Author: wang
Date: Tue Jul 15 20:59:40 2014
New Revision: 1610849
URL: http://svn.apache.org/r1610849
Log:
HDFS-6619. Clean up encryption-related tests. (wang)
Added:
hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java
- copied, changed from r1610848,
hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZonesAPI.java
Removed:
hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/fs/TestHDFSEncryption.java
hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZonesAPI.java
hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestFileContextEncryptionZones.java
Modified:
hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/CHANGES-fs-encryption.txt
Modified:
hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/CHANGES-fs-encryption.txt
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/CHANGES-fs-encryption.txt?rev=1610849&r1=1610848&r2=1610849&view=diff
==============================================================================
---
hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/CHANGES-fs-encryption.txt
(original)
+++
hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/CHANGES-fs-encryption.txt
Tue Jul 15 20:59:40 2014
@@ -42,6 +42,8 @@ fs-encryption (Unreleased)
HDFS-6474. Namenode needs to get the actual keys and iv from the
KeyProvider. (wang)
+ HDFS-6619. Clean up encryption-related tests. (wang)
+
OPTIMIZATIONS
BUG FIXES
Copied:
hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java
(from r1610848,
hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZonesAPI.java)
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java?p2=hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java&p1=hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZonesAPI.java&r1=1610848&r2=1610849&rev=1610849&view=diff
==============================================================================
---
hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZonesAPI.java
(original)
+++
hadoop/common/branches/fs-encryption/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java
Tue Jul 15 20:59:40 2014
@@ -22,12 +22,8 @@ import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
-import java.util.HashSet;
import java.util.List;
-import java.util.Set;
-import java.util.UUID;
-import com.google.common.base.Preconditions;
import com.google.common.collect.Lists;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.crypto.CipherSuite;
@@ -35,8 +31,13 @@ import org.apache.hadoop.crypto.key.Java
import org.apache.hadoop.crypto.key.KeyProvider;
import org.apache.hadoop.crypto.key.KeyProviderFactory;
import org.apache.hadoop.fs.FSDataInputStream;
+import org.apache.hadoop.fs.FSTestWrapper;
+import org.apache.hadoop.fs.FileContext;
+import org.apache.hadoop.fs.FileContextTestWrapper;
import org.apache.hadoop.fs.FileEncryptionInfo;
import org.apache.hadoop.fs.FileSystem;
+import org.apache.hadoop.fs.FileSystemTestHelper;
+import org.apache.hadoop.fs.FileSystemTestWrapper;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.client.HdfsAdmin;
@@ -45,7 +46,6 @@ import org.apache.hadoop.hdfs.protocol.L
import org.apache.hadoop.hdfs.server.namenode.EncryptionZoneManager;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.hadoop.test.GenericTestUtils;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.junit.After;
@@ -53,297 +53,316 @@ import org.junit.Before;
import org.junit.Test;
+import static org.apache.hadoop.test.GenericTestUtils.assertExceptionContains;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-public class TestEncryptionZonesAPI {
+public class TestEncryptionZones {
+
+ private Configuration conf;
+ private FileSystemTestHelper fsHelper;
- private static final Path TEST_PATH = new Path("/test");
- private static final Path TEST_PATH_WITH_CHILD = new Path(TEST_PATH, "foo");
