This is an automated email from the ASF dual-hosted git repository.
adoroszlai pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git
The following commit(s) were added to refs/heads/master by this push:
new 1a47e92f21 HDDS-8796. ACL robot tests are duplicated (#4872)
1a47e92f21 is described below
commit 1a47e92f215825fcadc8d52cbbf1d4f1a0a3a4dc
Author: Doroszlai, Attila <[email protected]>
AuthorDate: Sat Jun 17 08:03:14 2023 +0200
HDDS-8796. ACL robot tests are duplicated (#4872)
---
.../src/main/smoketest/basic/ozone-shell-lib.robot | 38 ++++++++++
.../src/main/smoketest/basic/ozone-shell.robot | 5 +-
.../main/smoketest/security/ozone-secure-fs.robot | 81 ----------------------
3 files changed, 42 insertions(+), 82 deletions(-)
diff --git a/hadoop-ozone/dist/src/main/smoketest/basic/ozone-shell-lib.robot
b/hadoop-ozone/dist/src/main/smoketest/basic/ozone-shell-lib.robot
index b7df1aa5e8..5d0ebf8f37 100644
--- a/hadoop-ozone/dist/src/main/smoketest/basic/ozone-shell-lib.robot
+++ b/hadoop-ozone/dist/src/main/smoketest/basic/ozone-shell-lib.robot
@@ -207,6 +207,44 @@ Test prefix Acls
Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1\",\n.*\"aclScope\" :
\"ACCESS\",\n.*\"aclList\" : . \"READ\", \"WRITE\", \"READ_ACL\", \"WRITE_ACL\"
Should Match Regexp ${result} \"type\" :
\"GROUP\",\n.*\"name\" : \"superuser1\",\n.*\"aclScope\" :
\"ACCESS\",\n.*\"aclList\" : . \"ALL\" .
+Test native authorizer
+ [arguments] ${protocol} ${server} ${volume}
+
+ Return From Keyword if '${SECURITY_ENABLED}' == 'false'
+
+ Execute ozone sh volume removeacl ${protocol}${server}/${volume}
-a group:root:a
+ Execute kdestroy
+ Run Keyword Kinit test user testuser2 testuser2.keytab
+ ${result} = Execute And Ignore Error ozone sh bucket list
${protocol}${server}/${volume}
+ Should contain ${result} PERMISSION_DENIED
+ ${result} = Execute And Ignore Error ozone sh key list
${protocol}${server}/${volume}/bb1
+ Should contain ${result} PERMISSION_DENIED
+ ${result} = Execute And Ignore Error ozone sh volume addacl
${protocol}${server}/${volume} -a user:testuser2:xy
+ Should contain ${result} PERMISSION_DENIED User
testuser2 doesn't have WRITE_ACL permission to access volume
+ Execute kdestroy
+ Run Keyword Kinit test user testuser testuser.keytab
+ Execute ozone sh volume addacl ${protocol}${server}/${volume} -a
user:testuser2:xyrw
+ Execute kdestroy
+ Run Keyword Kinit test user testuser2 testuser2.keytab
+ ${result} = Execute And Ignore Error ozone sh bucket list
${protocol}${server}/${volume}
+ Should contain ${result} PERMISSION_DENIED User
testuser2 doesn't have LIST permission to access volume
+ Execute ozone sh volume addacl ${protocol}${server}/${volume} -a
user:testuser2:l
+ Execute ozone sh bucket list ${protocol}${server}/${volume}
+ Execute ozone sh volume getacl ${protocol}${server}/${volume}
+
+ ${result} = Execute And Ignore Error ozone sh key list
${protocol}${server}/${volume}/bb1
+ Should contain ${result} PERMISSION_DENIED
+ Execute kdestroy
+ Run Keyword Kinit test user testuser testuser.keytab
+ Execute ozone sh bucket addacl ${protocol}${server}/${volume}/bb1
-a user:testuser2:a
+ Execute ozone sh bucket getacl ${protocol}${server}/${volume}/bb1
+ Execute kdestroy
+ Run Keyword Kinit test user testuser2 testuser2.keytab
+ Execute ozone sh bucket getacl ${protocol}${server}/${volume}/bb1
+ Execute ozone sh key list ${protocol}${server}/${volume}/bb1
+ Execute kdestroy
+ Run Keyword Kinit test user testuser testuser.keytab
+
Test Delete key with and without Trash
[arguments] ${protocol} ${server} ${volume}
Execute ozone sh volume create
${protocol}${server}/${volume}
diff --git a/hadoop-ozone/dist/src/main/smoketest/basic/ozone-shell.robot
b/hadoop-ozone/dist/src/main/smoketest/basic/ozone-shell.robot
index e0ed64e0e1..1f1b08e3fa 100644
--- a/hadoop-ozone/dist/src/main/smoketest/basic/ozone-shell.robot
+++ b/hadoop-ozone/dist/src/main/smoketest/basic/ozone-shell.robot
