Repository: knox Updated Branches: refs/heads/master 9c7a806d1 -> 00dcbeab4
KNOX-1623 - Fix jenkins build - 2 Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/00dcbeab Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/00dcbeab Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/00dcbeab Branch: refs/heads/master Commit: 00dcbeab4ae54ea0b3cbe24fcceb5d750cacfc8a Parents: 9c7a806 Author: Sandeep More <[email protected]> Authored: Fri Dec 7 11:13:01 2018 -0500 Committer: Sandeep More <[email protected]> Committed: Fri Dec 7 11:14:16 2018 -0500 ---------------------------------------------------------------------- .../knox/gateway/SecureKnoxShellTest.java | 50 +++++++++++++++++++- 1 file changed, 48 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/00dcbeab/gateway-test-release/webhdfs-kerb-test/src/test/java/org/apache/knox/gateway/SecureKnoxShellTest.java ---------------------------------------------------------------------- diff --git a/gateway-test-release/webhdfs-kerb-test/src/test/java/org/apache/knox/gateway/SecureKnoxShellTest.java b/gateway-test-release/webhdfs-kerb-test/src/test/java/org/apache/knox/gateway/SecureKnoxShellTest.java index d562e46..7ac7cc8 100644 --- a/gateway-test-release/webhdfs-kerb-test/src/test/java/org/apache/knox/gateway/SecureKnoxShellTest.java +++ b/gateway-test-release/webhdfs-kerb-test/src/test/java/org/apache/knox/gateway/SecureKnoxShellTest.java @@ -25,6 +25,7 @@ import org.apache.hadoop.fs.permission.FsPermission; import org.apache.hadoop.hdfs.DistributedFileSystem; import org.apache.hadoop.hdfs.HdfsConfiguration; import org.apache.hadoop.hdfs.MiniDFSCluster; +import org.apache.hadoop.http.HttpConfig; import org.apache.hadoop.minikdc.MiniKdc; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.ssl.KeyStoreTestUtil; @@ -46,6 +47,23 @@ import java.nio.charset.StandardCharsets; import java.util.Locale; import java.util.Properties; +import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.IPC_CLIENT_CONNECT_MAX_RETRIES_KEY; +import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY; +import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_CLIENT_HTTPS_KEYSTORE_RESOURCE_KEY; +import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_DATANODE_HTTPS_ADDRESS_KEY; +import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_DATANODE_KERBEROS_PRINCIPAL_KEY; +import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_DATANODE_KEYTAB_FILE_KEY; +import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_DATA_ENCRYPTION_ALGORITHM_KEY; +import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_HTTP_POLICY_KEY; +import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_JOURNALNODE_HTTPS_ADDRESS_KEY; +import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_JOURNALNODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY; +import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_JOURNALNODE_KERBEROS_PRINCIPAL_KEY; +import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_JOURNALNODE_KEYTAB_FILE_KEY; +import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_HTTPS_ADDRESS_KEY; +import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY; +import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY; +import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_SERVER_HTTPS_KEYSTORE_RESOURCE_KEY; +import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; @@ -89,16 +107,17 @@ public class SecureKnoxShellTest { System.setProperty(MiniDFSCluster.PROP_TEST_BUILD_DATA, baseDir.getAbsolutePath()); + initKdc(); miniDFSCluster = new MiniDFSCluster.Builder(configuration) .nameNodePort(TestUtils.findFreePort()) .nameNodeHttpPort(nameNodeHttpPort).numDataNodes(2).format(true) .racks(null).build(); - initKdc(); setupKnox(keytab, hdfsPrincipal); } private static void initKdc() throws Exception { + final Properties kdcConf = MiniKdc.createConf(); kdc = new MiniKdc(kdcConf, baseDir); kdc.start(); @@ -116,8 +135,35 @@ public class SecureKnoxShellTest { userName + "/" + krbInstance + "@" + kdc.getRealm(); spnegoPrincipal = "HTTP/" + krbInstance + "@" + kdc.getRealm(); - krb5conf = kdc.getKrb5conf().getAbsolutePath(); + configuration.set(DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, hdfsPrincipal); + configuration.set(DFS_NAMENODE_KEYTAB_FILE_KEY, keytab); + configuration.set(DFS_DATANODE_KERBEROS_PRINCIPAL_KEY, hdfsPrincipal); + configuration.set(DFS_DATANODE_KEYTAB_FILE_KEY, keytab); + configuration.set(DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY, spnegoPrincipal); + configuration.set(DFS_JOURNALNODE_KEYTAB_FILE_KEY, keytab); + configuration.set(DFS_JOURNALNODE_KERBEROS_PRINCIPAL_KEY, hdfsPrincipal); + configuration.set(DFS_JOURNALNODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY, spnegoPrincipal); + configuration.setBoolean(DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY, true); + configuration.set(DFS_DATA_ENCRYPTION_ALGORITHM_KEY, "authentication"); + configuration.set(DFS_HTTP_POLICY_KEY, HttpConfig.Policy.HTTP_AND_HTTPS.name()); + configuration.set(DFS_NAMENODE_HTTPS_ADDRESS_KEY, "localhost:0"); + configuration.set(DFS_DATANODE_HTTPS_ADDRESS_KEY, "localhost:0"); + configuration.set(DFS_JOURNALNODE_HTTPS_ADDRESS_KEY, "localhost:0"); + configuration.setInt(IPC_CLIENT_CONNECT_MAX_RETRIES_KEY, 10); + configuration.set("hadoop.proxyuser." + userName + ".hosts", "*"); + configuration.set("hadoop.proxyuser." + userName + ".groups", "*"); + configuration.setBoolean("dfs.permissions", true); + + String keystoresDir = baseDir.getAbsolutePath(); + File sslClientConfFile = new File(keystoresDir + "/ssl-client.xml"); + File sslServerConfFile = new File(keystoresDir + "/ssl-server.xml"); + KeyStoreTestUtil.setupSSLConfig(keystoresDir, keystoresDir, configuration, false); + configuration.set(DFS_CLIENT_HTTPS_KEYSTORE_RESOURCE_KEY, + sslClientConfFile.getName()); + configuration.set(DFS_SERVER_HTTPS_KEYSTORE_RESOURCE_KEY, + sslServerConfFile.getName()); + krb5conf = kdc.getKrb5conf().getAbsolutePath(); } @AfterClass
