This is an automated email from the ASF dual-hosted git repository.
adoroszlai pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git
The following commit(s) were added to refs/heads/master by this push:
new 799b20a08b HDDS-5506. Use secure cluster for upgrade acceptance tests
(#5585)
799b20a08b is described below
commit 799b20a08bf2e9746db2984da0cfcceabccce228
Author: Doroszlai, Attila <[email protected]>
AuthorDate: Wed Nov 29 09:03:14 2023 +0100
HDDS-5506. Use secure cluster for upgrade acceptance tests (#5585)
---
.../dist/src/main/compose/common/security.conf | 105 +++++++++++++++++++++
.../dist/src/main/compose/upgrade/compose/ha/.env | 2 +
.../compose/upgrade/compose/ha/docker-compose.yaml | 76 ++++++++++++++-
.../main/compose/upgrade/compose/ha/docker-config | 6 +-
.../upgrade/compose/ha/{load.sh => krb5.conf} | 33 ++++---
.../src/main/compose/upgrade/compose/ha/load.sh | 3 +-
.../src/main/smoketest/ec/upgrade-ec-check.robot | 3 +-
.../dist/src/main/smoketest/s3/commonawslib.robot | 8 +-
.../snapshot/upgrade-snapshot-check.robot | 1 +
.../dist/src/main/smoketest/upgrade/generate.robot | 6 +-
.../dist/src/main/smoketest/upgrade/validate.robot | 7 +-
11 files changed, 222 insertions(+), 28 deletions(-)
diff --git a/hadoop-ozone/dist/src/main/compose/common/security.conf
b/hadoop-ozone/dist/src/main/compose/common/security.conf
new file mode 100644
index 0000000000..7b74224e60
--- /dev/null
+++ b/hadoop-ozone/dist/src/main/compose/common/security.conf
@@ -0,0 +1,105 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# For HttpFS service it is required to enable proxying users.
+CORE-SITE.XML_hadoop.proxyuser.httpfs.hosts=*
+CORE-SITE.XML_hadoop.proxyuser.httpfs.groups=*
+
+CORE-SITE.XML_dfs.data.transfer.protection=authentication
+CORE-SITE.XML_hadoop.security.authentication=kerberos
+CORE-SITE.XML_hadoop.security.auth_to_local="DEFAULT"
+CORE-SITE.XML_hadoop.security.key.provider.path=kms://http@kms:9600/kms
+
+OZONE-SITE.XML_hdds.scm.kerberos.principal=scm/[email protected]
+OZONE-SITE.XML_hdds.scm.kerberos.keytab.file=/etc/security/keytabs/scm.keytab
+OZONE-SITE.XML_ozone.om.kerberos.principal=om/[email protected]
+OZONE-SITE.XML_ozone.om.kerberos.keytab.file=/etc/security/keytabs/om.keytab
+OZONE-SITE.XML_ozone.recon.kerberos.keytab.file=/etc/security/keytabs/recon.keytab
+OZONE-SITE.XML_ozone.recon.kerberos.principal=recon/[email protected]
+
+OZONE-SITE.XML_ozone.s3g.kerberos.keytab.file=/etc/security/keytabs/s3g.keytab
+OZONE-SITE.XML_ozone.s3g.kerberos.principal=s3g/[email protected]
+
+OZONE-SITE.XML_ozone.httpfs.kerberos.keytab.file=/etc/security/keytabs/httpfs.keytab
+OZONE-SITE.XML_ozone.httpfs.kerberos.principal=httpfs/[email protected]
+
+HDFS-SITE.XML_dfs.datanode.kerberos.principal=dn/[email protected]
+HDFS-SITE.XML_dfs.datanode.kerberos.keytab.file=/etc/security/keytabs/dn.keytab
+HDFS-SITE.XML_dfs.web.authentication.kerberos.principal=HTTP/[email protected]
