You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "GeorgeJahad (via GitHub)" <gi...@apache.org> on 2023/02/24 01:58:44 UTC

[GitHub] [ozone] GeorgeJahad commented on a diff in pull request #4301: HDDS-8014. Add native ACL integration tests for Snapshotting

GeorgeJahad commented on code in PR #4301:
URL: https://github.com/apache/ozone/pull/4301#discussion_r1116425367


##########
hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/snapshot/TestOzoneManagerSnapshotAcl.java:
##########
@@ -0,0 +1,538 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.hadoop.ozone.om.snapshot;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.UUID;
+import java.util.concurrent.TimeoutException;
+import java.util.stream.Stream;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.hadoop.hdds.conf.OzoneConfiguration;
+import org.apache.hadoop.hdds.scm.HddsWhiteboxTestUtils;
+import org.apache.hadoop.ozone.MiniOzoneCluster;
+import org.apache.hadoop.ozone.OzoneAcl;
+import org.apache.hadoop.ozone.client.BucketArgs;
+import org.apache.hadoop.ozone.client.ObjectStore;
+import org.apache.hadoop.ozone.client.OzoneBucket;
+import org.apache.hadoop.ozone.client.OzoneClient;
+import org.apache.hadoop.ozone.client.OzoneVolume;
+import org.apache.hadoop.ozone.client.VolumeArgs;
+import org.apache.hadoop.ozone.client.io.OzoneOutputStream;
+import org.apache.hadoop.ozone.om.KeyManagerImpl;
+import org.apache.hadoop.ozone.om.OMStorage;
+import org.apache.hadoop.ozone.om.OmSnapshotManager;
+import org.apache.hadoop.ozone.om.OzoneManager;
+import org.apache.hadoop.ozone.om.exceptions.OMException;
+import org.apache.hadoop.ozone.om.helpers.BucketLayout;
+import org.apache.hadoop.ozone.om.helpers.OmKeyArgs;
+import org.apache.hadoop.ozone.om.helpers.SnapshotInfo;
+import org.apache.hadoop.ozone.security.acl.OzoneObj;
+import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.ozone.test.GenericTestUtils;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Timeout;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.EnumSource;
+import org.junit.jupiter.params.provider.MethodSource;
+
+import static java.nio.charset.StandardCharsets.UTF_8;
+import static org.apache.hadoop.fs.FileSystem.FS_DEFAULT_NAME_KEY;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_AUTHORIZER_CLASS_NATIVE;
+import static org.apache.hadoop.ozone.OzoneConfigKeys.OZONE_ACL_ENABLED;
+import static org.apache.hadoop.ozone.OzoneConsts.ADMIN;
+import static org.apache.hadoop.ozone.OzoneConsts.OM_DB_NAME;
+import static org.apache.hadoop.ozone.OzoneConsts.OM_KEY_PREFIX;
+import static org.apache.hadoop.ozone.OzoneConsts.OM_SNAPSHOT_DIR;
+import static org.apache.hadoop.ozone.OzoneConsts.OZONE_OFS_URI_SCHEME;
+import static org.junit.jupiter.params.provider.Arguments.arguments;
+
+/**
+ * Test for Snapshot feature with ACL.
+ */
+@Timeout(value = 300)
+public class TestOzoneManagerSnapshotAcl {
+
+  private static final String ADMIN_USER = "om";
+  private static final String ADMIN_GROUP = "ozone";
+  private static final UserGroupInformation ADMIN_UGI =
+      UserGroupInformation
+          .createUserForTesting(ADMIN_USER, new String[] {ADMIN_GROUP});
+  private static final String USER1 = "user1";
+  private static final String GROUP1 = "group1";
+  private static final UserGroupInformation UGI1 =
+      UserGroupInformation.createUserForTesting(USER1, new String[] {GROUP1});
+  private static final String USER2 = "user2";
+  private static final String GROUP2 = "group2";
+  private static final UserGroupInformation UGI2 =
+      UserGroupInformation.createUserForTesting(USER2, new String[] {GROUP2});
+  private static final OzoneObj.ResourceType RESOURCE_TYPE_KEY =
+      OzoneObj.ResourceType.KEY;
+  private static MiniOzoneCluster cluster;
