big-data/hadoop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

YARN-8571. Validate service principal format prior to launching yarn service. Contributed by Eric Yang

Browse Source
This commit is contained in:
Billie Rinaldi 2018-07-27 11:30:19 -07:00
parent 1c40bc2836
commit b429f19d32
3 changed files with 39 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/exceptions/RestApiErrorMessages.java
View File

@ -125,4 +125,8 @@ public interface RestApiErrorMessages {
String ERROR_COMP_DOES_NOT_NEED_UPGRADE = "The component (%s) does not need" + String ERROR_COMP_DOES_NOT_NEED_UPGRADE = "The component (%s) does not need" +
" an upgrade."; " an upgrade.";
String ERROR_KERBEROS_PRINCIPAL_NAME_FORMAT = "Kerberos principal (%s) does " +
" not contain a hostname.";
String ERROR_KERBEROS_PRINCIPAL_MISSING = "Kerberos principal or keytab is" +
" missing.";
} }

10
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/utils/ServiceApiUtil.java
View File

@ -243,6 +243,16 @@ public static void validateAndResolveService(Service service,
public static void validateKerberosPrincipal( public static void validateKerberosPrincipal(
KerberosPrincipal kerberosPrincipal) throws IOException { KerberosPrincipal kerberosPrincipal) throws IOException {
try {
if (!kerberosPrincipal.getPrincipalName().contains("/")) {
throw new IllegalArgumentException(String.format(
RestApiErrorMessages.ERROR_KERBEROS_PRINCIPAL_NAME_FORMAT,
kerberosPrincipal.getPrincipalName()));
}
} catch (NullPointerException e) {
throw new IllegalArgumentException(
RestApiErrorMessages.ERROR_KERBEROS_PRINCIPAL_MISSING);
}
if (!StringUtils.isEmpty(kerberosPrincipal.getKeytab())) { if (!StringUtils.isEmpty(kerberosPrincipal.getKeytab())) {
try { try {
// validate URI format // validate URI format

25
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/test/java/org/apache/hadoop/yarn/service/TestServiceApiUtil.java
View File

@ -625,4 +625,29 @@ public void testKerberosPrincipal() throws IOException {
Assert.fail(NO_EXCEPTION_PREFIX + e.getMessage()); Assert.fail(NO_EXCEPTION_PREFIX + e.getMessage());
} }
} }
@Test
public void testKerberosPrincipalNameFormat() throws IOException {
Service app = createValidApplication("comp-a");
KerberosPrincipal kp = new KerberosPrincipal();
kp.setPrincipalName("user@domain.com");
app.setKerberosPrincipal(kp);
try {
ServiceApiUtil.validateKerberosPrincipal(app.getKerberosPrincipal());
Assert.fail(EXCEPTION_PREFIX + "service with invalid principal name format.");
} catch (IllegalArgumentException e) {
assertEquals(
String.format(RestApiErrorMessages.ERROR_KERBEROS_PRINCIPAL_NAME_FORMAT,
kp.getPrincipalName()),
e.getMessage());
}
kp.setPrincipalName("user/_HOST@domain.com");
try {
ServiceApiUtil.validateKerberosPrincipal(app.getKerberosPrincipal());
} catch (IllegalArgumentException e) {
Assert.fail(NO_EXCEPTION_PREFIX + e.getMessage());
}
}
} }