+HDFS-SITE.XML_dfs.web.authentication.kerberos.keytab=/etc/security/keytabs/HTTP.keytab
+
+OZONE-SITE.XML_hdds.block.token.enabled=true
+OZONE-SITE.XML_hdds.container.token.enabled=true
+OZONE-SITE.XML_hdds.grpc.tls.enabled=true
+OZONE-SITE.XML_ozone.security.enabled=true
+OZONE-SITE.XML_ozone.acl.enabled=true
+OZONE-SITE.XML_ozone.acl.authorizer.class=org.apache.hadoop.ozone.security.acl.OzoneNativeAuthorizer
+OZONE-SITE.XML_ozone.administrators="testuser,recon,om"
+OZONE-SITE.XML_ozone.s3.administrators="testuser,s3g"
+OZONE-SITE.XML_ozone.security.http.kerberos.enabled=true
+OZONE-SITE.XML_ozone.s3g.secret.http.enabled=true
+OZONE-SITE.XML_ozone.http.filter.initializers=org.apache.hadoop.security.AuthenticationFilterInitializer
+
+OZONE-SITE.XML_hdds.secret.key.rotate.duration=5m
+OZONE-SITE.XML_hdds.secret.key.rotate.check.duration=1m
+OZONE-SITE.XML_hdds.secret.key.expiry.duration=1h
+
+OZONE-SITE.XML_ozone.om.http.auth.type=kerberos
+OZONE-SITE.XML_hdds.scm.http.auth.type=kerberos
+OZONE-SITE.XML_hdds.datanode.http.auth.type=kerberos
+OZONE-SITE.XML_ozone.s3g.http.auth.type=kerberos
+OZONE-SITE.XML_ozone.s3g.secret.http.auth.type=kerberos
+OZONE-SITE.XML_ozone.httpfs.http.auth.type=kerberos
+OZONE-SITE.XML_ozone.recon.http.auth.type=kerberos
+
+OZONE-SITE.XML_hdds.scm.http.auth.kerberos.principal=HTTP/[email protected]
+OZONE-SITE.XML_hdds.scm.http.auth.kerberos.keytab=/etc/security/keytabs/HTTP.keytab
+OZONE-SITE.XML_ozone.om.http.auth.kerberos.principal=HTTP/[email protected]
+OZONE-SITE.XML_ozone.om.http.auth.kerberos.keytab=/etc/security/keytabs/HTTP.keytab
+OZONE-SITE.XML_hdds.datanode.http.auth.kerberos.principal=HTTP/[email protected]
+OZONE-SITE.XML_hdds.datanode.http.auth.kerberos.keytab=/etc/security/keytabs/HTTP.keytab
+OZONE-SITE.XML_ozone.s3g.http.auth.kerberos.keytab=/etc/security/keytabs/HTTP.keytab
+OZONE-SITE.XML_ozone.s3g.http.auth.kerberos.principal=HTTP/[email protected]
+OZONE-SITE.XML_ozone.httpfs.http.auth.kerberos.keytab=/etc/security/keytabs/httpfs.keytab
+OZONE-SITE.XML_ozone.httpfs.http.auth.kerberos.principal=HTTP/[email protected]
+OZONE-SITE.XML_ozone.recon.http.auth.kerberos.principal=HTTP/[email protected]
+OZONE-SITE.XML_ozone.recon.http.auth.kerberos.keytab=/etc/security/keytabs/recon.keytab
+OZONE-SITE.XML_ozone.recon.http.auth.kerberos.keytab=/etc/security/keytabs/recon.keytab
+
+CORE-SITE.XML_hadoop.http.authentication.simple.anonymous.allowed=false
+CORE-SITE.XML_hadoop.http.authentication.signature.secret.file=/etc/security/http_secret
+CORE-SITE.XML_hadoop.http.authentication.type=kerberos
+CORE-SITE.XML_hadoop.http.authentication.kerberos.principal=HTTP/[email protected]
+CORE-SITE.XML_hadoop.http.authentication.kerberos.keytab=/etc/security/keytabs/HTTP.keytab
+
+CORE-SITE.XML_hadoop.security.authorization=true
+HADOOP-POLICY.XML_ozone.om.security.client.protocol.acl=*
