walterddr commented on a change in pull request #7702: [FLINK-11088][Security][YARN] Allow YARN to discover pre-installed keytab files URL: https://github.com/apache/flink/pull/7702#discussion_r390732821
########## File path: flink-yarn/src/main/java/org/apache/flink/yarn/entrypoint/YarnEntrypointUtils.java ########## @@ -90,16 +90,27 @@ public static Configuration loadConfiguration(String workingDirectory, Map<Strin final String keytabPath; - if (env.get(YarnConfigKeys.KEYTAB_PATH) == null) { + if (env.get(YarnConfigKeys.LOCAL_KEYTAB_PATH) == null) { // keytab not exist keytabPath = null; } else { - File f = new File(workingDirectory, Utils.KEYTAB_FILE_NAME); - keytabPath = f.getAbsolutePath(); + File f; + f = new File(env.get(YarnConfigKeys.LOCAL_KEYTAB_PATH)); + if (f.exists()) { // keytab file exist in host environment. + keytabPath = f.getAbsolutePath(); + } else { + f = new File(workingDirectory, env.get(YarnConfigKeys.LOCAL_KEYTAB_PATH)); + if (f.exists()) { // keytab file exist in working directory. + keytabPath = f.getAbsolutePath(); + } else { // fall back to default keytab file + f = new File(workingDirectory, Utils.DEFAULT_KEYTAB_FILE); Review comment: yes. good catch. this piece of code was there before we use the YarnConfigOption approach. I would refine this. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services