- private static final Path TEST_PATH_WITH_MULTIPLE_CHILDREN =
- new Path(TEST_PATH_WITH_CHILD, "baz");
- private static final String TEST_KEYID = "mykeyid";
- private final Configuration conf = new Configuration();
private MiniDFSCluster cluster;
- private static File tmpDir;
+ private HdfsAdmin dfsAdmin;
private DistributedFileSystem fs;
+ protected FileSystemTestWrapper fsWrapper;
+ protected FileContextTestWrapper fcWrapper;
+
@Before
- public void setUpCluster() throws IOException {
- tmpDir = new File(System.getProperty("test.build.data", "target"),
- UUID.randomUUID().toString()).getAbsoluteFile();
+ public void setup() throws IOException {
+ conf = new HdfsConfiguration();
+ fsHelper = new FileSystemTestHelper();
+ // Set up java key store
+ String testRoot = fsHelper.getTestRootDir();
+ File testRootDir = new File(testRoot).getAbsoluteFile();
conf.set(KeyProviderFactory.KEY_PROVIDER_PATH,
- JavaKeyStoreProvider.SCHEME_NAME + "://file" + tmpDir + "/test.jks");
+ JavaKeyStoreProvider.SCHEME_NAME + "://file" + testRootDir +
"/test.jks"
+ );
cluster = new MiniDFSCluster.Builder(conf).numDataNodes(1).build();
- fs = (DistributedFileSystem) createFileSystem(conf);
Logger.getLogger(EncryptionZoneManager.class).setLevel(Level.TRACE);
- }
-
- protected FileSystem createFileSystem(Configuration conf) throws IOException
{
- return cluster.getFileSystem();
+ fs = cluster.getFileSystem();
+ fsWrapper = new FileSystemTestWrapper(cluster.getFileSystem());
+ fcWrapper = new FileContextTestWrapper(
+ FileContext.getFileContext(cluster.getURI(), conf));
+ dfsAdmin = new HdfsAdmin(cluster.getURI(), conf);
}
@After
- public void shutDownCluster() {
+ public void teardown() {
if (cluster != null) {
cluster.shutdown();
}
}
- /** Test failure of Create EZ on a directory that doesn't exist. */
+ public void assertNumZones(final int numZones) throws IOException {
+ final List<EncryptionZone> zones = dfsAdmin.listEncryptionZones();
+ assertEquals("Unexpected number of encryption zones!", numZones,
+ zones.size());
+ }
+
+ /**
+ * Checks that an encryption zone with the specified keyId and path (if not
+ * null) is present.
+ *
+ * @throws IOException if a matching zone could not be found
+ */
+ public void assertZonePresent(String keyId, String path) throws IOException {
+ final List<EncryptionZone> zones = dfsAdmin.listEncryptionZones();
+ boolean match = false;
+ for (EncryptionZone zone : zones) {
+ boolean matchKey = (keyId == null);
+ boolean matchPath = (path == null);
+ if (keyId != null && zone.getKeyId().equals(keyId)) {
+ matchKey = true;
+ }
+ if (path != null && zone.getPath().equals(path)) {
+ matchPath = true;
+ }
+ if (matchKey && matchPath) {
+ match = true;
+ break;
+ }
+ }
+ assertTrue("Did not find expected encryption zone with keyId " + keyId +
+ " path " + path, match
+ );
+ }
+
+ /**
+ * Helper function to create a key in the Key Provider.
+ */
+ private void createKey(String keyId)
+ throws NoSuchAlgorithmException, IOException {
+ KeyProvider provider = cluster.getNameNode().getNamesystem().getProvider();
+ final KeyProvider.Options options = KeyProvider.options(conf);
+ provider.createKey(keyId, options);
+ provider.flush();
+ }
+
@Test(timeout = 60000)
- public void testCreateEncryptionZoneDirectoryDoesntExist() throws Exception {
- final HdfsAdmin dfsAdmin =
- new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
+ public void testBasicOperations() throws Exception {
+
+ int numZones = 0;
+
+ /* Test failure of create EZ on a directory that doesn't exist. */
+ final Path zone1 = new Path("/zone1");
try {
- dfsAdmin.createEncryptionZone(TEST_PATH, null);
+ dfsAdmin.createEncryptionZone(zone1, null);
fail("expected /test doesn't exist");
} catch (IOException e) {