@@ -38,6 +38,10 @@ RpcClient bucket acls
RpcClient key acls
Test Key Acls o3:// om:9862 ${prefix}-acls
+# depends on being run between key and prefix tests
+Test native authorizer
+ Test native authorizer o3:// om:9862 ${prefix}-acls
+
RpcClient prefix acls
Test Prefix Acls o3:// om:9862 ${prefix}-acls
@@ -46,4 +50,3 @@ RpcClient without host
RpcClient Delete key
Test Delete key with and without Trash o3:// om:9862
${prefix}-with-del
-
diff --git
a/hadoop-ozone/dist/src/main/smoketest/security/ozone-secure-fs.robot
b/hadoop-ozone/dist/src/main/smoketest/security/ozone-secure-fs.robot
index 67158b35ed..afb5cc09cc 100644
--- a/hadoop-ozone/dist/src/main/smoketest/security/ozone-secure-fs.robot
+++ b/hadoop-ozone/dist/src/main/smoketest/security/ozone-secure-fs.robot
@@ -88,87 +88,6 @@ Create volume bucket with credentials
Check volume from ozonefs
${result} = Execute ozone fs -ls
o3fs://bucket1.${volume1}/
-Test Volume Acls
- ${result} = Execute ozone sh volume create ${volume3}
- Should not contain ${result} Failed
- ${result} = Execute ozone sh volume getacl ${volume3}
- Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \".*\",\n.*"aclScope\" : \"ACCESS\",\n.*\"aclList\" : .
\"ALL\" .
- ${result} = Execute ozone sh volume addacl ${volume3} -a
user:superuser1:rwxy[DEFAULT]
- ${result} = Execute ozone sh volume getacl ${volume3}
- Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1\",\n.*\"aclScope\" :
\"DEFAULT\",\n.*\"aclList\" : . \"READ\", \"WRITE\", \"READ_ACL\", \"WRITE_ACL\"
- ${result} = Execute ozone sh volume removeacl ${volume3}
-a user:superuser1:xy
- ${result} = Execute ozone sh volume getacl ${volume3}
- Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1\",\n.*\"aclScope\" :
\"DEFAULT\",\n.*\"aclList\" : . \"READ\", \"WRITE\"
- ${result} = Execute ozone sh volume setacl ${volume3} -al
user:superuser1:rwxy,user:testuser:rwxyc,group:superuser1:a[DEFAULT]
- ${result} = Execute ozone sh volume getacl ${volume3}
- Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1\",\n.*\"aclScope\" :
\"ACCESS\",\n.*\"aclList\" : . \"READ\", \"WRITE\", \"READ_ACL\", \"WRITE_ACL\"
- Should Match Regexp ${result} \"type\" :
\"GROUP\",\n.*\"name\" : \"superuser1\",\n.*\"aclScope\" :
\"DEFAULT\",\n.*\"aclList\" : . \"ALL\"
-
-Test Bucket Acls
- ${result} = Execute ozone sh bucket create ${volume3}/bk1
--layout FILE_SYSTEM_OPTIMIZED
- Should not contain ${result} Failed
- ${result} = Execute ozone sh bucket getacl ${volume3}/bk1
- Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \".*\",\n.*\"aclScope\" : \"ACCESS\",\n.*\"aclList\" :
. \"ALL\" .
- ${result} = Execute ozone sh bucket addacl ${volume3}/bk1
-a user:superuser1:rwxy
- ${result} = Execute ozone sh bucket getacl ${volume3}/bk1
- Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1\",\n.*\"aclScope\" :
\"ACCESS\",\n.*\"aclList\" : . \"READ\", \"WRITE\", \"READ_ACL\", \"WRITE_ACL\"
- ${result} = Execute ozone sh bucket removeacl
${volume3}/bk1 -a user:superuser1:xy
- ${result} = Execute ozone sh bucket getacl ${volume3}/bk1
- Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1\",\n.*\"aclScope\" :
\"ACCESS\",\n.*\"aclList\" : . \"READ\", \"WRITE\"
- ${result} = Execute ozone sh bucket setacl ${volume3}/bk1
-al
user:superuser1:rwxy,group:superuser1:a,user:testuser:rwxyc,group:superuser1:a[DEFAULT]
- ${result} = Execute ozone sh bucket getacl ${volume3}/bk1
- Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1\",\n.*\"aclScope\" :
\"ACCESS\",\n.*\"aclList\" : . \"READ\", \"WRITE\", \"READ_ACL\", \"WRITE_ACL\"
- Should Match Regexp ${result} \"type\" :
\"GROUP\",\n.*\"name\" : \"superuser1\",\n.*\"aclScope\" :
\"ACCESS\",\n.*\"aclList\" : . \"ALL\"
-
-Test key Acls
- Execute ozone sh key put ${volume3}/bk1/key1
/opt/hadoop/NOTICE.txt
- ${result} = Execute ozone sh key getacl ${volume3}/bk1/key1
- Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \".*\",\n.*\"aclScope\" : \"ACCESS\",\n.*\"aclList\" :
. \"ALL\" .