+HADOOP-POLICY.XML_hdds.security.client.datanode.container.protocol.acl=*
+HADOOP-POLICY.XML_hdds.security.client.scm.container.protocol.acl=*
+HADOOP-POLICY.XML_hdds.security.client.scm.block.protocol.acl=*
+HADOOP-POLICY.XML_hdds.security.client.scm.certificate.protocol.acl=*
+
+HTTPFS-SITE.XML_hadoop.http.authentication.type=kerberos
+HTTPFS-SITE.XML_hadoop.http.authentication.kerberos.keytab=/etc/security/keytabs/httpfs.keytab
+HTTPFS-SITE.XML_hadoop.http.authentication.kerberos.principal=HTTP/[email protected]
+HTTPFS-SITE.XML_httpfs.hadoop.authentication.type=kerberos
+HTTPFS-SITE.XML_httpfs.hadoop.authentication.kerberos.keytab=/etc/security/keytabs/httpfs.keytab
+HTTPFS-SITE.XML_httpfs.hadoop.authentication.kerberos.principal=httpfs/[email protected]
+KMS-SITE.XML_hadoop.kms.proxyuser.s3g.users=*
+KMS-SITE.XML_hadoop.kms.proxyuser.s3g.groups=*
+KMS-SITE.XML_hadoop.kms.proxyuser.s3g.hosts=*
+
+OZONE_DATANODE_SECURE_USER=root
diff --git a/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/.env
b/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/.env
index 4d1c35c3b2..4e01ec9241 100644
--- a/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/.env
+++ b/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/.env
@@ -14,10 +14,12 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+HADOOP_VERSION=${hadoop.version}
HDDS_VERSION=${hdds.version}
OZONE_RUNNER_VERSION=${docker.ozone-runner.version}
OZONE_RUNNER_IMAGE=apache/ozone-runner
OZONE_IMAGE=apache/ozone-runner:${docker.ozone-runner.version}
+OZONE_TESTKRB5_IMAGE=${docker.ozone-testkr5b.image}
OZONE_DIR=/opt/hadoop
OZONE_VOLUME=./data
OM_SERVICE_ID=omservice
diff --git
a/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/docker-compose.yaml
b/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/docker-compose.yaml
index f7fea2f562..186228fe60 100644
--- a/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/docker-compose.yaml
+++ b/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/docker-compose.yaml
@@ -21,6 +21,7 @@ x-common-config:
&common-config
env_file:
- docker-config
+ - ../../../common/security.conf
image: ${OZONE_IMAGE}
x-environment:
@@ -29,6 +30,7 @@ x-environment:
OZONE_UPGRADE_TO: ${OZONE_UPGRADE_TO:-0}
OZONE_UPGRADE_FROM: ${OZONE_UPGRADE_FROM:-0}
OZONE-SITE.XML_hdds.scm.safemode.min.datanode:
${OZONE_SAFEMODE_MIN_DATANODES:-1}
+ WAITFOR: kdc:88
x-datanode:
&datanode
@@ -59,35 +61,75 @@ x-om:
- 9872
x-volumes:
+ - &keytabs ../../../_keytabs:/etc/security/keytabs
+ - &krb5conf ./krb5.conf:/etc/krb5.conf
- &ozone-dir ../../../..:${OZONE_DIR}
- &transformation
../../../../libexec/transformation.py:/opt/hadoop/libexec/transformation.py
services:
+ kdc:
+ command: ["krb5kdc","-n"]
+ hostname: kdc
+ image: ${OZONE_TESTKRB5_IMAGE}
+ networks:
+ net:
+ ipv4_address: 10.9.0.2
+ volumes:
+ - *keytabs
+ - ../../../..:/opt/hadoop
+ kms:
+ command: ["hadoop", "kms"]
+ hostname: kms
+ env_file:
