-
Notifications
You must be signed in to change notification settings - Fork 616
HDDS-11041. Add admin request filter for S3 requests and UGI support for GrpcOmTransport #7268
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 33 commits
Commits
Show all changes
35 commits
Select commit
Hold shift + click to select a range
8a242b0
HDDS-11041. Add admin request filter for S3 requests and passing UGI …
spacemonkd b9002fb
Fixed checkstyle issues
spacemonkd d5272f5
Using OzoneConfigUtils to fetch s3 admins
spacemonkd 932fffc
Addressed codestyle review comments
spacemonkd a0ac299
Add common utils to fetch S3 admin users
spacemonkd 065f9fd
Added unauthorized test scenarios and fixed code style
spacemonkd 4a3c3d5
Fixed findbug issues
spacemonkd cf3c4e3
Mock ContainerRequestContext
spacemonkd ff14d26
Addressed review comments
spacemonkd 8e93f5c
Addressed review comments
spacemonkd 44bad3b
Addressed checkstyle and RAT issues
spacemonkd e0e8748
Addressed checkstyle issues
spacemonkd 664489a
Fixed test verification and RPC failover config
spacemonkd f8a4e2b
Fixed tests
spacemonkd 0a32667
Fixed checkstyles
spacemonkd db908fb
Fixed checkstyles
spacemonkd 2daecc9
Added test coverage for S3 admin utils
spacemonkd e67269e
Fixed checkstyle issue
spacemonkd d2653a5
Fixed build issues
spacemonkd 9c9a9da
Fixed checkstyle issues
spacemonkd fb6dcb9
Fix tests
spacemonkd 30e55e2
Add newline at file end for checkstyles
spacemonkd f4cfed4
Remove print line
spacemonkd ad12dfe
Re-enable robot tests and add robot tests for non-admin user
spacemonkd bf6fb02
Refactor S3 config utils to hdds-framework
spacemonkd e2f9248
Fixed checkstyle issues
spacemonkd 2acffda
Refactored createOMProxy to parent provider and enabled GrpcOmTranspo…
spacemonkd c52deae
Removed unused imports and variables
spacemonkd 3a60637
Add fallback value to OM transport and set it to Hadoop3OmTransport i…
spacemonkd 9e8c64e
Addressed review comments
spacemonkd c674834
Fixed checkstyles
spacemonkd bd8e47d
Fixed test issues
spacemonkd c331c99
Fixed checkstyle issues
spacemonkd e569e5f
Addressed review comments
spacemonkd bf5b181
Fix findbugs
adoroszlai File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
122 changes: 122 additions & 0 deletions
122
hadoop-hdds/framework/src/test/java/org/apache/hadoop/hdds/server/TestOzoneAdmins.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,122 @@ | ||
| /* | ||
| * Licensed to the Apache Software Foundation (ASF) under one or more | ||
| * contributor license agreements. See the NOTICE file distributed with this | ||
| * work for additional information regarding copyright ownership. The ASF | ||
| * licenses this file to you under the Apache License, Version 2.0 (the | ||
| * "License"); you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * <p> | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * <p> | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
| * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
| * License for the specific language governing permissions and limitations under | ||
| * the License. | ||
| * | ||
| */ | ||
|
|
||
| package org.apache.hadoop.hdds.server; | ||
|
|
||
| import org.apache.hadoop.hdds.conf.OzoneConfiguration; | ||
| import org.apache.hadoop.ozone.OzoneConfigKeys; | ||
| import org.apache.hadoop.security.UserGroupInformation; | ||
| import org.junit.jupiter.params.ParameterizedTest; | ||
| import org.junit.jupiter.params.provider.CsvSource; | ||
| import org.junit.jupiter.params.provider.ValueSource; | ||
|
|
||
| import java.io.IOException; | ||
| import java.util.Arrays; | ||
|
|
||
| import static org.assertj.core.api.Assertions.assertThat; | ||
|
|
||
| /** | ||
| * This class is to test the utilities present in the OzoneAdmins class. | ||
| */ | ||
| class TestOzoneAdmins { | ||
|
spacemonkd marked this conversation as resolved.
spacemonkd marked this conversation as resolved.