- GenericTestUtils.assertExceptionContains("cannot find", e);
+ assertExceptionContains("cannot find", e);
}
- }
- /** Test failure of Create EZ on a directory which is already an EZ. */
- @Test(timeout = 60000)
- public void testCreateEncryptionZoneWhichAlreadyExists()
- throws Exception {
- final HdfsAdmin dfsAdmin =
- new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
- FileSystem.mkdirs(fs, TEST_PATH, new FsPermission((short) 0777));
- dfsAdmin.createEncryptionZone(TEST_PATH, null);
+ /* Normal creation of an EZ */
+ fsWrapper.mkdir(zone1, FsPermission.getDirDefault(), true);
+ dfsAdmin.createEncryptionZone(zone1, null);
+ assertNumZones(++numZones);
+ assertZonePresent(null, zone1.toString());
+
+ /* Test failure of create EZ on a directory which is already an EZ. */
try {
- dfsAdmin.createEncryptionZone(TEST_PATH, null);
+ dfsAdmin.createEncryptionZone(zone1, null);
} catch (IOException e) {
- GenericTestUtils.assertExceptionContains("already in an encryption zone",
- e);
+ assertExceptionContains("already in an encryption zone", e);
}
- }
- /** Test success of Create EZ in which a key is created. */
- @Test(timeout = 60000)
- public void testCreateEncryptionZoneAndGenerateKeyDirectoryEmpty()
- throws Exception {
- final HdfsAdmin dfsAdmin =
- new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
- FileSystem.mkdirs(fs, TEST_PATH, new FsPermission((short) 0777));
- dfsAdmin.createEncryptionZone(TEST_PATH, null);
- }
-
- /** Test failure of Create EZ operation in an existing EZ. */
- @Test(timeout = 60000)
- public void testCreateEncryptionZoneInExistingEncryptionZone()
- throws Exception {
- final HdfsAdmin dfsAdmin =
- new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
- FileSystem.mkdirs(fs, TEST_PATH, new FsPermission((short) 0777));
- dfsAdmin.createEncryptionZone(TEST_PATH, null);
- FileSystem.mkdirs(fs, TEST_PATH_WITH_CHILD,
- new FsPermission((short) 0777));
+ /* Test failure of create EZ operation in an existing EZ. */
+ final Path zone1Child = new Path(zone1, "child");
+ fsWrapper.mkdir(zone1Child, FsPermission.getDirDefault(), false);
try {
- dfsAdmin.createEncryptionZone(TEST_PATH_WITH_CHILD, null);
+ dfsAdmin.createEncryptionZone(zone1Child, null);
fail("EZ in an EZ");
} catch (IOException e) {
- GenericTestUtils.assertExceptionContains("already in an encryption
zone", e);
+ assertExceptionContains("already in an encryption zone", e);
}
- }
- /** Test failure of creating an EZ using a non-empty directory. */
- @Test(timeout = 60000)
- public void testCreateEncryptionZoneAndGenerateKeyDirectoryNotEmpty()
- throws Exception {
- final HdfsAdmin dfsAdmin =
- new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
- FileSystem.mkdirs(fs, TEST_PATH, new FsPermission((short) 0777));
- FileSystem.create(fs, new Path("/test/foo"),
- new FsPermission((short) 0777));
+ /* create EZ on a folder with a folder fails */
+ final Path notEmpty = new Path("/notEmpty");
+ final Path notEmptyChild = new Path(notEmpty, "child");
+ fsWrapper.mkdir(notEmptyChild, FsPermission.getDirDefault(), true);
try {
- dfsAdmin.createEncryptionZone(TEST_PATH, null);
- fail("expected key doesn't exist");
+ dfsAdmin.createEncryptionZone(notEmpty, null);
+ fail("Created EZ on an non-empty directory with folder");
} catch (IOException e) {
- GenericTestUtils.assertExceptionContains("create an encryption zone", e);
+ assertExceptionContains("create an encryption zone", e);
}
- }
+ fsWrapper.delete(notEmptyChild, false);
- /** Test failure of creating an EZ passing a key that doesn't exist. */
- @Test(timeout = 60000)
- public void testCreateEncryptionZoneKeyDoesntExist() throws Exception {
- final HdfsAdmin dfsAdmin =
- new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
+ /* create EZ on a folder with a file fails */
