From f4a509c6ec118169edb2450f23df5bf35d456262 Mon Sep 17 00:00:00 2001
From: Ivan Zlenko <241953+ivanzlenko@users.noreply.github.com>
Date: Fri, 21 Jun 2024 09:00:11 +0400
Subject: [PATCH 1/4] HDDS-11040. Temporary disable revoke/generate secret by
name methods in REST
---
.../main/smoketest/s3/secretgenerate.robot | 23 ++++++++++---------
.../src/main/smoketest/s3/secretrevoke.robot | 23 ++++++++++---------
.../s3secret/S3SecretManagementEndpoint.java | 8 +++++--
3 files changed, 30 insertions(+), 24 deletions(-)
diff --git a/hadoop-ozone/dist/src/main/smoketest/s3/secretgenerate.robot b/hadoop-ozone/dist/src/main/smoketest/s3/secretgenerate.robot
index 70dcfa1abed..0cc359f7628 100644
--- a/hadoop-ozone/dist/src/main/smoketest/s3/secretgenerate.robot
+++ b/hadoop-ozone/dist/src/main/smoketest/s3/secretgenerate.robot
@@ -44,14 +44,15 @@ S3 Gateway Secret Already Exists
${result} = Execute curl -X PUT --negotiate -u : -v ${ENDPOINT_URL}/secret
Should contain ${result} HTTP/1.1 400 S3_SECRET_ALREADY_EXISTS ignore_case=True
-S3 Gateway Generate Secret By Username
- Pass Execution If '${SECURITY_ENABLED}' == 'false' Skipping this check as security is not enabled
- ${result} = Execute curl -X PUT --negotiate -u : -v ${ENDPOINT_URL}/secret/testuser
- Should contain ${result} HTTP/1.1 200 OK ignore_case=True
- Should Match Regexp ${result} .*.*
-
-S3 Gateway Generate Secret By Username For Other User
- Pass Execution If '${SECURITY_ENABLED}' == 'false' Skipping this check as security is not enabled
- ${result} = Execute curl -X PUT --negotiate -u : -v ${ENDPOINT_URL}/secret/testuser2
- Should contain ${result} HTTP/1.1 200 OK ignore_case=True
- Should Match Regexp ${result} .*.*
\ No newline at end of file
+# TODO: Enable after HDDS-11041 is done.
+# S3 Gateway Generate Secret By Username
+# Pass Execution If '${SECURITY_ENABLED}' == 'false' Skipping this check as security is not enabled
+# ${result} = Execute curl -X PUT --negotiate -u : -v ${ENDPOINT_URL}/secret/testuser
+# Should contain ${result} HTTP/1.1 200 OK ignore_case=True
+# Should Match Regexp ${result} .*.*
+#
+# S3 Gateway Generate Secret By Username For Other User
+# Pass Execution If '${SECURITY_ENABLED}' == 'false' Skipping this check as security is not enabled
+# ${result} = Execute curl -X PUT --negotiate -u : -v ${ENDPOINT_URL}/secret/testuser2
+# Should contain ${result} HTTP/1.1 200 OK ignore_case=True
+# Should Match Regexp ${result} .*.*
\ No newline at end of file
diff --git a/hadoop-ozone/dist/src/main/smoketest/s3/secretrevoke.robot b/hadoop-ozone/dist/src/main/smoketest/s3/secretrevoke.robot
index 0f15f23067b..53a88aeaa97 100644
--- a/hadoop-ozone/dist/src/main/smoketest/s3/secretrevoke.robot
+++ b/hadoop-ozone/dist/src/main/smoketest/s3/secretrevoke.robot
@@ -37,14 +37,15 @@ S3 Gateway Revoke Secret
${result} = Execute curl -X DELETE --negotiate -u : -v ${ENDPOINT_URL}/secret
Should contain ${result} HTTP/1.1 200 OK ignore_case=True
-S3 Gateway Revoke Secret By Username
- Pass Execution If '${SECURITY_ENABLED}' == 'false' Skipping this check as security is not enabled
- Execute ozone s3 getsecret -u testuser ${OM_HA_PARAM}
- ${result} = Execute curl -X DELETE --negotiate -u : -v ${ENDPOINT_URL}/secret/testuser
- Should contain ${result} HTTP/1.1 200 OK ignore_case=True
-
-S3 Gateway Revoke Secret By Username For Other User
- Pass Execution If '${SECURITY_ENABLED}' == 'false' Skipping this check as security is not enabled
- Execute ozone s3 getsecret -u testuser2 ${OM_HA_PARAM}
- ${result} = Execute curl -X DELETE --negotiate -u : -v ${ENDPOINT_URL}/secret/testuser2
- Should contain ${result} HTTP/1.1 200 OK ignore_case=True
\ No newline at end of file
+# TODO: Enable after HDDS-11041 is done.
