| /** |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * <p> |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * <p> |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package org.apache.hadoop.ozone.client.rpc; |
| |
| import org.apache.hadoop.hdds.HddsConfigKeys; |
| import org.apache.hadoop.hdds.client.ReplicationFactor; |
| import org.apache.hadoop.hdds.client.ReplicationType; |
| import org.apache.hadoop.hdds.conf.OzoneConfiguration; |
| import org.apache.hadoop.hdds.protocol.proto.HddsProtos; |
| import org.apache.hadoop.hdds.protocol.proto.HddsProtos.BlockTokenSecretProto.AccessModeProto; |
| import org.apache.hadoop.hdds.scm.ScmConfigKeys; |
| import org.apache.hadoop.hdds.scm.container.ContainerInfo; |
| import org.apache.hadoop.hdds.scm.protocolPB.StorageContainerLocationProtocolClientSideTranslatorPB; |
| import org.apache.hadoop.hdds.security.token.BlockTokenVerifier; |
| import org.apache.hadoop.hdds.security.token.OzoneBlockTokenIdentifier; |
| import org.apache.hadoop.hdds.security.x509.SecurityConfig; |
| import org.apache.hadoop.ozone.MiniOzoneCluster; |
| import org.apache.hadoop.ozone.client.CertificateClientTestImpl; |
| import org.apache.hadoop.ozone.client.ObjectStore; |
| import org.apache.hadoop.ozone.client.OzoneBucket; |
| import org.apache.hadoop.ozone.client.OzoneClient; |
| import org.apache.hadoop.ozone.client.OzoneClientFactory; |
| import org.apache.hadoop.ozone.client.OzoneKey; |
| import org.apache.hadoop.ozone.client.OzoneVolume; |
| import org.apache.hadoop.ozone.client.io.OzoneInputStream; |
| import org.apache.hadoop.ozone.client.io.OzoneOutputStream; |
| import org.apache.hadoop.ozone.om.OzoneManager; |
| import org.apache.hadoop.ozone.om.helpers.OmKeyArgs; |
| import org.apache.hadoop.ozone.om.helpers.OmKeyInfo; |
| import org.apache.hadoop.ozone.om.helpers.OmKeyLocationInfo; |
| import org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager; |
| import org.apache.hadoop.security.UserGroupInformation; |
| import org.apache.hadoop.security.token.Token; |
| import org.apache.hadoop.test.GenericTestUtils; |
| import org.apache.hadoop.test.LambdaTestUtils; |
| import org.apache.hadoop.util.Time; |
| import org.junit.AfterClass; |
| import org.junit.Assert; |
| import org.junit.BeforeClass; |
| import org.junit.Ignore; |
| import org.junit.Test; |
| |
| import java.io.File; |
| import java.io.IOException; |
| import java.util.EnumSet; |
| import java.util.HashMap; |
| import java.util.UUID; |
| |
| import static org.apache.hadoop.hdds.HddsConfigKeys.OZONE_METADATA_DIRS; |
| |
| /** |
| * This class is to test all the public facing APIs of Ozone Client. |
| */ |
| public class TestSecureOzoneRpcClient extends TestOzoneRpcClient { |
| |
| private static MiniOzoneCluster cluster = null; |
| private static OzoneClient ozClient = null; |
| private static ObjectStore store = null; |
| private static OzoneManager ozoneManager; |
| private static StorageContainerLocationProtocolClientSideTranslatorPB |
| storageContainerLocationClient; |
| |
| private static final String SCM_ID = UUID.randomUUID().toString(); |
| private static File testDir; |
| private static OzoneConfiguration conf; |
| private static OzoneBlockTokenSecretManager secretManager; |
| |
| /** |
| * Create a MiniOzoneCluster for testing. |
| * <p> |
| * Ozone is made active by setting OZONE_ENABLED = true |
| * |
| * @throws IOException |
| */ |
| @BeforeClass |
| public static void init() throws Exception { |
| testDir = GenericTestUtils.getTestDir( |
| TestSecureOzoneRpcClient.class.getSimpleName()); |
| OzoneManager.setTestSecureOmFlag(true); |
| conf = new OzoneConfiguration(); |
| conf.set(HddsConfigKeys.OZONE_METADATA_DIRS, testDir.getAbsolutePath()); |
| conf.setInt(ScmConfigKeys.OZONE_SCM_PIPELINE_OWNER_CONTAINER_COUNT, 1); |
| conf.setBoolean(HddsConfigKeys.HDDS_BLOCK_TOKEN_ENABLED, true); |
| conf.set(OZONE_METADATA_DIRS, testDir.getAbsolutePath()); |
| CertificateClientTestImpl certificateClientTest = |
| new CertificateClientTestImpl(conf); |
| cluster = MiniOzoneCluster.newBuilder(conf) |
| .setNumDatanodes(10) |
| .setScmId(SCM_ID) |
| .setCertificateClient(certificateClientTest) |
| .build(); |
| String user = UserGroupInformation.getCurrentUser().getShortUserName(); |
| secretManager = new OzoneBlockTokenSecretManager(new SecurityConfig(conf), |
| 60 *60, certificateClientTest.getCertificate(). |
| getSerialNumber().toString()); |
| secretManager.start(certificateClientTest); |
| Token<OzoneBlockTokenIdentifier> token = secretManager.generateToken( |
| user, EnumSet.allOf(AccessModeProto.class), 60*60); |
| UserGroupInformation.getCurrentUser().addToken(token); |
| cluster.getOzoneManager().startSecretManager(); |
| cluster.waitForClusterToBeReady(); |
| ozClient = OzoneClientFactory.getRpcClient(conf); |