- ${result} = Execute ozone sh key addacl
${volume3}/bk1/key1 -a user:superuser1:rwxy
- ${result} = Execute ozone sh key getacl ${volume3}/bk1/key1
- Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1\",\n.*\"aclScope\" :
\"ACCESS\",\n.*\"aclList\" : . \"READ\", \"WRITE\", \"READ_ACL\", \"WRITE_ACL\"
- ${result} = Execute ozone sh key removeacl
${volume3}/bk1/key1 -a user:superuser1:xy
- ${result} = Execute ozone sh key getacl ${volume3}/bk1/key1
- Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1\",\n.*\"aclScope\" :
\"ACCESS\",\n.*\"aclList\" : . \"READ\", \"WRITE\"
- ${result} = Execute ozone sh key setacl
${volume3}/bk1/key1 -al
user:superuser1:rwxy,group:superuser1:a,user:testuser:rwxyc
- ${result} = Execute ozone sh key getacl ${volume3}/bk1/key1
- Should Match Regexp ${result} \"type\" :
\"USER\",\n.*\"name\" : \"superuser1\",\n.*\"aclScope\" :
\"ACCESS\",\n.*\"aclList\" : . \"READ\", \"WRITE\", \"READ_ACL\", \"WRITE_ACL\"
- Should Match Regexp ${result} \"type\" :
\"GROUP\",\n.*\"name\" : \"superuser1\",\n.*\"aclScope\" :
\"ACCESS\",\n.*\"aclList\" : . \"ALL\"
-
-Test native authorizer
- Execute ozone sh volume removeacl ${volume3} -a group:root:a
- Execute kdestroy
- Run Keyword Kinit test user testuser2 testuser2.keytab
- ${result} = Execute And Ignore Error ozone sh bucket list
/${volume3}/
- Should contain ${result} PERMISSION_DENIED
- ${result} = Execute And Ignore Error ozone sh key list
/${volume3}/bk1
- Should contain ${result} PERMISSION_DENIED
- ${result} = Execute And Ignore Error ozone sh volume addacl
${volume3} -a user:testuser2:xy
- Should contain ${result} PERMISSION_DENIED User
testuser2 doesn't have WRITE_ACL permission to access volume
- Execute kdestroy
- Run Keyword Kinit test user testuser testuser.keytab
- Execute ozone sh volume addacl ${volume3} -a user:testuser2:xyrw
- Execute kdestroy
- Run Keyword Kinit test user testuser2 testuser2.keytab
- ${result} = Execute And Ignore Error ozone sh bucket list
/${volume3}/
- Should contain ${result} PERMISSION_DENIED User
testuser2 doesn't have LIST permission to access volume
- Execute ozone sh volume addacl ${volume3} -a user:testuser2:l
- Execute ozone sh bucket list /${volume3}/
- Execute ozone sh volume getacl /${volume3}/
-
- ${result} = Execute And Ignore Error ozone sh key list
/${volume3}/bk1
- Should contain ${result} PERMISSION_DENIED
- Execute kdestroy
- Run Keyword Kinit test user testuser testuser.keytab
- Execute ozone sh bucket addacl ${volume3}/bk1 -a user:testuser2:a
- Execute ozone sh bucket getacl /${volume3}/bk1
- Execute kdestroy
- Run Keyword Kinit test user testuser2 testuser2.keytab
- Execute ozone sh bucket getacl /${volume3}/bk1
- Execute ozone sh key list /${volume3}/bk1
- Execute kdestroy
- Run Keyword Kinit test user testuser testuser.keytab
-
Test tmp mount for shared ofs tmp dir
${result} = Execute And Ignore Error ozone getconf confKey
ozone.om.enable.ofs.shared.tmp.dir
${contains} = Evaluate "true" in """${result}"""
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