+# S3 Gateway Revoke Secret By Username
+# Pass Execution If '${SECURITY_ENABLED}' == 'false' Skipping this check as security is not enabled
+# Execute ozone s3 getsecret -u testuser ${OM_HA_PARAM}
+# ${result} = Execute curl -X DELETE --negotiate -u : -v ${ENDPOINT_URL}/secret/testuser
+# Should contain ${result} HTTP/1.1 200 OK ignore_case=True
+#
+# S3 Gateway Revoke Secret By Username For Other User
+# Pass Execution If '${SECURITY_ENABLED}' == 'false' Skipping this check as security is not enabled
+# Execute ozone s3 getsecret -u testuser2 ${OM_HA_PARAM}
+# ${result} = Execute curl -X DELETE --negotiate -u : -v ${ENDPOINT_URL}/secret/testuser2
+# Should contain ${result} HTTP/1.1 200 OK ignore_case=True
\ No newline at end of file
diff --git a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3secret/S3SecretManagementEndpoint.java b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3secret/S3SecretManagementEndpoint.java
index 9c9ccd227dc..27815ce3201 100644
--- a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3secret/S3SecretManagementEndpoint.java
+++ b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3secret/S3SecretManagementEndpoint.java
@@ -21,6 +21,7 @@
import org.apache.hadoop.ozone.audit.S3GAction;
import org.apache.hadoop.ozone.om.exceptions.OMException;
import org.apache.hadoop.ozone.om.helpers.S3SecretValue;
+import org.apache.hadoop.security.UserGroupInformation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -33,6 +34,7 @@
import java.io.IOException;
import static javax.ws.rs.core.Response.Status.BAD_REQUEST;
+import static javax.ws.rs.core.Response.Status.METHOD_NOT_ALLOWED;
import static javax.ws.rs.core.Response.Status.NOT_FOUND;
/**
@@ -53,7 +55,8 @@ public Response generate() throws IOException {
@Path("/{username}")
public Response generate(@PathParam("username") String username)
throws IOException {
- return generateInternal(username);
+ // TODO: It is a temporary solution. To be removed after HDDS-11041 is done.
+ return Response.status(METHOD_NOT_ALLOWED).build();
}
private Response generateInternal(@Nullable String username) throws IOException {
@@ -93,7 +96,8 @@ public Response revoke() throws IOException {
@Path("/{username}")
public Response revoke(@PathParam("username") String username)
throws IOException {
- return revokeInternal(username);
+ // TODO: It is a temporary solution. To be removed after HDDS-11041 is done.
+ return Response.status(METHOD_NOT_ALLOWED).build();
}
private Response revokeInternal(@Nullable String username)
From e6c5c40eaf82ea639cb931025f761259d490cb40 Mon Sep 17 00:00:00 2001
From: Ivan Zlenko <241953+ivanzlenko@users.noreply.github.com>
Date: Fri, 21 Jun 2024 09:44:52 +0400
Subject: [PATCH 2/4] Fix checkstyle
---
.../apache/hadoop/ozone/s3secret/S3SecretManagementEndpoint.java | 1 -
1 file changed, 1 deletion(-)
diff --git a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3secret/S3SecretManagementEndpoint.java b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3secret/S3SecretManagementEndpoint.java
index 27815ce3201..4ea17d2a2fd 100644
--- a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3secret/S3SecretManagementEndpoint.java
+++ b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3secret/S3SecretManagementEndpoint.java
@@ -21,7 +21,6 @@
import org.apache.hadoop.ozone.audit.S3GAction;
