YARN-8571. Validate service principal format prior to launching yarn service. Contributed by Eric Yang
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/b429f19d Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/b429f19d Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/b429f19d Branch: refs/heads/HDFS-12943 Commit: b429f19d32d8f60a3535e047ef10cfb3edeb54c8 Parents: 1c40bc2 Author: Billie Rinaldi <bil...@apache.org> Authored: Fri Jul 27 11:30:19 2018 -0700 Committer: Billie Rinaldi <bil...@apache.org> Committed: Fri Jul 27 11:30:19 2018 -0700 ---------------------------------------------------------------------- .../exceptions/RestApiErrorMessages.java | 4 ++++ .../yarn/service/utils/ServiceApiUtil.java | 10 ++++++++ .../hadoop/yarn/service/TestServiceApiUtil.java | 25 ++++++++++++++++++++ 3 files changed, 39 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/b429f19d/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/exceptions/RestApiErrorMessages.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/exceptions/RestApiErrorMessages.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/exceptions/RestApiErrorMessages.java index f10d884..8f831ee 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/exceptions/RestApiErrorMessages.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/exceptions/RestApiErrorMessages.java @@ -125,4 +125,8 @@ public interface RestApiErrorMessages { String ERROR_COMP_DOES_NOT_NEED_UPGRADE = "The component (%s) does not need" + " an upgrade."; + String ERROR_KERBEROS_PRINCIPAL_NAME_FORMAT = "Kerberos principal (%s) does " + + " not contain a hostname."; + String ERROR_KERBEROS_PRINCIPAL_MISSING = "Kerberos principal or keytab is" + + " missing."; } http://git-wip-us.apache.org/repos/asf/hadoop/blob/b429f19d/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/utils/ServiceApiUtil.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/utils/ServiceApiUtil.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/utils/ServiceApiUtil.java index bebf52c..9219569 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/utils/ServiceApiUtil.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/utils/ServiceApiUtil.java @@ -243,6 +243,16 @@ public class ServiceApiUtil { public static void validateKerberosPrincipal( KerberosPrincipal kerberosPrincipal) throws IOException { + try { + if (!kerberosPrincipal.getPrincipalName().contains("/")) { + throw new IllegalArgumentException(String.format( + RestApiErrorMessages.ERROR_KERBEROS_PRINCIPAL_NAME_FORMAT, + kerberosPrincipal.getPrincipalName())); + } + } catch (NullPointerException e) { + throw new IllegalArgumentException( + RestApiErrorMessages.ERROR_KERBEROS_PRINCIPAL_MISSING); + } if (!StringUtils.isEmpty(kerberosPrincipal.getKeytab())) { try { // validate URI format http://git-wip-us.apache.org/repos/asf/hadoop/blob/b429f19d/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/test/java/org/apache/hadoop/yarn/service/TestServiceApiUtil.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/test/java/org/apache/hadoop/yarn/service/TestServiceApiUtil.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/test/java/org/apache/hadoop/yarn/service/TestServiceApiUtil.java index 47b2803..c2a80e7 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/test/java/org/apache/hadoop/yarn/service/TestServiceApiUtil.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/test/java/org/apache/hadoop/yarn/service/TestServiceApiUtil.java @@ -625,4 +625,29 @@ public class TestServiceApiUtil { Assert.fail(NO_EXCEPTION_PREFIX + e.getMessage()); } } + + @Test + public void testKerberosPrincipalNameFormat() throws IOException { + Service app = createValidApplication("comp-a"); + KerberosPrincipal kp = new KerberosPrincipal(); + kp.setPrincipalName("u...@domain.com"); + app.setKerberosPrincipal(kp); + + try { + ServiceApiUtil.validateKerberosPrincipal(app.getKerberosPrincipal()); + Assert.fail(EXCEPTION_PREFIX + "service with invalid principal name format."); + } catch (IllegalArgumentException e) { + assertEquals( + String.format(RestApiErrorMessages.ERROR_KERBEROS_PRINCIPAL_NAME_FORMAT, + kp.getPrincipalName()), + e.getMessage()); + } + + kp.setPrincipalName("user/_h...@domain.com"); + try { + ServiceApiUtil.validateKerberosPrincipal(app.getKerberosPrincipal()); + } catch (IllegalArgumentException e) { + Assert.fail(NO_EXCEPTION_PREFIX + e.getMessage()); + } + } } --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org