+ fsWrapper.createFile(notEmptyChild);
try {
- dfsAdmin.createEncryptionZone(TEST_PATH, TEST_KEYID);
- fail("expected key doesn't exist");
+ dfsAdmin.createEncryptionZone(notEmpty, null);
+ fail("Created EZ on an non-empty directory with file");
} catch (IOException e) {
- GenericTestUtils.assertExceptionContains("doesn't exist.", e);
+ assertExceptionContains("create an encryption zone", e);
}
- final List<EncryptionZone> zones = dfsAdmin.listEncryptionZones();
- Preconditions.checkState(zones.size() == 0, "More than one zone found?");
- }
-
- /** Test success of creating an EZ when they key exists. */
- @Test(timeout = 60000)
- public void testCreateEncryptionZoneKeyExist() throws Exception {
- final HdfsAdmin dfsAdmin =
- new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
- FileSystem.mkdirs(fs, TEST_PATH, new FsPermission((short) 0777));
- createAKey(TEST_KEYID);
- dfsAdmin.createEncryptionZone(TEST_PATH, TEST_KEYID);
- final List<EncryptionZone> zones = dfsAdmin.listEncryptionZones();
- Preconditions.checkState(zones.size() == 1, "More than one zone found?");
- final EncryptionZone ez = zones.get(0);
- GenericTestUtils.assertMatches(ez.toString(),
- "EncryptionZone \\[path=/test, keyId=");
- }
- /** Helper function to create a key in the Key Provider. */
- private void createAKey(String keyId)
- throws NoSuchAlgorithmException, IOException {
- KeyProvider provider =
- cluster.getNameNode().getNamesystem().getProvider();
- final KeyProvider.Options options = KeyProvider.options(conf);
- provider.createKey(keyId, options);
- provider.flush();
- }
+ /* Test failure of creating an EZ passing a key that doesn't exist. */
+ final Path zone2 = new Path("/zone2");
+ fsWrapper.mkdir(zone2, FsPermission.getDirDefault(), false);
+ final String myKeyId = "mykeyid";
+ try {
+ dfsAdmin.createEncryptionZone(zone2, myKeyId);
+ fail("expected key doesn't exist");
+ } catch (IOException e) {
+ assertExceptionContains("doesn't exist.", e);
+ }
+ assertNumZones(1);
- /** Test failure of create encryption zones as a non super user. */
- @Test(timeout = 60000)
- public void testCreateEncryptionZoneAsNonSuperUser()
- throws Exception {
- final HdfsAdmin dfsAdmin =
- new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
+ /* Test success of creating an EZ when they key exists. */
+ createKey(myKeyId);
+ dfsAdmin.createEncryptionZone(zone2, myKeyId);
+ assertNumZones(++numZones);
+ assertZonePresent(myKeyId, zone2.toString());
+ /* Test failure of create encryption zones as a non super user. */
final UserGroupInformation user = UserGroupInformation.
- createUserForTesting("user", new String[] { "mygroup" });
-
- FileSystem.mkdirs(fs, TEST_PATH, new FsPermission((short) 0700));
+ createUserForTesting("user", new String[] { "mygroup" });
+ final Path nonSuper = new Path("/nonSuper");
+ fsWrapper.mkdir(nonSuper, FsPermission.getDirDefault(), false);
user.doAs(new PrivilegedExceptionAction<Object>() {
- @Override
- public Object run() throws Exception {
- final HdfsAdmin userAdmin =
+ @Override
+ public Object run() throws Exception {
+ final HdfsAdmin userAdmin =
new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
- try {
- userAdmin.createEncryptionZone(TEST_PATH, null);
- fail("createEncryptionZone is superuser-only operation");
- } catch (AccessControlException e) {
- GenericTestUtils.assertExceptionContains(
- "Superuser privilege is required", e);
- }
- return null;
+ try {
+ userAdmin.createEncryptionZone(nonSuper, null);
+ fail("createEncryptionZone is superuser-only operation");
+ } catch (AccessControlException e) {
+ assertExceptionContains("Superuser privilege is required", e);
}
- });
+ return null;
+ }
+ });
+
+ // Test success of creating an encryption zone a few levels down.