import org.apache.hadoop.ozone.om.exceptions.OMException;
import org.apache.hadoop.ozone.om.helpers.S3SecretValue;
-import org.apache.hadoop.security.UserGroupInformation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
From cb67773485de169233386dce2097ff199867556f Mon Sep 17 00:00:00 2001
From: "Doroszlai, Attila"
Date: Tue, 9 Jul 2024 21:01:03 +0200
Subject: [PATCH 3/4] disable test cases
---
.../org/apache/hadoop/ozone/s3secret/TestSecretGenerate.java | 2 ++
.../java/org/apache/hadoop/ozone/s3secret/TestSecretRevoke.java | 2 ++
2 files changed, 4 insertions(+)
diff --git a/hadoop-ozone/s3gateway/src/test/java/org/apache/hadoop/ozone/s3secret/TestSecretGenerate.java b/hadoop-ozone/s3gateway/src/test/java/org/apache/hadoop/ozone/s3secret/TestSecretGenerate.java
index 681452130a7..d1f81faddd2 100644
--- a/hadoop-ozone/s3gateway/src/test/java/org/apache/hadoop/ozone/s3secret/TestSecretGenerate.java
+++ b/hadoop-ozone/s3gateway/src/test/java/org/apache/hadoop/ozone/s3secret/TestSecretGenerate.java
@@ -33,6 +33,7 @@
import org.apache.hadoop.ozone.client.protocol.ClientProtocol;
import org.apache.hadoop.ozone.om.exceptions.OMException;
import org.apache.hadoop.ozone.om.helpers.S3SecretValue;
+import org.apache.ozone.test.tag.Unhealthy;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
@@ -111,6 +112,7 @@ void testIfSecretAlreadyExists() throws IOException {
}
@Test
+ @Unhealthy("HDDS-11041")
void testSecretGenerateWithUsername() throws IOException {
hasNoSecretYet();
diff --git a/hadoop-ozone/s3gateway/src/test/java/org/apache/hadoop/ozone/s3secret/TestSecretRevoke.java b/hadoop-ozone/s3gateway/src/test/java/org/apache/hadoop/ozone/s3secret/TestSecretRevoke.java
index b26df0e8996..85e6bd4c10e 100644
--- a/hadoop-ozone/s3gateway/src/test/java/org/apache/hadoop/ozone/s3secret/TestSecretRevoke.java
+++ b/hadoop-ozone/s3gateway/src/test/java/org/apache/hadoop/ozone/s3secret/TestSecretRevoke.java
@@ -30,6 +30,7 @@
import org.apache.hadoop.ozone.client.OzoneClient;
import org.apache.hadoop.ozone.client.OzoneClientStub;
import org.apache.hadoop.ozone.om.exceptions.OMException;
+import org.apache.ozone.test.tag.Unhealthy;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
@@ -97,6 +98,7 @@ void testSecretRevoke() throws IOException {
}
@Test
+ @Unhealthy("HDDS-11041")
void testSecretRevokeWithUsername() throws IOException {
endpoint.revoke(OTHER_USER_NAME);
verify(objectStore, times(1))
From a92430df5294dc9cdc5ed523c03a998ec2261985 Mon Sep 17 00:00:00 2001
From: "Doroszlai, Attila"
Date: Wed, 10 Jul 2024 08:36:03 +0200
Subject: [PATCH 4/4] skip robot tests instead of commenting
---
.../main/smoketest/s3/secretgenerate.robot | 25 ++++++++++---------
.../src/main/smoketest/s3/secretrevoke.robot | 25 ++++++++++---------
2 files changed, 26 insertions(+), 24 deletions(-)
diff --git a/hadoop-ozone/dist/src/main/smoketest/s3/secretgenerate.robot b/hadoop-ozone/dist/src/main/smoketest/s3/secretgenerate.robot
index 0cc359f7628..e9b5dd5df72 100644
--- a/hadoop-ozone/dist/src/main/smoketest/s3/secretgenerate.robot
+++ b/hadoop-ozone/dist/src/main/smoketest/s3/secretgenerate.robot
@@ -44,15 +44,16 @@ S3 Gateway Secret Already Exists
${result} = Execute curl -X PUT --negotiate -u : -v ${ENDPOINT_URL}/secret
Should contain ${result} HTTP/1.1 400 S3_SECRET_ALREADY_EXISTS ignore_case=True
-# TODO: Enable after HDDS-11041 is done.