+ - docker-config
+ environment:
+ HADOOP_CONF_DIR: /opt/hadoop/etc/hadoop
+ image: apache/hadoop:${HADOOP_VERSION}
+ networks:
+ net:
+ ipv4_address: 10.9.0.3
+ ports:
+ - 9600:9600
+ volumes:
+ - ${OZONE_VOLUME}/kms:/data
+ - *keytabs
+ - *krb5conf
+ - ../../../..:/opt/ozone
+ - *transformation
om1:
<<: *om
+ hostname: om1
networks:
net:
ipv4_address: 10.9.0.11
volumes:
- ${OZONE_VOLUME}/om1:/data
+ - *keytabs
+ - *krb5conf
- *ozone-dir
- *transformation
om2:
<<: *om
+ hostname: om2
networks:
net:
ipv4_address: 10.9.0.12
volumes:
- ${OZONE_VOLUME}/om2:/data
+ - *keytabs
+ - *krb5conf
- *ozone-dir
- *transformation
om3:
<<: *om
+ hostname: om3
networks:
net:
ipv4_address: 10.9.0.13
volumes:
- ${OZONE_VOLUME}/om3:/data
+ - *keytabs
+ - *krb5conf
- *ozone-dir
- *transformation
@@ -96,83 +138,107 @@ services:
environment:
ENSURE_SCM_INITIALIZED: /data/metadata/scm/current/VERSION
<<: *environment
+ hostname: scm1.org
networks:
net:
ipv4_address: 10.9.0.14
volumes:
- ${OZONE_VOLUME}/scm1:/data
+ - *keytabs
+ - *krb5conf
- *ozone-dir
- *transformation
scm2:
<<: *scm
environment:
- WAITFOR: scm1:9894
+ WAITFOR: scm1.org:9894
ENSURE_SCM_BOOTSTRAPPED: /data/metadata/scm/current/VERSION
<<: *environment
+ hostname: scm2.org
networks:
net:
ipv4_address: 10.9.0.15
volumes:
- ${OZONE_VOLUME}/scm2:/data
+ - *keytabs
+ - *krb5conf
- *ozone-dir
- *transformation
scm3:
<<: *scm
environment:
- WAITFOR: scm2:9894
+ WAITFOR: scm2.org:9894
ENSURE_SCM_BOOTSTRAPPED: /data/metadata/scm/current/VERSION
<<: *environment
+ hostname: scm3.org
networks:
net:
ipv4_address: 10.9.0.16
volumes:
- ${OZONE_VOLUME}/scm3:/data
+ - *keytabs
+ - *krb5conf
- *ozone-dir
- *transformation
dn1:
<<: *datanode
+ hostname: dn1
networks:
net:
ipv4_address: 10.9.0.17
volumes:
- ${OZONE_VOLUME}/dn1:/data
+ - *keytabs
+ - *krb5conf
- *ozone-dir
- *transformation
dn2:
<<: *datanode
+ hostname: dn2
networks:
net:
ipv4_address: 10.9.0.18
volumes:
- ${OZONE_VOLUME}/dn2:/data
+ - *keytabs
+ - *krb5conf
- *ozone-dir
- *transformation
dn3:
<<: *datanode
+ hostname: dn3
networks:
net:
ipv4_address: 10.9.0.19
volumes:
- ${OZONE_VOLUME}/dn3:/data
+ - *keytabs
+ - *krb5conf
- *ozone-dir
- *transformation
dn4:
<<: *datanode
+ hostname: dn4
networks:
net:
ipv4_address: 10.9.0.20
volumes:
- ${OZONE_VOLUME}/dn4:/data
+ - *keytabs
+ - *krb5conf
- *ozone-dir
- *transformation
dn5:
<<: *datanode
+ hostname: dn5
networks:
net:
ipv4_address: 10.9.0.21
volumes:
- ${OZONE_VOLUME}/dn5:/data
+ - *keytabs
+ - *krb5conf
- *ozone-dir
- *transformation
recon:
@@ -180,6 +246,7 @@ services:
<<: *common-config
environment:
<<: *environment
+ hostname: recon
networks:
net:
ipv4_address: 10.9.0.22
@@ -187,6 +254,8 @@ services:
- 9888:9888
volumes:
- ${OZONE_VOLUME}/recon:/data
+ - *keytabs
+ - *krb5conf
- *ozone-dir
- *transformation
s3g:
@@ -194,6 +263,7 @@ services:
<<: *common-config
environment:
<<: *environment
+ hostname: s3g