+  private static ObjectStore objectStore;
+  private static File metaDir;
+  private static OzoneManager ozoneManager;
+  private String volumeName;
+  private String bucketName;
+  private static final String KEY_PREFIX = "key-";
+  private String keyName;
+  private String snapshotKeyPrefix;
+
+  @BeforeAll
+  public static void init() throws Exception {
+    UserGroupInformation.setLoginUser(ADMIN_UGI);
+    final OzoneConfiguration conf = new OzoneConfiguration();
+    conf.setBoolean(OZONE_ACL_ENABLED, true);
+    conf.set(OZONE_ACL_AUTHORIZER_CLASS, OZONE_ACL_AUTHORIZER_CLASS_NATIVE);
+    final String omServiceId = "om-service-test-1"
+        + RandomStringUtils.randomNumeric(5);
+
+    cluster = MiniOzoneCluster.newOMHABuilder(conf)
+        .setClusterId(UUID.randomUUID().toString())
+        .setScmId(UUID.randomUUID().toString())
+        .setOMServiceId(omServiceId)
+        .setNumOfOzoneManagers(1)
+        .build();
+    cluster.waitForClusterToBeReady();
+
+    ozoneManager = cluster.getOzoneManager();
+    final OzoneConfiguration ozoneManagerConf = ozoneManager.getConfiguration();
+    cluster.setConf(ozoneManagerConf);
+
+    final String hostPrefix = OZONE_OFS_URI_SCHEME + "://" + omServiceId;
+    final OzoneConfiguration clientConf =
+        new OzoneConfiguration(cluster.getConf());
+    clientConf.set(FS_DEFAULT_NAME_KEY, hostPrefix);
+
+    final OzoneClient client = cluster.getClient();
+    objectStore = client.getObjectStore();
+
+    final KeyManagerImpl keyManager = (KeyManagerImpl) HddsWhiteboxTestUtils
+        .getInternalState(ozoneManager, "keyManager");
+
+    // stop the deletion services so that keys can still be read
+    keyManager.stop();
+    metaDir = OMStorage.getOmDbDir(ozoneManagerConf);
+  }
+
+  @AfterAll
+  public static void tearDown() throws Exception {
+    if (cluster != null) {
+      cluster.shutdown();
+    }
+  }
+
+  @ParameterizedTest
+  @EnumSource(BucketLayout.class)
+  public void testLookupKeyWithAllowedUser(BucketLayout bucketLayout)
+      throws Exception {
+    // GIVEN
+    setup(bucketLayout);
+    final OmKeyArgs snapshotKeyArgs = getOmKeyArgs(true);
+
+    // WHEN-THEN
+    Assertions.assertDoesNotThrow(
+        () -> ozoneManager.lookupKey(snapshotKeyArgs));
+  }
+
+  private OmKeyArgs getOmKeyArgs(boolean isSnapshot) {
+    return new OmKeyArgs.Builder()
+        .setVolumeName(volumeName)
+        .setBucketName(bucketName)
+        .setKeyName(isSnapshot ? snapshotKeyPrefix + keyName : keyName)
+        .build();
+  }
+
+  private void createBucket(BucketLayout bucketLayout,
+      OzoneVolume volume) throws IOException {
+    final String bucketPrefix = "bucket-";
+    bucketName = bucketPrefix + RandomStringUtils.randomNumeric(5);
+    final BucketArgs bucketArgs = BucketArgs.newBuilder()
+        .setOwner(ADMIN)
+        .setBucketLayout(bucketLayout).build();
+    volume.createBucket(bucketName, bucketArgs);
+  }
+
+  private void createVolume() throws IOException {
+    final String volumePrefix = "volume-";
+    volumeName = volumePrefix + RandomStringUtils.randomNumeric(5);
+    final VolumeArgs volumeArgs = new VolumeArgs.Builder()
+        .setAdmin(ADMIN)
+        .setOwner(ADMIN)
+        .build();
+    objectStore.createVolume(volumeName, volumeArgs);
+  }
+
+  @ParameterizedTest
+  @EnumSource(BucketLayout.class)
+  public void testLookupKeyWithNotAllowedUser(BucketLayout bucketLayout)
+      throws Exception {
+    // GIVEN
+    setup(bucketLayout);
+    final OmKeyArgs snapshotKeyArgs = getOmKeyArgs(true);
+    final OmKeyArgs keyArgs = getOmKeyArgs(false);
+
+    // WHEN

Review Comment:
   Comment should be something like:  "when reading from snapshot, read disallowed."



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org