YARN-8571. Validate service principal format prior to launching yarn service. Contributed by Eric Yang

(cherry picked from commit b429f19d32)
This commit is contained in:
Billie Rinaldi 2018-07-27 11:30:19 -07:00
parent 0eb187f72b
commit 06166f2255
3 changed files with 39 additions and 0 deletions

View File

@ -125,4 +125,8 @@ public interface RestApiErrorMessages {
String ERROR_COMP_DOES_NOT_NEED_UPGRADE = "The component (%s) does not need" + String ERROR_COMP_DOES_NOT_NEED_UPGRADE = "The component (%s) does not need" +
" an upgrade."; " an upgrade.";
String ERROR_KERBEROS_PRINCIPAL_NAME_FORMAT = "Kerberos principal (%s) does " +
" not contain a hostname.";
String ERROR_KERBEROS_PRINCIPAL_MISSING = "Kerberos principal or keytab is" +
" missing.";
} }

View File

@ -234,6 +234,16 @@ public class ServiceApiUtil {
public static void validateKerberosPrincipal( public static void validateKerberosPrincipal(
KerberosPrincipal kerberosPrincipal) throws IOException { KerberosPrincipal kerberosPrincipal) throws IOException {
try {
if (!kerberosPrincipal.getPrincipalName().contains("/")) {
throw new IllegalArgumentException(String.format(
RestApiErrorMessages.ERROR_KERBEROS_PRINCIPAL_NAME_FORMAT,
kerberosPrincipal.getPrincipalName()));
}
} catch (NullPointerException e) {
throw new IllegalArgumentException(
RestApiErrorMessages.ERROR_KERBEROS_PRINCIPAL_MISSING);
}
if (!StringUtils.isEmpty(kerberosPrincipal.getKeytab())) { if (!StringUtils.isEmpty(kerberosPrincipal.getKeytab())) {
try { try {
// validate URI format // validate URI format

View File

@ -625,4 +625,29 @@ public class TestServiceApiUtil {
Assert.fail(NO_EXCEPTION_PREFIX + e.getMessage()); Assert.fail(NO_EXCEPTION_PREFIX + e.getMessage());
} }
} }
@Test
public void testKerberosPrincipalNameFormat() throws IOException {
Service app = createValidApplication("comp-a");
KerberosPrincipal kp = new KerberosPrincipal();
kp.setPrincipalName("user@domain.com");
app.setKerberosPrincipal(kp);
try {
ServiceApiUtil.validateKerberosPrincipal(app.getKerberosPrincipal());
Assert.fail(EXCEPTION_PREFIX + "service with invalid principal name format.");
} catch (IllegalArgumentException e) {
assertEquals(
String.format(RestApiErrorMessages.ERROR_KERBEROS_PRINCIPAL_NAME_FORMAT,
kp.getPrincipalName()),
e.getMessage());
}
kp.setPrincipalName("user/_HOST@domain.com");
try {
ServiceApiUtil.validateKerberosPrincipal(app.getKerberosPrincipal());
} catch (IllegalArgumentException e) {
Assert.fail(NO_EXCEPTION_PREFIX + e.getMessage());
}
}
} }