+ Path deepZone = new Path("/d/e/e/p/zone");
+ fsWrapper.mkdir(deepZone, FsPermission.getDirDefault(), true);
+ dfsAdmin.createEncryptionZone(deepZone, null);
+ assertNumZones(++numZones);
+ assertZonePresent(null, deepZone.toString());
}
/**
- * Test success of creating an encryption zone a few levels down.
+ * Test listing encryption zones as a non super user.
*/
@Test(timeout = 60000)
- public void testCreateEncryptionZoneDownAFewLevels()
- throws Exception {
- final HdfsAdmin dfsAdmin =
- new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
- FileSystem.mkdirs(fs, TEST_PATH_WITH_MULTIPLE_CHILDREN,
- new FsPermission((short) 0777));
- dfsAdmin.createEncryptionZone(TEST_PATH_WITH_MULTIPLE_CHILDREN, null);
- final List<EncryptionZone> zones = dfsAdmin.listEncryptionZones();
- Preconditions.checkState(zones.size() == 1, "More than one zone found?");
- final EncryptionZone ez = zones.get(0);
- GenericTestUtils.assertMatches(ez.toString(),
- "EncryptionZone \\[path=/test/foo/baz, keyId=");
- }
-
- /** Test failure of creating an EZ using a non-empty directory. */
- @Test(timeout = 60000)
- public void testCreateFileInEncryptionZone() throws Exception {
- final HdfsAdmin dfsAdmin =
- new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
- FileSystem.mkdirs(fs, TEST_PATH, new FsPermission((short) 0777));
- dfsAdmin.createEncryptionZone(TEST_PATH, null);
- FileSystem.create(fs, TEST_PATH_WITH_CHILD, new FsPermission((short)
0777));
-
- final List<EncryptionZone> zones = dfsAdmin.listEncryptionZones();
- final EncryptionZone ez = zones.get(0);
- GenericTestUtils.assertMatches(ez.toString(),
- "EncryptionZone \\[path=/test, keyId=");
- }
-
- /** Test listing encryption zones. */
- @Test(timeout = 60000)
- public void testListEncryptionZones() throws Exception {
- final HdfsAdmin dfsAdmin =
- new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
- final int N_EZs = 5;
- final Set<String> ezPathNames = new HashSet<String>(N_EZs);
- for (int i = 0; i < N_EZs; i++) {
- final Path p = new Path(TEST_PATH, "" + i);
- ezPathNames.add(p.toString());
- FileSystem.mkdirs(fs, p, new FsPermission((short) 0777));
- dfsAdmin.createEncryptionZone(p, null);
- }
-
- final List<EncryptionZone> zones = dfsAdmin.listEncryptionZones();
- Preconditions.checkState(zones.size() == N_EZs, "wrong number of EZs
returned");
- for (EncryptionZone z : zones) {
- final String ezPathName = z.getPath();
- Preconditions.checkState(ezPathNames.remove(
- ezPathName), "Path " + ezPathName + " not returned from listEZ");
- }
- Preconditions.checkState(ezPathNames.size() == 0);
- }
-
- /** Test listing encryption zones as a non super user. */
- @Test(timeout = 60000)
public void testListEncryptionZonesAsNonSuperUser() throws Exception {
- final HdfsAdmin dfsAdmin =
- new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
final UserGroupInformation user = UserGroupInformation.