|
||
| // The following set of tests are to validate the S3 based utilities present in OzoneAdmins | ||
| @ParameterizedTest | ||
| @ValueSource(strings = {OzoneConfigKeys.OZONE_S3_ADMINISTRATORS, | ||
| OzoneConfigKeys.OZONE_ADMINISTRATORS}) | ||
| void testS3AdminExtraction(String configKey) throws IOException { | ||
| OzoneConfiguration configuration = new OzoneConfiguration(); | ||
| configuration.set(configKey, "alice,bob"); | ||
|
|
||
| assertThat(OzoneAdmins.getS3AdminsFromConfig(configuration)) | ||
| .containsAll(Arrays.asList("alice", "bob")); | ||
| } | ||
|
|
||
| @ParameterizedTest | ||
| @ValueSource(strings = {OzoneConfigKeys.OZONE_S3_ADMINISTRATORS_GROUPS, | ||
| OzoneConfigKeys.OZONE_ADMINISTRATORS_GROUPS}) | ||
| void testS3AdminGroupExtraction(String configKey) { | ||
| OzoneConfiguration configuration = new OzoneConfiguration(); | ||
| configuration.set(configKey, "test1, test2"); | ||
|
|
||
| assertThat(OzoneAdmins.getS3AdminsGroupsFromConfig(configuration)) | ||
| .containsAll(Arrays.asList("test1", "test2")); | ||
| } | ||
|
|
||
| @ParameterizedTest | ||
| @CsvSource({ | ||
| OzoneConfigKeys.OZONE_ADMINISTRATORS + ", " + OzoneConfigKeys.OZONE_ADMINISTRATORS_GROUPS, | ||
| OzoneConfigKeys.OZONE_S3_ADMINISTRATORS + ", " + OzoneConfigKeys.OZONE_S3_ADMINISTRATORS_GROUPS | ||
| }) | ||
| void testIsAdmin(String adminKey, String adminGroupKey) { | ||
| // When there is no S3 admin, but Ozone admins present | ||
| OzoneConfiguration configuration = new OzoneConfiguration(); | ||
| configuration.set(adminKey, "alice"); | ||
| configuration.set(adminGroupKey, "test_group"); | ||
|
|
||
| OzoneAdmins admins = OzoneAdmins.getS3Admins(configuration); | ||
| UserGroupInformation ugi = UserGroupInformation.createUserForTesting( | ||
| "alice", new String[] {"test_group"}); | ||
|
|
||
| assertThat(admins.isAdmin(ugi)).isEqualTo(true); | ||
|
|
||
| // Test that when a user is present in an admin group but not an Ozone Admin | ||
| UserGroupInformation ugiGroupOnly = UserGroupInformation.createUserForTesting( | ||
| "bob", new String[] {"test_group"}); | ||
| assertThat(admins.isAdmin(ugiGroupOnly)).isEqualTo(true); | ||
| } | ||
|
|
||
| @ParameterizedTest | ||
| @ValueSource(booleans = {true, false}) | ||
| void testIsAdminWithUgi(boolean isAdminSet) { | ||
| OzoneConfiguration configuration = new OzoneConfiguration(); | ||
| if (isAdminSet) { | ||
| configuration.set(OzoneConfigKeys.OZONE_ADMINISTRATORS, "alice"); | ||
| configuration.set(OzoneConfigKeys.OZONE_ADMINISTRATORS_GROUPS, "test_group"); | ||
| } | ||
| OzoneAdmins admins = OzoneAdmins.getS3Admins(configuration); | ||
| UserGroupInformation ugi = UserGroupInformation.createUserForTesting( | ||
| "alice", new String[] {"test_group"}); | ||
| // Test that when a user is present in an admin group but not an Ozone Admin | ||
| UserGroupInformation ugiGroupOnly = UserGroupInformation.createUserForTesting( | ||
| "bob", new String[] {"test_group"}); | ||
|
|
||
| assertThat(admins.isAdmin(ugi)).isEqualTo(isAdminSet); | ||
| assertThat(admins.isAdmin(ugiGroupOnly)).isEqualTo(isAdminSet); | ||
| } | ||
|
|
||
| @ParameterizedTest | ||
| @ValueSource(booleans = {true, false}) | ||
| void testIsS3AdminWithUgiAndConfiguration(boolean isAdminSet) { | ||
| OzoneConfiguration configuration = new OzoneConfiguration(); | ||
| if (isAdminSet) { | ||
| configuration.set(OzoneConfigKeys.OZONE_S3_ADMINISTRATORS, "alice"); | ||
| configuration.set(OzoneConfigKeys.OZONE_S3_ADMINISTRATORS_GROUPS, "test_group"); | ||
| UserGroupInformation ugi = UserGroupInformation.createUserForTesting( | ||
| "alice", new String[] {"test_group"}); | ||
| // Scenario when user is present in an admin group but not an Ozone Admin | ||
| UserGroupInformation ugiGroupOnly = UserGroupInformation.createUserForTesting( | ||
| "bob", new String[] {"test_group"}); | ||
|
|
||
| assertThat(OzoneAdmins.isS3Admin(ugi, configuration)).isEqualTo(true); | ||
| assertThat(OzoneAdmins.isS3Admin(ugiGroupOnly, configuration)).isEqualTo(true); | ||
| } else { | ||
| assertThat(OzoneAdmins.isS3Admin(null, configuration)).isEqualTo(false); | ||
| } | ||
|
|
||
| } | ||
| } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.