[YARN-8571] Validate service principal format prior to launching yarn service - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.1.0, 3.1.1
Fix Version/s: 3.2.0, 3.1.2
Component/s: security, yarn
Labels:
None

Target Version/s:

3.2.0, 3.1.2

Description

Hadoop client and server interaction is designed to validate the service principal before RPC request is permitted. In YARN service, the same security model is enforced to prevent replay attack. However, end user might submit JSON that looks like this to YARN service REST API:

{
  "name": "sleeper-service",
  "version": "1.0.0",
  "components" :
  [
    {
      "name": "sleeper",
      "number_of_containers": 2,
      "launch_command": "sleep 900000",
      "resource": {
        "cpus": 1,
        "memory": "256"
      }
    }
  ],
  "kerberos_principal" : {
    "principal_name" : "ambari-qa@EXAMPLE.COM",
    "keytab" : "file:///etc/security/keytabs/smokeuser.headless.keytab"
  }
}

The kerberos principal is end user kerberos principal instead of service principal. This does not work properly because YARN service application master requires to run with a service principal to communicate with YARN CLI client via Hadoop RPC. Without breaking Hadoop security design in this JIRA, it might be in our best interest to validate principal_name during submission, and report error message when someone tries to run YARN service with user principal.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

YARN-8571.002.patch
26/Jul/18 20:53
5 kB
Eric Yang
YARN-8571.001.patch
24/Jul/18 20:17
4 kB
Eric Yang

Activity

People

Assignee:: Eric Yang

Reporter:: Eric Yang

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 24/Jul/18 18:01

Updated:: 27/Jul/18 23:23

Resolved:: 27/Jul/18 19:15