From f077e23775b863b7dc5f8442c770a7e88136b9dd Mon Sep 17 00:00:00 2001 From: chungen0126 Date: Wed, 18 Dec 2024 23:41:21 +0800 Subject: [PATCH 1/5] fix TestOzoneDelegationTokenSecretManager --- .../TestOzoneDelegationTokenSecretManager.java | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java index c0fdb7a8c219..2a84c2e9583e 100644 --- a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java +++ b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java @@ -257,6 +257,10 @@ private void testRenewTokenSuccessHelper(boolean restartSecretManager) Token token = secretManager.createToken(TEST_USER, TEST_USER, TEST_USER); + OzoneTokenIdentifier ozoneTokenIdentifier = OzoneTokenIdentifier. + readProtoBuf(token.getIdentifier()); + long renewDate = secretManager.updateToken(token, ozoneTokenIdentifier, expiryTime); + om.getMetadataManager().getDelegationTokenTable().put(ozoneTokenIdentifier, renewDate); Thread.sleep(10 * 5); if (restartSecretManager) { @@ -264,6 +268,8 @@ private void testRenewTokenSuccessHelper(boolean restartSecretManager) } long renewalTime = secretManager.renewToken(token, TEST_USER.toString()); + secretManager.updateToken(token, OzoneTokenIdentifier. + readProtoBuf(token.getIdentifier()), expiryTime); assertThat(renewalTime).isGreaterThan(0); } @@ -354,6 +360,10 @@ public void testCancelTokenSuccess() throws Exception { secretManager.start(certificateClient); Token token = secretManager.createToken(TEST_USER, TEST_USER, TEST_USER); + OzoneTokenIdentifier ozoneTokenIdentifier = OzoneTokenIdentifier. + readProtoBuf(token.getIdentifier()); + long renewDate = secretManager.updateToken(token, ozoneTokenIdentifier, expiryTime); + om.getMetadataManager().getDelegationTokenTable().put(ozoneTokenIdentifier, renewDate); secretManager.cancelToken(token, TEST_USER.toString()); } From 5852fef77dd2b8eba041531c611e48509825db17 Mon Sep 17 00:00:00 2001 From: chungen0126 Date: Thu, 19 Dec 2024 00:57:46 +0800 Subject: [PATCH 2/5] enable ratis --- .../security/TestOzoneDelegationTokenSecretManager.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java index 2a84c2e9583e..0e8649a161d4 100644 --- a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java +++ b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java @@ -139,7 +139,7 @@ private OzoneConfiguration createNewTestPath() throws IOException { // TODO: Once HA and non-HA code paths are merged in // OzoneDelegationTokenSecretManager, this test should be updated to // test both ratis enabled and disabled case. - config.setBoolean(OZONE_OM_RATIS_ENABLE_KEY, false); + config.setBoolean(OZONE_OM_RATIS_ENABLE_KEY, true); File newFolder = folder.toFile(); if (!newFolder.exists()) { assertTrue(newFolder.mkdirs()); @@ -293,6 +293,10 @@ public void testRenewTokenFailure() throws Exception { secretManager.start(certificateClient); Token token = secretManager.createToken(TEST_USER, TEST_USER, TEST_USER); + OzoneTokenIdentifier ozoneTokenIdentifier = OzoneTokenIdentifier. + readProtoBuf(token.getIdentifier()); + long renewDate = secretManager.updateToken(token, ozoneTokenIdentifier, expiryTime); + om.getMetadataManager().getDelegationTokenTable().put(ozoneTokenIdentifier, renewDate); AccessControlException exception = assertThrows(AccessControlException.class, () -> secretManager.renewToken(token, "rougeUser")); From 51eddd16a77a5653b72f644d2fca0e54ba218e70 Mon Sep 17 00:00:00 2001 From: chungen0126 Date: Thu, 19 Dec 2024 03:08:22 +0800 Subject: [PATCH 3/5] group change to addToTokenStore --- ...TestOzoneDelegationTokenSecretManager.java | 22 +++++++++---------- 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java index 0e8649a161d4..ec635f4fa6c0 100644 --- a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java +++ b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java @@ -257,10 +257,7 @@ private void testRenewTokenSuccessHelper(boolean restartSecretManager) Token token = secretManager.createToken(TEST_USER, TEST_USER, TEST_USER); - OzoneTokenIdentifier ozoneTokenIdentifier = OzoneTokenIdentifier. - readProtoBuf(token.getIdentifier()); - long renewDate = secretManager.updateToken(token, ozoneTokenIdentifier, expiryTime); - om.getMetadataManager().getDelegationTokenTable().put(ozoneTokenIdentifier, renewDate); + addToTokenStore(token); Thread.sleep(10 * 5); if (restartSecretManager) { @@ -293,10 +290,7 @@ public void testRenewTokenFailure() throws Exception { secretManager.start(certificateClient); Token token = secretManager.createToken(TEST_USER, TEST_USER, TEST_USER); - OzoneTokenIdentifier ozoneTokenIdentifier = OzoneTokenIdentifier. - readProtoBuf(token.getIdentifier()); - long renewDate = secretManager.updateToken(token, ozoneTokenIdentifier, expiryTime); - om.getMetadataManager().getDelegationTokenTable().put(ozoneTokenIdentifier, renewDate); + addToTokenStore(token); AccessControlException exception = assertThrows(AccessControlException.class, () -> secretManager.renewToken(token, "rougeUser")); @@ -364,10 +358,7 @@ public void testCancelTokenSuccess() throws Exception { secretManager.start(certificateClient); Token token = secretManager.createToken(TEST_USER, TEST_USER, TEST_USER); - OzoneTokenIdentifier ozoneTokenIdentifier = OzoneTokenIdentifier. - readProtoBuf(token.getIdentifier()); - long renewDate = secretManager.updateToken(token, ozoneTokenIdentifier, expiryTime); - om.getMetadataManager().getDelegationTokenTable().put(ozoneTokenIdentifier, renewDate); + addToTokenStore(token); secretManager.cancelToken(token, TEST_USER.toString()); } @@ -526,4 +517,11 @@ private void validateHash(byte[] hash, byte[] identifier) throws Exception { .setSecretKeyClient(secretKeyClient) .build(); } + + private void addToTokenStore(Token token) throws IOException { + OzoneTokenIdentifier ozoneTokenIdentifier = OzoneTokenIdentifier. + readProtoBuf(token.getIdentifier()); + long renewDate = secretManager.updateToken(token, ozoneTokenIdentifier, expiryTime); + om.getMetadataManager().getDelegationTokenTable().put(ozoneTokenIdentifier, renewDate); + } } From de540b0e84953ceba86a0808296fee2e25f5e7e0 Mon Sep 17 00:00:00 2001 From: chungen0126 Date: Thu, 19 Dec 2024 03:10:07 +0800 Subject: [PATCH 4/5] group change to addToTokenStore --- .../ozone/security/TestOzoneDelegationTokenSecretManager.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java index ec635f4fa6c0..a4b3c48f7374 100644 --- a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java +++ b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java @@ -265,8 +265,7 @@ private void testRenewTokenSuccessHelper(boolean restartSecretManager) } long renewalTime = secretManager.renewToken(token, TEST_USER.toString()); - secretManager.updateToken(token, OzoneTokenIdentifier. - readProtoBuf(token.getIdentifier()), expiryTime); + addToTokenStore(token); assertThat(renewalTime).isGreaterThan(0); } From 97c229866719707afe1532dcd19cae9423525637 Mon Sep 17 00:00:00 2001 From: chungen0126 Date: Thu, 19 Dec 2024 20:08:33 +0800 Subject: [PATCH 5/5] remove ratis config in TestOzoneDelegationTokenSecretManager --- .../security/TestOzoneDelegationTokenSecretManager.java | 9 --------- 1 file changed, 9 deletions(-) diff --git a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java index a4b3c48f7374..a9239b5639a5 100644 --- a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java +++ b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/TestOzoneDelegationTokenSecretManager.java @@ -59,7 +59,6 @@ import org.apache.hadoop.security.token.Token; import org.apache.hadoop.util.Time; -import static org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_OM_RATIS_ENABLE_KEY; import static org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos.OMTokenProto.Type.S3AUTHINFO; import static org.assertj.core.api.Assertions.assertThat; import static org.junit.jupiter.api.Assertions.assertEquals; @@ -132,14 +131,6 @@ public void setUp() throws Exception { private OzoneConfiguration createNewTestPath() throws IOException { OzoneConfiguration config = new OzoneConfiguration(); - // When ratis is enabled, tokens are not updated to the store directly by - // OzoneDelegationTokenSecretManager. Tokens are updated via Ratis - // through the DoubleBuffer. Hence, to test - // OzoneDelegationTokenSecretManager, we should disable OM Ratis. - // TODO: Once HA and non-HA code paths are merged in - // OzoneDelegationTokenSecretManager, this test should be updated to - // test both ratis enabled and disabled case. - config.setBoolean(OZONE_OM_RATIS_ENABLE_KEY, true); File newFolder = folder.toFile(); if (!newFolder.exists()) { assertTrue(newFolder.mkdirs());