networks:
net:
ipv4_address: 10.9.0.23
@@ -201,6 +271,8 @@ services:
- 9878:9878
volumes:
- ${OZONE_VOLUME}/s3g:/data
+ - *keytabs
+ - *krb5conf
- *ozone-dir
- *transformation
diff --git
a/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/docker-config
b/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/docker-config
index a022f37c9a..e252ebecaf 100644
--- a/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/docker-config
+++ b/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/docker-config
@@ -27,9 +27,9 @@ OZONE-SITE.XML_ozone.om.ratis.enable=true
OZONE-SITE.XML_ozone.scm.service.ids=scmservice
OZONE-SITE.XML_ozone.scm.nodes.scmservice=scm1,scm2,scm3
-OZONE-SITE.XML_ozone.scm.address.scmservice.scm1=scm1
-OZONE-SITE.XML_ozone.scm.address.scmservice.scm2=scm2
-OZONE-SITE.XML_ozone.scm.address.scmservice.scm3=scm3
+OZONE-SITE.XML_ozone.scm.address.scmservice.scm1=scm1.org
+OZONE-SITE.XML_ozone.scm.address.scmservice.scm2=scm2.org
+OZONE-SITE.XML_ozone.scm.address.scmservice.scm3=scm3.org
OZONE-SITE.XML_ozone.scm.ratis.enable=true
OZONE-SITE.XML_ozone.scm.primordial.node.id=scm1
diff --git a/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/load.sh
b/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/krb5.conf
old mode 100755
new mode 100644
similarity index 63%
copy from hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/load.sh
copy to hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/krb5.conf
index 59ec12f4c6..eefc5b9c68
--- a/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/load.sh
+++ b/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/krb5.conf
@@ -1,4 +1,3 @@
-#!/usr/bin/env bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,16 +14,28 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-# Fail if required variables are not set.
-set -u
-: "${OZONE_VOLUME}"
-: "${TEST_DIR}"
-set +u
+[logging]
+default = FILE:/var/log/krb5libs.log
+kdc = FILE:/var/log/krb5kdc.log
+admin_server = FILE:/var/log/kadmind.log
-source "$TEST_DIR/testlib.sh"
+[libdefaults]
+ dns_canonicalize_hostname = false
+ dns_lookup_realm = false
+ ticket_lifetime = 24h
+ renew_lifetime = 7d
+ forwardable = true
+ rdns = false
+ default_realm = EXAMPLE.COM
-export COMPOSE_FILE="$TEST_DIR/compose/ha/docker-compose.yaml"
-export OM_SERVICE_ID=omservice
-create_data_dirs
"${OZONE_VOLUME}"/{om1,om2,om3,dn1,dn2,dn3,dn4,dn5,recon,s3g,scm1,scm2,scm3}
+[realms]
+ EXAMPLE.COM = {
+ kdc = kdc
+ admin_server = kdc
+ max_renewable_life = 7d
+ }
+
+[domain_realm]
+ .example.com = EXAMPLE.COM
+ example.com = EXAMPLE.COM
-echo "Using docker cluster defined in $COMPOSE_FILE"
diff --git a/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/load.sh
b/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/load.sh
index 59ec12f4c6..6b4241b289 100755
--- a/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/load.sh
+++ b/hadoop-ozone/dist/src/main/compose/upgrade/compose/ha/load.sh
