diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/client/ServiceClient.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/client/ServiceClient.java index 67306d272ec..bf1648f06c2 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/client/ServiceClient.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/client/ServiceClient.java @@ -1077,27 +1077,31 @@ private void addKeytabResourceIfSecure(SliderFileSystem fileSystem, throw new YarnException(e); } - switch (keytabURI.getScheme()) { - case "hdfs": - Path keytabOnhdfs = new Path(keytabURI); - if (!fileSystem.getFileSystem().exists(keytabOnhdfs)) { - LOG.warn(service.getName() + "'s keytab (principalName = " + - principalName + ") doesn't exist at: " + keytabOnhdfs); - return; + if (keytabURI.getScheme() != null) { + switch (keytabURI.getScheme()) { + case "hdfs": + Path keytabOnhdfs = new Path(keytabURI); + if (!fileSystem.getFileSystem().exists(keytabOnhdfs)) { + LOG.warn(service.getName() + "'s keytab (principalName = " + + principalName + ") doesn't exist at: " + keytabOnhdfs); + return; + } + LocalResource keytabRes = fileSystem.createAmResource(keytabOnhdfs, + LocalResourceType.FILE); + localResource.put(String.format(YarnServiceConstants.KEYTAB_LOCATION, + service.getName()), keytabRes); + LOG.info("Adding " + service.getName() + "'s keytab for " + + "localization, uri = " + keytabOnhdfs); + break; + case "file": + LOG.info("Using a keytab from localhost: " + keytabURI); + break; + default: + LOG.warn("Unsupported keytab URI scheme " + keytabURI); + break; } - LocalResource keytabRes = - fileSystem.createAmResource(keytabOnhdfs, LocalResourceType.FILE); - localResource.put(String.format(YarnServiceConstants.KEYTAB_LOCATION, - service.getName()), keytabRes); - LOG.debug("Adding " + service.getName() + "'s keytab for " + - "localization, uri = " + keytabOnhdfs); - break; - case "file": - LOG.debug("Using a keytab from localhost: " + keytabURI); - break; - default: - LOG.warn("Unsupported URI scheme " + keytabURI); - break; + } else { + LOG.warn("Unsupported keytab URI scheme " + keytabURI); } } diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/utils/ServiceApiUtil.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/utils/ServiceApiUtil.java index a4e5c0d7d16..601a0c6ade1 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/utils/ServiceApiUtil.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-core/src/main/java/org/apache/hadoop/yarn/service/utils/ServiceApiUtil.java @@ -114,9 +114,14 @@ public static void validateAndResolveService(Service service, if (!StringUtils.isEmpty(service.getKerberosPrincipal().getKeytab())) { try { // validate URI format - new URI(service.getKerberosPrincipal().getKeytab()); + URI keytabURI = new URI(service.getKerberosPrincipal().getKeytab()); + if (keytabURI.getScheme() == null) { + throw new IllegalArgumentException( + ("Unsupported keytab URI scheme: " + keytabURI)); + } } catch (URISyntaxException e) { - throw new IllegalArgumentException(e); + throw new IllegalArgumentException( + "Invalid keytab: " + e.getLocalizedMessage()); } } }