From 77e5bd2ae7ea37b5413fc388e9e6ccd876dfaa70 Mon Sep 17 00:00:00 2001 From: Ashhar Hasan Date: Wed, 13 Sep 2023 11:53:24 +0530 Subject: [PATCH] Lower KRB ticket lifetime in EnvMultinodeTlsKerberosDelegation In 36b7553f219cb47b3abbcd452101ba0c3db6d0b4 the HadoopKerberos environment's ticket lifetime was lowered to be able to test Keberos constrained delegation support in the JDBC driver. The HadoopKerberos environment is a base environment and multiple environments inherit from it. Changing the Kerberos config should be done in dedicated environments to make sure we don't indicentally affect other envs or tests which depend on HadoopKerberos environment. --- .../tests/product/launcher/env/common/HadoopKerberos.java | 1 - .../env/environment/EnvMultinodeTlsKerberosDelegation.java | 5 +++++ .../multinode-tls-kerberos-delegation}/krb5_client.conf | 0 3 files changed, 5 insertions(+), 1 deletion(-) rename testing/trino-product-tests-launcher/src/main/resources/docker/presto-product-tests/{common/hadoop-kerberos => conf/environment/multinode-tls-kerberos-delegation}/krb5_client.conf (100%) diff --git a/testing/trino-product-tests-launcher/src/main/java/io/trino/tests/product/launcher/env/common/HadoopKerberos.java b/testing/trino-product-tests-launcher/src/main/java/io/trino/tests/product/launcher/env/common/HadoopKerberos.java index f71fdc9c70f2..57af71be6327 100644 --- a/testing/trino-product-tests-launcher/src/main/java/io/trino/tests/product/launcher/env/common/HadoopKerberos.java +++ b/testing/trino-product-tests-launcher/src/main/java/io/trino/tests/product/launcher/env/common/HadoopKerberos.java @@ -76,7 +76,6 @@ public void extendEnvironment(Environment.Builder builder) }); builder.configureContainer(TESTS, container -> { container.setDockerImageName(dockerImageName); - container.withCopyFileToContainer(forHostPath(configDir.getPath("krb5_client.conf")), "/etc/krb5.conf"); }); configureTempto(builder, configDir); } diff --git a/testing/trino-product-tests-launcher/src/main/java/io/trino/tests/product/launcher/env/environment/EnvMultinodeTlsKerberosDelegation.java b/testing/trino-product-tests-launcher/src/main/java/io/trino/tests/product/launcher/env/environment/EnvMultinodeTlsKerberosDelegation.java index 33955539a850..917fd5938bd5 100644 --- a/testing/trino-product-tests-launcher/src/main/java/io/trino/tests/product/launcher/env/environment/EnvMultinodeTlsKerberosDelegation.java +++ b/testing/trino-product-tests-launcher/src/main/java/io/trino/tests/product/launcher/env/environment/EnvMultinodeTlsKerberosDelegation.java @@ -32,6 +32,7 @@ import static com.google.common.base.Verify.verify; import static io.trino.tests.product.launcher.env.EnvironmentContainers.COORDINATOR; +import static io.trino.tests.product.launcher.env.EnvironmentContainers.TESTS; import static io.trino.tests.product.launcher.env.EnvironmentContainers.configureTempto; import static io.trino.tests.product.launcher.env.EnvironmentContainers.worker; import static io.trino.tests.product.launcher.env.common.Hadoop.CONTAINER_TRINO_HIVE_PROPERTIES; @@ -87,6 +88,10 @@ public void extendEnvironment(Environment.Builder builder) builder.addConnector("iceberg", forHostPath(dockerFiles.getDockerFilesHostPath("conf/environment/multinode-tls-kerberos/iceberg.properties")), CONTAINER_TRINO_ICEBERG_PROPERTIES); builder.addContainers(createTrinoWorker(worker(1)), createTrinoWorker(worker(2))); + builder.configureContainer(TESTS, container -> { + // Configures a low ticket lifetime to ensure tickets get expired during tests + container.withCopyFileToContainer(forHostPath(configDir.getPath("krb5_client.conf")), "/etc/krb5.conf"); + }); configureTempto(builder, configDir); } diff --git a/testing/trino-product-tests-launcher/src/main/resources/docker/presto-product-tests/common/hadoop-kerberos/krb5_client.conf b/testing/trino-product-tests-launcher/src/main/resources/docker/presto-product-tests/conf/environment/multinode-tls-kerberos-delegation/krb5_client.conf similarity index 100% rename from testing/trino-product-tests-launcher/src/main/resources/docker/presto-product-tests/common/hadoop-kerberos/krb5_client.conf rename to testing/trino-product-tests-launcher/src/main/resources/docker/presto-product-tests/conf/environment/multinode-tls-kerberos-delegation/krb5_client.conf