-# S3 Gateway Generate Secret By Username
-# Pass Execution If '${SECURITY_ENABLED}' == 'false' Skipping this check as security is not enabled
-# ${result} = Execute curl -X PUT --negotiate -u : -v ${ENDPOINT_URL}/secret/testuser
-# Should contain ${result} HTTP/1.1 200 OK ignore_case=True
-# Should Match Regexp ${result} .*.*
-#
-# S3 Gateway Generate Secret By Username For Other User
-# Pass Execution If '${SECURITY_ENABLED}' == 'false' Skipping this check as security is not enabled
-# ${result} = Execute curl -X PUT --negotiate -u : -v ${ENDPOINT_URL}/secret/testuser2
-# Should contain ${result} HTTP/1.1 200 OK ignore_case=True
-# Should Match Regexp ${result} .*.*
\ No newline at end of file
+S3 Gateway Generate Secret By Username
+ [Tags] robot:skip # TODO: Enable after HDDS-11041 is done.
+ Pass Execution If '${SECURITY_ENABLED}' == 'false' Skipping this check as security is not enabled
+ ${result} = Execute curl -X PUT --negotiate -u : -v ${ENDPOINT_URL}/secret/testuser
+ Should contain ${result} HTTP/1.1 200 OK ignore_case=True
+ Should Match Regexp ${result} .*.*
+
+S3 Gateway Generate Secret By Username For Other User
+ [Tags] robot:skip # TODO: Enable after HDDS-11041 is done.
+ Pass Execution If '${SECURITY_ENABLED}' == 'false' Skipping this check as security is not enabled
+ ${result} = Execute curl -X PUT --negotiate -u : -v ${ENDPOINT_URL}/secret/testuser2
+ Should contain ${result} HTTP/1.1 200 OK ignore_case=True
+ Should Match Regexp ${result} .*.*
diff --git a/hadoop-ozone/dist/src/main/smoketest/s3/secretrevoke.robot b/hadoop-ozone/dist/src/main/smoketest/s3/secretrevoke.robot
index 53a88aeaa97..59725c0416c 100644
--- a/hadoop-ozone/dist/src/main/smoketest/s3/secretrevoke.robot
+++ b/hadoop-ozone/dist/src/main/smoketest/s3/secretrevoke.robot
@@ -37,15 +37,16 @@ S3 Gateway Revoke Secret
${result} = Execute curl -X DELETE --negotiate -u : -v ${ENDPOINT_URL}/secret
Should contain ${result} HTTP/1.1 200 OK ignore_case=True
-# TODO: Enable after HDDS-11041 is done.
-# S3 Gateway Revoke Secret By Username
-# Pass Execution If '${SECURITY_ENABLED}' == 'false' Skipping this check as security is not enabled
-# Execute ozone s3 getsecret -u testuser ${OM_HA_PARAM}
-# ${result} = Execute curl -X DELETE --negotiate -u : -v ${ENDPOINT_URL}/secret/testuser
-# Should contain ${result} HTTP/1.1 200 OK ignore_case=True
-#
-# S3 Gateway Revoke Secret By Username For Other User
-# Pass Execution If '${SECURITY_ENABLED}' == 'false' Skipping this check as security is not enabled
-# Execute ozone s3 getsecret -u testuser2 ${OM_HA_PARAM}
-# ${result} = Execute curl -X DELETE --negotiate -u : -v ${ENDPOINT_URL}/secret/testuser2
-# Should contain ${result} HTTP/1.1 200 OK ignore_case=True
\ No newline at end of file
+S3 Gateway Revoke Secret By Username
+ [Tags] robot:skip # TODO: Enable after HDDS-11041 is done.
+ Pass Execution If '${SECURITY_ENABLED}' == 'false' Skipping this check as security is not enabled
+ Execute ozone s3 getsecret -u testuser ${OM_HA_PARAM}
+ ${result} = Execute curl -X DELETE --negotiate -u : -v ${ENDPOINT_URL}/secret/testuser
+ Should contain ${result} HTTP/1.1 200 OK ignore_case=True
+
+S3 Gateway Revoke Secret By Username For Other User
+ [Tags] robot:skip # TODO: Enable after HDDS-11041 is done.
+ Pass Execution If '${SECURITY_ENABLED}' == 'false' Skipping this check as security is not enabled
+ Execute ozone s3 getsecret -u testuser2 ${OM_HA_PARAM}
+ ${result} = Execute curl -X DELETE --negotiate -u : -v ${ENDPOINT_URL}/secret/testuser2
+ Should contain ${result} HTTP/1.1 200 OK ignore_case=True