From b429f19d32d8f60a3535e047ef10cfb3edeb54c8 Mon Sep 17 00:00:00 2001 From: Billie Rinaldi Date: Fri, 27 Jul 2018 11:30:19 -0700 Subject: [PATCH] YARN-8571. Validate service principal format prior to launching yarn service. Contributed by Eric Yang --- .../exceptions/RestApiErrorMessages.java | 4 +++ .../yarn/service/utils/ServiceApiUtil.java | 10 ++++++++ .../yarn/service/TestServiceApiUtil.java | 25 +++++++++++++++++++ 3 files changed, 39 insertions(+) diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/exceptions/RestApiErrorMessages.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/exceptions/RestApiErrorMessages.java index f10d884e4e..8f831ee5a7 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/exceptions/RestApiErrorMessages.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/exceptions/RestApiErrorMessages.java @@ -125,4 +125,8 @@ public interface RestApiErrorMessages { String ERROR_COMP_DOES_NOT_NEED_UPGRADE = "The component (%s) does not need" + " an upgrade."; + String ERROR_KERBEROS_PRINCIPAL_NAME_FORMAT = "Kerberos principal (%s) does " + + " not contain a hostname."; + String ERROR_KERBEROS_PRINCIPAL_MISSING = "Kerberos principal or keytab is" + + " missing."; } diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/utils/ServiceApiUtil.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/utils/ServiceApiUtil.java index bebf52c54c..9219569327 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/utils/ServiceApiUtil.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/utils/ServiceApiUtil.java @@ -243,6 +243,16 @@ public static void validateAndResolveService(Service service, public static void validateKerberosPrincipal( KerberosPrincipal kerberosPrincipal) throws IOException { + try { + if (!kerberosPrincipal.getPrincipalName().contains("/")) { + throw new IllegalArgumentException(String.format( + RestApiErrorMessages.ERROR_KERBEROS_PRINCIPAL_NAME_FORMAT, + kerberosPrincipal.getPrincipalName())); + } + } catch (NullPointerException e) { + throw new IllegalArgumentException( + RestApiErrorMessages.ERROR_KERBEROS_PRINCIPAL_MISSING); + } if (!StringUtils.isEmpty(kerberosPrincipal.getKeytab())) { try { // validate URI format diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/test/java/org/apache/hadoop/yarn/service/TestServiceApiUtil.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/test/java/org/apache/hadoop/yarn/service/TestServiceApiUtil.java index 47b2803eb3..c2a80e7fa7 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/test/java/org/apache/hadoop/yarn/service/TestServiceApiUtil.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/test/java/org/apache/hadoop/yarn/service/TestServiceApiUtil.java @@ -625,4 +625,29 @@ public void testKerberosPrincipal() throws IOException { Assert.fail(NO_EXCEPTION_PREFIX + e.getMessage()); } } + + @Test + public void testKerberosPrincipalNameFormat() throws IOException { + Service app = createValidApplication("comp-a"); + KerberosPrincipal kp = new KerberosPrincipal(); + kp.setPrincipalName("user@domain.com"); + app.setKerberosPrincipal(kp); + + try { + ServiceApiUtil.validateKerberosPrincipal(app.getKerberosPrincipal()); + Assert.fail(EXCEPTION_PREFIX + "service with invalid principal name format."); + } catch (IllegalArgumentException e) { + assertEquals( + String.format(RestApiErrorMessages.ERROR_KERBEROS_PRINCIPAL_NAME_FORMAT, + kp.getPrincipalName()), + e.getMessage()); + } + + kp.setPrincipalName("user/_HOST@domain.com"); + try { + ServiceApiUtil.validateKerberosPrincipal(app.getKerberosPrincipal()); + } catch (IllegalArgumentException e) { + Assert.fail(NO_EXCEPTION_PREFIX + e.getMessage()); + } + } }