- createUserForTesting("user", new String[] {"mygroup"});
+ createUserForTesting("user", new String[] { "mygroup" });
+
+ final Path testRoot = new Path(fsHelper.getTestRootDir());
+ final Path superPath = new Path(testRoot, "superuseronly");
+ final Path allPath = new Path(testRoot, "accessall");
- final Path TEST_PATH_SUPERUSER_ONLY = new Path(TEST_PATH, "superuseronly");
- final Path TEST_PATH_ALL = new Path(TEST_PATH, "accessall");
+ fsWrapper.mkdir(superPath, new FsPermission((short) 0700), true);
+ dfsAdmin.createEncryptionZone(superPath, null);
- FileSystem.mkdirs(fs, TEST_PATH_SUPERUSER_ONLY,
- new FsPermission((short) 0700));
- dfsAdmin.createEncryptionZone(TEST_PATH_SUPERUSER_ONLY, null);
- FileSystem.mkdirs(fs, TEST_PATH_ALL,
- new FsPermission((short) 0707));
- dfsAdmin.createEncryptionZone(TEST_PATH_ALL, null);
+ fsWrapper.mkdir(allPath, new FsPermission((short) 0707), true);
+ dfsAdmin.createEncryptionZone(allPath, null);
user.doAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
final HdfsAdmin userAdmin =
- new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
+ new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
try {
- final List<EncryptionZone> zones = userAdmin.listEncryptionZones();
+ userAdmin.listEncryptionZones();
} catch (AccessControlException e) {
- GenericTestUtils.assertExceptionContains(
- "Superuser privilege is required", e);
+ assertExceptionContains("Superuser privilege is required", e);
}
return null;
}
});
}
- /** Test success of Rename EZ on a directory which is already an EZ. */
- @Test(timeout = 60000)
- public void testRenameEncryptionZone()
- throws Exception {
- final HdfsAdmin dfsAdmin =
- new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
- FileSystem.mkdirs(fs, TEST_PATH_WITH_CHILD,
- new FsPermission((short) 0777));
- dfsAdmin.createEncryptionZone(TEST_PATH_WITH_CHILD, null);
- FileSystem.mkdirs(fs, TEST_PATH_WITH_MULTIPLE_CHILDREN,
- new FsPermission((short) 0777));
+ /**
+ * Test success of Rename EZ on a directory which is already an EZ.
+ */
+ private void doRenameEncryptionZone(FSTestWrapper wrapper) throws Exception {
+ final Path testRoot = new Path(fsHelper.getTestRootDir());
+ final Path pathFoo = new Path(testRoot, "foo");
+ final Path pathFooBaz = new Path(pathFoo, "baz");
+ wrapper.mkdir(pathFoo, FsPermission.getDirDefault(), true);
+ dfsAdmin.createEncryptionZone(pathFoo, null);
+ wrapper.mkdir(pathFooBaz, FsPermission.getDirDefault(), true);
try {
- fs.rename(TEST_PATH_WITH_MULTIPLE_CHILDREN, TEST_PATH);
+ wrapper.rename(pathFooBaz, testRoot);
} catch (IOException e) {
- GenericTestUtils.assertExceptionContains(
- "/test/foo/baz can't be moved from an encryption zone.", e);
+ assertExceptionContains(pathFooBaz.toString() + " can't be moved from" +
+ " an encryption zone.", e
+ );
+ }
+ }
+
+ @Test(timeout = 60000)
+ public void testRenameFileSystem() throws Exception {
+ doRenameEncryptionZone(fsWrapper);
+ }
+
+ @Test(timeout = 60000)
+ public void testRenameFileContext() throws Exception {
+ doRenameEncryptionZone(fcWrapper);
+ }
+
+ private void validateFiles(Path p1, Path p2, int len) throws Exception {
+ FSDataInputStream in1 = fs.open(p1);
+ FSDataInputStream in2 = fs.open(p2);
+ for (int i = 0; i < len; i++) {
+ assertEquals("Mismatch at byte " + i, in1.read(), in2.read());
}
+ in1.close();
+ in2.close();
+ }
+
+ private FileEncryptionInfo getFileEncryptionInfo(Path path) throws Exception
{
+ LocatedBlocks blocks = fs.getClient().getLocatedBlocks(path.toString(), 0);