@@ -25,6 +25,7 @@ source "$TEST_DIR/testlib.sh"
export COMPOSE_FILE="$TEST_DIR/compose/ha/docker-compose.yaml"
export OM_SERVICE_ID=omservice
-create_data_dirs
"${OZONE_VOLUME}"/{om1,om2,om3,dn1,dn2,dn3,dn4,dn5,recon,s3g,scm1,scm2,scm3}
+export SECURITY_ENABLED="true"
+create_data_dirs
"${OZONE_VOLUME}"/{om1,om2,om3,dn1,dn2,dn3,dn4,dn5,kms,recon,s3g,scm1,scm2,scm3}
echo "Using docker cluster defined in $COMPOSE_FILE"
diff --git a/hadoop-ozone/dist/src/main/smoketest/ec/upgrade-ec-check.robot
b/hadoop-ozone/dist/src/main/smoketest/ec/upgrade-ec-check.robot
index dbfd9e81eb..b365960ba5 100644
--- a/hadoop-ozone/dist/src/main/smoketest/ec/upgrade-ec-check.robot
+++ b/hadoop-ozone/dist/src/main/smoketest/ec/upgrade-ec-check.robot
@@ -17,6 +17,7 @@
Documentation Test EC during upgrade
Library OperatingSystem
Resource lib.resource
+Suite Setup Run Keyword if '${SECURITY_ENABLED}' == 'true' Kinit
test user testuser testuser.keytab
*** Test Cases ***
Test EC Prior To Finalization
@@ -42,4 +43,4 @@ Test EC After Finalization
Verify Bucket EC Replication Config
/ectest-new/testpropchange RS 3 2 1048576
Execute ozone sh key put -r rs-3-2-1024k -t EC
/ectest-new/ectest/core-site.xml /etc/hadoop/core-site.xml
Key Should Match Local File
/ectest-new/ectest/core-site.xml /etc/hadoop/core-site.xml
- Verify Key EC Replication Config
/ectest-new/ectest/core-site.xml RS 3 2 1048576
\ No newline at end of file
+ Verify Key EC Replication Config
/ectest-new/ectest/core-site.xml RS 3 2 1048576
diff --git a/hadoop-ozone/dist/src/main/smoketest/s3/commonawslib.robot
b/hadoop-ozone/dist/src/main/smoketest/s3/commonawslib.robot
index ae57bf82a8..c0b2c9f7bf 100644
--- a/hadoop-ozone/dist/src/main/smoketest/s3/commonawslib.robot
+++ b/hadoop-ozone/dist/src/main/smoketest/s3/commonawslib.robot
@@ -80,8 +80,12 @@ Setup v4 headers
Setup secure v4 headers
${result} = Execute and Ignore error ozone s3
getsecret ${OM_HA_PARAM}
- ${output} = Run Keyword And Return Status Should Contain
${result} S3_SECRET_ALREADY_EXISTS
- Return From Keyword if ${output}
+ ${exists} = Run Keyword And Return Status Should Contain
${result} S3_SECRET_ALREADY_EXISTS
+ IF ${exists}
+ Execute ozone s3 revokesecret -y ${OM_HA_PARAM}
+ ${result} = Execute ozone s3 getsecret ${OM_HA_PARAM}
+ END
+
${accessKey} = Get Regexp Matches ${result}
(?<=awsAccessKey=).*
# Use a valid user that are created in the Docket image Ex: testuser if it
is not a secure cluster
${accessKey} = Get Variable Value ${accessKey} testuser
diff --git
a/hadoop-ozone/dist/src/main/smoketest/snapshot/upgrade-snapshot-check.robot
b/hadoop-ozone/dist/src/main/smoketest/snapshot/upgrade-snapshot-check.robot
index 3391654744..6003e6dbb3 100644
--- a/hadoop-ozone/dist/src/main/smoketest/snapshot/upgrade-snapshot-check.robot
+++ b/hadoop-ozone/dist/src/main/smoketest/snapshot/upgrade-snapshot-check.robot
@@ -19,6 +19,7 @@ Library OperatingSystem