| store = ozClient.getObjectStore(); |
| storageContainerLocationClient = |
| cluster.getStorageContainerLocationClient(); |
| ozoneManager = cluster.getOzoneManager(); |
| TestOzoneRpcClient.setCluster(cluster); |
| TestOzoneRpcClient.setOzClient(ozClient); |
| TestOzoneRpcClient.setOzoneManager(ozoneManager); |
| TestOzoneRpcClient.setStorageContainerLocationClient( |
| storageContainerLocationClient); |
| TestOzoneRpcClient.setStore(store); |
| TestOzoneRpcClient.setScmId(SCM_ID); |
| } |
| |
| /** |
| * Tests successful completion of following operations when grpc block |
| * token is used. |
| * 1. getKey |
| * 2. writeChunk |
| * */ |
| @Test |
| public void testPutKeySuccessWithBlockToken() throws Exception { |
| String volumeName = UUID.randomUUID().toString(); |
| String bucketName = UUID.randomUUID().toString(); |
| long currentTime = Time.now(); |
| |
| String value = "sample value"; |
| store.createVolume(volumeName); |
| OzoneVolume volume = store.getVolume(volumeName); |
| volume.createBucket(bucketName); |
| OzoneBucket bucket = volume.getBucket(bucketName); |
| |
| for (int i = 0; i < 10; i++) { |
| String keyName = UUID.randomUUID().toString(); |
| |
| try (OzoneOutputStream out = bucket.createKey(keyName, |
| value.getBytes().length, ReplicationType.STAND_ALONE, |
| ReplicationFactor.ONE, new HashMap<>())) { |
| out.write(value.getBytes()); |
| } |
| |
| OzoneKey key = bucket.getKey(keyName); |
| Assert.assertEquals(keyName, key.getName()); |
| byte[] fileContent; |
| try(OzoneInputStream is = bucket.readKey(keyName)) { |
| fileContent = new byte[value.getBytes().length]; |
| is.read(fileContent); |
| } |
| |
| Assert.assertTrue(verifyRatisReplication(volumeName, bucketName, |
| keyName, ReplicationType.STAND_ALONE, |
| ReplicationFactor.ONE)); |
| Assert.assertEquals(value, new String(fileContent)); |
| Assert.assertTrue(key.getCreationTime() >= currentTime); |
| Assert.assertTrue(key.getModificationTime() >= currentTime); |
| } |
| } |
| |
| /** |
| * Tests failure in following operations when grpc block token is |
| * not present. |
| * 1. getKey |
| * 2. writeChunk |
| * */ |
| @Test |
| @Ignore("Needs to be moved out of this class as client setup is static") |
| public void testKeyOpFailureWithoutBlockToken() throws Exception { |
| String volumeName = UUID.randomUUID().toString(); |
| String bucketName = UUID.randomUUID().toString(); |
| String value = "sample value"; |
| BlockTokenVerifier.setTestStub(true); |
| store.createVolume(volumeName); |
| OzoneVolume volume = store.getVolume(volumeName); |
| volume.createBucket(bucketName); |
| OzoneBucket bucket = volume.getBucket(bucketName); |
| |
| for (int i = 0; i < 10; i++) { |
| String keyName = UUID.randomUUID().toString(); |
| |
| try (OzoneOutputStream out = bucket.createKey(keyName, |
| value.getBytes().length, ReplicationType.STAND_ALONE, |
| ReplicationFactor.ONE, new HashMap<>())) { |
| LambdaTestUtils.intercept(IOException.class, "UNAUTHENTICATED: Fail " + |
| "to find any token ", |
| () -> out.write(value.getBytes())); |
| } |
| |
| OzoneKey key = bucket.getKey(keyName); |
| Assert.assertEquals(keyName, key.getName()); |
| LambdaTestUtils.intercept(IOException.class, "Failed to authenticate" + |
| " with GRPC XceiverServer with Ozone block token.", |
| () -> bucket.readKey(keyName)); |
| } |
| BlockTokenVerifier.setTestStub(false); |
| } |
| |
| private boolean verifyRatisReplication(String volumeName, String bucketName, |
| String keyName, ReplicationType type, ReplicationFactor factor) |
| throws IOException { |
| OmKeyArgs keyArgs = new OmKeyArgs.Builder() |
| .setVolumeName(volumeName) |
| .setBucketName(bucketName) |
| .setKeyName(keyName) |
| .setRefreshPipeline(true) |
| .build(); |
| HddsProtos.ReplicationType replicationType = |
| HddsProtos.ReplicationType.valueOf(type.toString()); |
| HddsProtos.ReplicationFactor replicationFactor = |
| HddsProtos.ReplicationFactor.valueOf(factor.getValue()); |
| OmKeyInfo keyInfo = ozoneManager.lookupKey(keyArgs); |
| for (OmKeyLocationInfo info: |
| keyInfo.getLatestVersionLocations().getLocationList()) { |
| ContainerInfo container = |
| storageContainerLocationClient.getContainer(info.getContainerID()); |
| if (!container.getReplicationFactor().equals(replicationFactor) || ( |
| container.getReplicationType() != replicationType)) { |
| return false; |
| } |
| } |
| return true; |
| } |
| |
| /** |
| * Close OzoneClient and shutdown MiniOzoneCluster. |
| */ |
| @AfterClass |
| public static void shutdown() throws IOException { |
| if(ozClient != null) { |
| ozClient.close(); |
| } |
| |
| if (storageContainerLocationClient != null) { |
| storageContainerLocationClient.close(); |
| } |
| |
| if (cluster != null) { |
| cluster.shutdown(); |
| } |
| } |
| |
| } |