+ return blocks.getFileEncryptionInfo();
+ }
+
+ @Test(timeout = 120000)
+ public void testReadWrite() throws Exception {
+ final HdfsAdmin dfsAdmin =
+ new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
+ // Create a base file for comparison
+ final Path baseFile = new Path("/base");
+ final int len = 8192;
+ DFSTestUtil.createFile(fs, baseFile, len, (short) 1, 0xFEED);
+ // Create the first enc file
+ final Path zone = new Path("/zone");
+ fs.mkdirs(zone);
+ dfsAdmin.createEncryptionZone(zone, null);
+ final Path encFile1 = new Path(zone, "myfile");
+ DFSTestUtil.createFile(fs, encFile1, len, (short) 1, 0xFEED);
+ // Read them back in and compare byte-by-byte
+ validateFiles(baseFile, encFile1, len);
+ // Roll the key of the encryption zone
+ List<EncryptionZone> zones = dfsAdmin.listEncryptionZones();
+ assertEquals("Expected 1 EZ", 1, zones.size());
+ String keyId = zones.get(0).getKeyId();
+ cluster.getNamesystem().getProvider().rollNewVersion(keyId);
+ cluster.getNamesystem().getFSDirectory().ezManager.kickMonitor();
+ // Read them back in and compare byte-by-byte
+ validateFiles(baseFile, encFile1, len);
+ // Write a new enc file and validate
+ final Path encFile2 = new Path(zone, "myfile2");
+ DFSTestUtil.createFile(fs, encFile2, len, (short) 1, 0xFEED);
+ // FEInfos should be different
+ FileEncryptionInfo feInfo1 = getFileEncryptionInfo(encFile1);
+ FileEncryptionInfo feInfo2 = getFileEncryptionInfo(encFile2);
+ assertFalse("EDEKs should be different", Arrays
+ .equals(feInfo1.getEncryptedDataEncryptionKey(),
+ feInfo2.getEncryptedDataEncryptionKey()));
+ assertNotEquals("Key was rolled, versions should be different",
+ feInfo1.getEzKeyVersionName(), feInfo2.getEzKeyVersionName());
+ // Contents still equal
+ validateFiles(encFile1, encFile2, len);
}
@Test(timeout = 60000)
@@ -354,16 +373,15 @@ public class TestEncryptionZonesAPI {
fs.mkdirs(zone);
dfsAdmin.createEncryptionZone(zone, null);
// Create a file in an EZ, which should succeed
- DFSTestUtil.createFile(fs, new Path(zone, "success1"), 0, (short) 1,
- 0xFEED);
+ DFSTestUtil
+ .createFile(fs, new Path(zone, "success1"), 0, (short) 1, 0xFEED);
// Pass no cipherSuites, fail
fs.getClient().cipherSuites = Lists.newArrayListWithCapacity(0);
try {
- DFSTestUtil.createFile(fs, new Path(zone, "fail"), 0, (short) 1,
- 0xFEED);
+ DFSTestUtil.createFile(fs, new Path(zone, "fail"), 0, (short) 1, 0xFEED);
fail("Created a file without specifying a CipherSuite!");
} catch (UnknownCipherSuiteException e) {
- GenericTestUtils.assertExceptionContains("No cipher suites", e);
+ assertExceptionContains("No cipher suites", e);
}
// Pass some unknown cipherSuites, fail
fs.getClient().cipherSuites = Lists.newArrayListWithCapacity(3);
@@ -371,25 +389,24 @@ public class TestEncryptionZonesAPI {
fs.getClient().cipherSuites.add(CipherSuite.UNKNOWN);
fs.getClient().cipherSuites.add(CipherSuite.UNKNOWN);
try {
- DFSTestUtil.createFile(fs, new Path(zone, "fail"), 0, (short) 1,
- 0xFEED);
+ DFSTestUtil.createFile(fs, new Path(zone, "fail"), 0, (short) 1, 0xFEED);
fail("Created a file without specifying a CipherSuite!");
} catch (UnknownCipherSuiteException e) {
- GenericTestUtils.assertExceptionContains("No cipher suites", e);
+ assertExceptionContains("No cipher suites", e);
}
// Pass some unknown and a good cipherSuites, success
fs.getClient().cipherSuites = Lists.newArrayListWithCapacity(3);
fs.getClient().cipherSuites.add(CipherSuite.AES_CTR_NOPADDING);
