errose28 commented on code in PR #6945:
URL: https://github.com/apache/ozone/pull/6945#discussion_r1705781410
##########
hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/container/ozoneimpl/TestOzoneContainerWithTLS.java:
##########
@@ -221,6 +229,67 @@ public void downloadContainer(boolean
containerTokenEnabled)
if (client != null) {
clientManager.releaseClient(client, true);
}
+ IOUtils.closeQuietly(clientManager);
+ }
+ }
+
+ @ParameterizedTest(name = "Container token enabled: {0}")
+ @ValueSource(booleans = {false, true})
+ public void testDNContainerOperationClient(boolean containerTokenEnabled)
+ throws Exception {
+ conf.setBoolean(HddsConfigKeys.HDDS_CONTAINER_TOKEN_ENABLED,
+ containerTokenEnabled);
+ OzoneContainer container = createAndStartOzoneContainerInstance();
+ DNContainerOperationClient dnClient = null;
+ XceiverClientSpi client = null;
+ try {
+ dnClient = new DNContainerOperationClient(conf, caClient, keyClient);
+ client = dnClient.getXceiverClientManager().acquireClient(pipeline);
+ long containerId = createAndCloseContainer(client,
containerTokenEnabled);
+ dnClient.getContainerMerkleTree(containerId, dn);
+ } finally {
+ if (container != null) {
+ container.stop();
+ }
+ if (client != null) {
+ dnClient.getXceiverClientManager().releaseClient(client, true);
+ }
+ IOUtils.closeQuietly(dnClient);
+ }
+ }
+
+ @Test
+ public void testContainerMerkleTree() throws IOException {
Review Comment:
```suggestion
public void testGetContainerMerkleTree() throws IOException {
```
##########
hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/container/ozoneimpl/TestOzoneContainerWithTLS.java:
##########
@@ -221,6 +229,67 @@ public void downloadContainer(boolean
containerTokenEnabled)
if (client != null) {
clientManager.releaseClient(client, true);
}
+ IOUtils.closeQuietly(clientManager);
+ }
+ }
+
+ @ParameterizedTest(name = "Container token enabled: {0}")
+ @ValueSource(booleans = {false, true})
+ public void testDNContainerOperationClient(boolean containerTokenEnabled)
+ throws Exception {
+ conf.setBoolean(HddsConfigKeys.HDDS_CONTAINER_TOKEN_ENABLED,
+ containerTokenEnabled);
+ OzoneContainer container = createAndStartOzoneContainerInstance();
+ DNContainerOperationClient dnClient = null;
+ XceiverClientSpi client = null;
+ try {
+ dnClient = new DNContainerOperationClient(conf, caClient, keyClient);
+ client = dnClient.getXceiverClientManager().acquireClient(pipeline);
+ long containerId = createAndCloseContainer(client,
containerTokenEnabled);
+ dnClient.getContainerMerkleTree(containerId, dn);
+ } finally {
+ if (container != null) {
+ container.stop();
+ }
+ if (client != null) {
+ dnClient.getXceiverClientManager().releaseClient(client, true);
Review Comment:
Can we auto close the `DNContainerOperationClient` instead of manually
releasing the clients?
##########
hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/container/ozoneimpl/TestOzoneContainerWithTLS.java:
##########
@@ -221,6 +229,67 @@ public void downloadContainer(boolean
containerTokenEnabled)
if (client != null) {
clientManager.releaseClient(client, true);
}
+ IOUtils.closeQuietly(clientManager);
+ }
+ }
+
+ @ParameterizedTest(name = "Container token enabled: {0}")
+ @ValueSource(booleans = {false, true})
+ public void testDNContainerOperationClient(boolean containerTokenEnabled)
+ throws Exception {
+ conf.setBoolean(HddsConfigKeys.HDDS_CONTAINER_TOKEN_ENABLED,
+ containerTokenEnabled);
+ OzoneContainer container = createAndStartOzoneContainerInstance();
+ DNContainerOperationClient dnClient = null;
+ XceiverClientSpi client = null;
+ try {
+ dnClient = new DNContainerOperationClient(conf, caClient, keyClient);
+ client = dnClient.getXceiverClientManager().acquireClient(pipeline);
+ long containerId = createAndCloseContainer(client,
containerTokenEnabled);
+ dnClient.getContainerMerkleTree(containerId, dn);
+ } finally {
+ if (container != null) {
+ container.stop();
+ }
+ if (client != null) {
+ dnClient.getXceiverClientManager().releaseClient(client, true);
+ }
+ IOUtils.closeQuietly(dnClient);
+ }
+ }
+
+ @Test
+ public void testContainerMerkleTree() throws IOException {
+ conf.setBoolean(HddsConfigKeys.HDDS_CONTAINER_TOKEN_ENABLED, true);
+ OzoneContainer container = createAndStartOzoneContainerInstance();
+ ScmClientConfig scmClientConf = conf.getObject(ScmClientConfig.class);
+ XceiverClientManager clientManager =
+ new XceiverClientManager(conf, scmClientConf, aClientTrustManager());
+ XceiverClientSpi client = null;
+ try {
+ client = clientManager.acquireClient(pipeline);
+ long containerId = createAndCloseContainer(client, true);
+ TokenHelper tokenHelper = new TokenHelper(new SecurityConfig(conf),
keyClient);
+ String containerToken = encode(tokenHelper.getContainerToken(
+ ContainerID.valueOf(containerId)));
+ ContainerProtos.GetContainerMerkleTreeResponseProto response =
+ ContainerProtocolCalls.getContainerMerkleTree(client,
+ containerId, containerToken);
+ // Getting container merkle tree with valid container token
+ assertEquals(response.getContainerMerkleTree(), ByteString.EMPTY);
+
+ // Getting container merkle tree with invalid container token
+ XceiverClientSpi finalClient = client;
+ assertThrows(IOException.class, () ->
ContainerProtocolCalls.getContainerMerkleTree(
+ finalClient, containerId, "invalidContainerToken"));
Review Comment:
We should specifically test for `StorageContainerException` with result code
`BLOCK_TOKEN_VERIFICATION_FAILED`. Also there's some info missing from the
exception message which shows up as `null`:
```
org.apache.hadoop.hdds.scm.container.common.helpers.StorageContainerException:
BLOCK_TOKEN_VERIFICATION_FAILED for null: Failed to decode token :
invalidContainerToken
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