Library BuiltIn
Resource ../commonlib.robot
Default Tags pre-finalized-snapshot-tests
+Suite Setup Run Keyword if '${SECURITY_ENABLED}' == 'true' Kinit
test user testuser testuser.keytab
Test Timeout 5 minutes
*** Variables ***
diff --git a/hadoop-ozone/dist/src/main/smoketest/upgrade/generate.robot
b/hadoop-ozone/dist/src/main/smoketest/upgrade/generate.robot
index 2bfde82b04..3730e26586 100644
--- a/hadoop-ozone/dist/src/main/smoketest/upgrade/generate.robot
+++ b/hadoop-ozone/dist/src/main/smoketest/upgrade/generate.robot
@@ -19,6 +19,7 @@ Library OperatingSystem
Library BuiltIn
Resource ../commonlib.robot
Resource ../s3/commonawslib.robot
+Suite Setup Run Keyword if '${SECURITY_ENABLED}' == 'true' Kinit
test user testuser testuser.keytab
Test Timeout 5 minutes
*** Variables ***
@@ -49,11 +50,8 @@ Create key in the bucket in s3v volume
Should not contain ${output} Failed
Execute and checkrc rm /tmp/sourcekey 0
-Setup credentials for S3
- # TODO: Run "Setup secure v4 headers" instead when security is enabled
- Run Keyword Setup dummy credentials for S3
-
Try to create a bucket using S3 API
+ [setup] Setup v4 headers
# Note: S3 API returns error if the bucket already exists
${random} = Generate Ozone String
${output} = Create bucket with name ${PREFIX}-bucket-${random}
diff --git a/hadoop-ozone/dist/src/main/smoketest/upgrade/validate.robot
b/hadoop-ozone/dist/src/main/smoketest/upgrade/validate.robot
index 9f5b0a08bf..0205ba40e6 100644
--- a/hadoop-ozone/dist/src/main/smoketest/upgrade/validate.robot
+++ b/hadoop-ozone/dist/src/main/smoketest/upgrade/validate.robot
@@ -19,6 +19,7 @@ Library OperatingSystem
Library BuiltIn
Resource ../commonlib.robot
Resource ../s3/commonawslib.robot
+Suite Setup Run Keyword if '${SECURITY_ENABLED}' == 'true' Kinit
test user testuser testuser.keytab
Test Timeout 5 minutes
*** Variables ***
@@ -33,11 +34,8 @@ Read data from previously created key
Should contain ${output} ${PREFIX}: key created
using Ozone Shell
Execute and checkrc rm /tmp/key-${random} 0
-Setup credentials for S3
- # TODO: Run "Setup secure v4 headers" instead when security is enabled
- Run Keyword Setup dummy credentials for S3
-
Read key created with Ozone Shell using S3 API
+ [setup] Setup v4 headers
${output} = Execute AWSS3APICli and checkrc get-object --bucket
${PREFIX}-bucket --key key1-shell /tmp/get-result 0
Should contain ${output} "ContentLength"
${output} = Execute and checkrc cat /tmp/get-result 0
@@ -45,6 +43,7 @@ Read key created with Ozone Shell using S3 API
Execute and checkrc rm /tmp/get-result 0
Read key created with S3 API using S3 API
+ [setup] Setup v4 headers
${output} = Execute AWSS3APICli and checkrc get-object --bucket
${PREFIX}-bucket --key key2-s3api /tmp/get-result 0
Should contain ${output} "ContentLength"
${output} = Execute and checkrc cat /tmp/get-result 0
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