fs.getClient().cipherSuites.add(CipherSuite.UNKNOWN);
fs.getClient().cipherSuites.add(CipherSuite.UNKNOWN);
- DFSTestUtil.createFile(fs, new Path(zone, "success2"), 0, (short) 1,
- 0xFEED);
+ DFSTestUtil
+ .createFile(fs, new Path(zone, "success2"), 0, (short) 1, 0xFEED);
fs.getClient().cipherSuites = Lists.newArrayListWithCapacity(3);
fs.getClient().cipherSuites.add(CipherSuite.UNKNOWN);
fs.getClient().cipherSuites.add(CipherSuite.UNKNOWN);
fs.getClient().cipherSuites.add(CipherSuite.AES_CTR_NOPADDING);
- DFSTestUtil.createFile(fs, new Path(zone, "success3"), 4096, (short) 1,
- 0xFEED);
+ DFSTestUtil
+ .createFile(fs, new Path(zone, "success3"), 4096, (short) 1, 0xFEED);
// Check KeyProvider state
// Flushing the KP on the NN, since it caches, and init a test one
cluster.getNamesystem().getProvider().flush();
@@ -405,7 +422,7 @@ public class TestEncryptionZonesAPI {
allVersions.addAll(versions);
}
// Check that the specified CipherSuite was correctly saved on the NN
- for (int i=2; i<=3; i++) {
+ for (int i = 2; i <= 3; i++) {
FileEncryptionInfo feInfo =
getFileEncryptionInfo(new Path(zone.toString() +
"/success" + i));
@@ -413,57 +430,4 @@ public class TestEncryptionZonesAPI {
}
}
- private void validateFiles(Path p1, Path p2, int len) throws Exception {
- FSDataInputStream in1 = fs.open(p1);
- FSDataInputStream in2 = fs.open(p2);
- for (int i=0; i<len; i++) {
- assertEquals("Mismatch at byte " + i, in1.read(), in2.read());
- }
- in1.close();
- in2.close();
- }
-
- private FileEncryptionInfo getFileEncryptionInfo(Path path) throws Exception
{
- LocatedBlocks blocks = fs.getClient().getLocatedBlocks(path.toString(), 0);
- return blocks.getFileEncryptionInfo();
- }
-
- @Test(timeout = 120000)
- public void testReadWrite() throws Exception {
- final HdfsAdmin dfsAdmin =
- new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
- // Create a base file for comparison
- final Path baseFile = new Path("/base");
- final int len = 8192;
- DFSTestUtil.createFile(fs, baseFile, len, (short) 1, 0xFEED);
- // Create the first enc file
- final Path zone = new Path("/zone");
- fs.mkdirs(zone);
- dfsAdmin.createEncryptionZone(zone, null);
- final Path encFile1 = new Path(zone, "myfile");
- DFSTestUtil.createFile(fs, encFile1, len, (short) 1, 0xFEED);
- // Read them back in and compare byte-by-byte
- validateFiles(baseFile, encFile1, len);
- // Roll the key of the encryption zone
- List<EncryptionZone> zones = dfsAdmin.listEncryptionZones();
- assertEquals("Expected 1 EZ", 1, zones.size());
- String keyId = zones.get(0).getKeyId();
- cluster.getNamesystem().getProvider().rollNewVersion(keyId);
- cluster.getNamesystem().getFSDirectory().ezManager.kickMonitor();
- // Read them back in and compare byte-by-byte
- validateFiles(baseFile, encFile1, len);
- // Write a new enc file and validate
- final Path encFile2 = new Path(zone, "myfile2");
- DFSTestUtil.createFile(fs, encFile2, len, (short) 1, 0xFEED);
- // FEInfos should be different
- FileEncryptionInfo feInfo1 = getFileEncryptionInfo(encFile1);
- FileEncryptionInfo feInfo2 = getFileEncryptionInfo(encFile2);
- assertFalse("EDEKs should be different", Arrays.equals(
- feInfo1.getEncryptedDataEncryptionKey(),
- feInfo2.getEncryptedDataEncryptionKey()));
- assertNotEquals("Key was rolled, versions should be different",
- feInfo1.getEzKeyVersionName(), feInfo2.getEzKeyVersionName());
- // Contents still equal
- validateFiles(encFile1, encFile2, len);
- }
}
