adoroszlai commented on code in PR #5887:
URL: https://github.com/apache/ozone/pull/5887#discussion_r1450849151
##########
hadoop-ozone/dist/src/main/smoketest/s3/secretgenerate.robot:
##########
@@ -21,30 +21,31 @@ Library String
Resource ../commonlib.robot
Resource ./commonawslib.robot
Test Timeout 5 minutes
-Suite Setup Setup s3 tests
Default Tags no-bucket-type
+Test Setup Run Keywords Kinit test user testuser
testuser.keytab
+... AND Revoke S3 secrets
+Test Teardown Run Keyword Revoke S3 secrets
*** Variables ***
${ENDPOINT_URL} http://s3g:9878
+${SECURITY_ENABLED} true
*** Test Cases ***
S3 Gateway Generate Secret
- Run Keyword if '${SECURITY_ENABLED}' == 'true' Kinit HTTP user
+ Pass Execution If '${SECURITY_ENABLED}' == 'false' Skipping this
check as security is not enabled
${result} = Execute curl -X PUT
--negotiate -u : -v ${ENDPOINT_URL}/secret
- IF '${SECURITY_ENABLED}' == 'true'
- Should contain ${result} HTTP/1.1
200 OK ignore_case=True
- Should Match Regexp ${result}
<awsAccessKey>.*</awsAccessKey><awsSecret>.*</awsSecret>
- ELSE
- Should contain ${result} S3 Secret
endpoint is disabled.
- END
+ Should contain ${result} HTTP/1.1 200
OK ignore_case=True
+ Should Match Regexp ${result}
<awsAccessKey>.*</awsAccessKey><awsSecret>.*</awsSecret>
+
+S3 Gateway Secret Already Exists
+ Pass Execution If '${SECURITY_ENABLED}' == 'false' Skipping this
check as security is not enabled
+ [Setup] Setup v4 headers
+ ${result} = Execute curl -X PUT
--negotiate -u : -v ${ENDPOINT_URL}/secret
+ Should contain ${result} HTTP/1.1 400
S3_SECRET_ALREADY_EXISTS ignore_case=True
S3 Gateway Generate Secret By Username
- Run Keyword if '${SECURITY_ENABLED}' == 'true' Kinit test user
testuser testuser.keytab
- ${result} = Execute curl -X PUT
--negotiate -u : -v ${ENDPOINT_URL}/secret/testuser2
- IF '${SECURITY_ENABLED}' == 'true'
- Should contain ${result} HTTP/1.1
200 OK ignore_case=True
- Should Match Regexp ${result}
<awsAccessKey>.*</awsAccessKey><awsSecret>.*</awsSecret>
- ELSE
- Should contain ${result} S3 Secret
endpoint is disabled.
- END
+ Pass Execution If '${SECURITY_ENABLED}' == 'false' Skipping this
check as security is not enabled
+ ${result} = Execute curl -X PUT
--negotiate -u : -v ${ENDPOINT_URL}/secret/testuser
Review Comment:
Also here, can we keep `testuser2`?
##########
hadoop-ozone/dist/src/main/smoketest/s3/secretrevoke.robot:
##########
@@ -31,19 +32,12 @@ ${SECURITY_ENABLED} true
*** Test Cases ***
S3 Gateway Revoke Secret
- Run Keyword if '${SECURITY_ENABLED}' == 'true' Kinit HTTP user
+ Pass Execution If '${SECURITY_ENABLED}' == 'false' Skipping this
check as security is not enabled
${result} = Execute curl -X DELETE
--negotiate -u : -v ${ENDPOINT_URL}/secret
Review Comment:
I think @ivanzlenko is right, `[setup]` to generate secret is missing here.
##########
hadoop-ozone/dist/src/main/smoketest/s3/secretgenerate.robot:
##########
@@ -21,30 +21,31 @@ Library String
Resource ../commonlib.robot
Resource ./commonawslib.robot
Test Timeout 5 minutes
-Suite Setup Setup s3 tests
Default Tags no-bucket-type
+Test Setup Run Keywords Kinit test user testuser
testuser.keytab
Review Comment:
`Revoke S3 secrets` (called in the next line) does revoke for `testuser`,
too.
