM:"${OM_HA_PARAM}" -v KEY_NAME:"${OZONE_BUCKET_KEY_NAME}" ${ARGUMENTS[@]} --log NONE -N "$TEST_NAME" --report NONE "${OZONE_ROBOT_OPTS[@]}" --output "$OUTPUT_PATH" "$SMOKETEST_DIR_INSIDE/$TEST"
   local -i rc=$?
 
   FULL_CONTAINER_NAME=$(docker-compose ps | grep "_${CONTAINER}_" | head -n 1 | awk '{print $1}')
diff --git a/hadoop-ozone/dist/src/main/smoketest/ozone-lib/shell.robot b/hadoop-ozone/dist/src/main/smoketest/ozone-lib/shell.robot
index 2e56ae4..9afc6df 100644
--- a/hadoop-ozone/dist/src/main/smoketest/ozone-lib/shell.robot
+++ b/hadoop-ozone/dist/src/main/smoketest/ozone-lib/shell.robot
@@ -46,3 +46,8 @@ Verify ACL
     [arguments]         ${object_type}   ${object}    ${type}   ${name}    ${acls}
     ${actual_acls} =    Execute          ozone sh ${object_type} getacl ${object} | jq -r '.[] | select(.type == "${type}") | select(.name == "${name}") | .aclList[]' | xargs
                         Should Be Equal    ${acls}    ${actual_acls}
+
+Create Random Volume
+    ${random} =    Generate Random String  5  [LOWER]
+    Execute        ozone sh volume create o3://${OM_SERVICE_ID}/vol-${random}
+    [return]       vol-${random}
diff --git a/hadoop-ozone/dist/src/main/smoketest/security/bucket-encryption.robot b/hadoop-ozone/dist/src/main/smoketest/security/bucket-encryption.robot
new file mode 100644
index 0000000..e1f96b1
--- /dev/null
+++ b/hadoop-ozone/dist/src/main/smoketest/security/bucket-encryption.robot
@@ -0,0 +1,40 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+*** Settings ***
+Documentation       Test for bucket encryption
+Library             BuiltIn
+Library             String
+Resource            ../commonlib.robot
+Resource            ../lib/os.robot
+Resource            ../ozone-lib/shell.robot
+Test Setup          Setup Test
+Test Timeout        5 minutes
+
+*** Variables ***
+${KEY_NAME}    key1
+${VOLUME}
+
+*** Keywords ***
+Setup Test
+    ${volume} =      Create Random Volume
+    Set Suite Variable    ${VOLUME}    ${volume}
+
+
+*** Test Cases ***
+Create Encrypted Bucket
+    ${output} =      Execute    ozone sh bucket create -k ${KEY_NAME} o3://${OM_SERVICE_ID}/${VOLUME}/encrypted-bucket
+                     Should Not Contain    ${output}    INVALID_REQUEST
+    Bucket Exists    o3://${OM_SERVICE_ID}/${VOLUME}/encrypted-bucket
diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/bucket/OMBucketCreateRequest.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/bucket/OMBucketCreateRequest.java
index 71d5458..7c60f61 100644
--- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/bucket/OMBucketCreateRequest.java
+++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/request/bucket/OMBucketCreateRequest.java
@@ -115,8 +115,8 @@ public class OMBucketCreateRequest extends OMClientRequest {
       newBucketInfo.setBeinfo(getBeinfo(kmsProvider, bucketInfo));
     }
 
-    boolean hasSourceVolume = bucketInfo.getSourceVolume() != null;
-    boolean hasSourceBucket = bucketInfo.getSourceBucket() != null;
+    boolean hasSourceVolume = bucketInfo.hasSourceVolume();
+    boolean hasSourceBucket = bucketInfo.hasSourceBucket();
 
     if (hasSourceBucket != hasSourceVolume) {
       throw new OMException("Both source volume and source bucket are " +


---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-commits-help@hadoop.apache.org