##########
hadoop-ozone/s3gateway/src/test/java/org/apache/hadoop/ozone/s3secret/TestSecretGenerate.java:
##########
@@ -96,6 +99,21 @@ void testSecretGenerate() throws IOException {
assertEquals(USER_NAME, response.getAwsAccessKey());
}
Review Comment:
Can be done in follow-up if needed.
##########
hadoop-ozone/dist/src/main/smoketest/s3/secretrevoke.robot:
##########
@@ -31,19 +32,12 @@ ${SECURITY_ENABLED} true
*** Test Cases ***
S3 Gateway Revoke Secret
- Run Keyword if '${SECURITY_ENABLED}' == 'true' Kinit HTTP user
+ Pass Execution If '${SECURITY_ENABLED}' == 'false' Skipping this
check as security is not enabled
${result} = Execute curl -X DELETE
--negotiate -u : -v ${ENDPOINT_URL}/secret
- IF '${SECURITY_ENABLED}' == 'true'
- Should contain ${result} HTTP/1.1 200
OK ignore_case=True
- ELSE
- Should contain ${result} S3 Secret
endpoint is disabled.
- END
+ Should contain ${result} HTTP/1.1 200 OK
ignore_case=True
S3 Gateway Revoke Secret By Username
- Run Keyword if '${SECURITY_ENABLED}' == 'true' Kinit test user
testuser testuser.keytab
- ${result} = Execute curl -X DELETE
--negotiate -u : -v ${ENDPOINT_URL}/secret/testuser2
- IF '${SECURITY_ENABLED}' == 'true'
- Should contain ${result} HTTP/1.1 200
OK ignore_case=True
- ELSE
- Should contain ${result} S3 Secret
endpoint is disabled.
- END
\ No newline at end of file
+ Pass Execution If '${SECURITY_ENABLED}' == 'false' Skipping this
check as security is not enabled
+ [Setup] Execute curl -X PUT
--negotiate -u : -v ${ENDPOINT_URL}/secret/testuser
Review Comment:
Also, I think it would be better if setup used CLI to generate the secret,
not HTTP. (Similarly to how `secretgenerate.robot` uses CLI to revoke in
setup/teardown.)
##########
hadoop-ozone/dist/src/main/smoketest/s3/secretrevoke.robot:
##########
@@ -31,19 +32,12 @@ ${SECURITY_ENABLED} true
*** Test Cases ***
S3 Gateway Revoke Secret
- Run Keyword if '${SECURITY_ENABLED}' == 'true' Kinit HTTP user
+ Pass Execution If '${SECURITY_ENABLED}' == 'false' Skipping this
check as security is not enabled
${result} = Execute curl -X DELETE
--negotiate -u : -v ${ENDPOINT_URL}/secret
- IF '${SECURITY_ENABLED}' == 'true'
- Should contain ${result} HTTP/1.1 200
OK ignore_case=True
- ELSE
- Should contain ${result} S3 Secret
endpoint is disabled.
- END
+ Should contain ${result} HTTP/1.1 200 OK
ignore_case=True
S3 Gateway Revoke Secret By Username
- Run Keyword if '${SECURITY_ENABLED}' == 'true' Kinit test user
testuser testuser.keytab
- ${result} = Execute curl -X DELETE
--negotiate -u : -v ${ENDPOINT_URL}/secret/testuser2
- IF '${SECURITY_ENABLED}' == 'true'
- Should contain ${result} HTTP/1.1 200
OK ignore_case=True
- ELSE
- Should contain ${result} S3 Secret
endpoint is disabled.
- END
\ No newline at end of file
+ Pass Execution If '${SECURITY_ENABLED}' == 'false' Skipping this
check as security is not enabled
+ [Setup] Execute curl -X PUT
--negotiate -u : -v ${ENDPOINT_URL}/secret/testuser
+ ${result} = Execute curl -X DELETE
--negotiate -u : -v ${ENDPOINT_URL}/secret/testuser
Review Comment:
Can we keep "by username" test case generate/revoke for `testuser2`? Since
`testuser` is executing the test case, this verifies it works for other user.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
