From common-commits-return-79122-archive-asf-public=cust-asf.ponee.io@hadoop.apache.org  Mon Feb 26 23:31:24 2018
Return-Path: <common-commits-return-79122-archive-asf-public=cust-asf.ponee.io@hadoop.apache.org>
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx-eu-01.ponee.io (Postfix) with SMTP id 3633418066D
	for <archive-asf-public@cust-asf.ponee.io>; Mon, 26 Feb 2018 23:31:24 +0100 (CET)
Received: (qmail 40329 invoked by uid 500); 26 Feb 2018 22:31:14 -0000
Mailing-List: contact common-commits-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:common-commits-help@hadoop.apache.org>
List-Unsubscribe: <mailto:common-commits-unsubscribe@hadoop.apache.org>
List-Post: <mailto:common-commits@hadoop.apache.org>
List-Id: <common-commits.hadoop.apache.org>
Delivered-To: mailing list common-commits@hadoop.apache.org
Received: (qmail 38173 invoked by uid 99); 26 Feb 2018 22:31:13 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 Feb 2018 22:31:13 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id 931DCF4E2F; Mon, 26 Feb 2018 22:31:11 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: xyao@apache.org
To: common-commits@hadoop.apache.org
Date: Mon, 26 Feb 2018 22:31:52 -0000
Message-Id: <f321d40c90ae4c2a94e76cdc37afb9f8@git.apache.org>
In-Reply-To: <0797e7f661a14ace8216e67b240c8b52@git.apache.org>
References: <0797e7f661a14ace8216e67b240c8b52@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [43/59] [abbrv] hadoop git commit: YARN-7942. Add check for JAAS
 configuration for Yarn Service. Contributed by Billie Rinaldi

YARN-7942. Add check for JAAS configuration for Yarn Service.
           Contributed by Billie Rinaldi


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/95904f6b
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/95904f6b
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/95904f6b

Branch: refs/heads/HDFS-7240
Commit: 95904f6b3ccd1d167088086472eabdd85b2d148d
Parents: 1909690
Author: Eric Yang <eyang@apache.org>
Authored: Thu Feb 22 16:12:40 2018 -0500
Committer: Eric Yang <eyang@apache.org>
Committed: Thu Feb 22 16:12:40 2018 -0500

----------------------------------------------------------------------
 .../client/impl/zk/RegistrySecurity.java        | 44 +++++++++++++++-----
 1 file changed, 33 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/95904f6b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java
index bb829d8..5c6c983 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java
@@ -736,8 +736,10 @@ public class RegistrySecurity extends AbstractService {
    * Apply the security environment to this curator instance. This
    * may include setting up the ZK system properties for SASL
    * @param builder curator builder
+   * @throws IOException if jaas configuration can't be generated or found
    */
-  public void applySecurityEnvironment(CuratorFrameworkFactory.Builder builder) {
+  public void applySecurityEnvironment(CuratorFrameworkFactory.Builder
+      builder) throws IOException {
 
     if (isSecureRegistry()) {
       switch (access) {
@@ -752,16 +754,36 @@ public class RegistrySecurity extends AbstractService {
           break;
 
         case sasl:
-          JaasConfiguration jconf =
-              new JaasConfiguration(jaasClientEntry, principal, keytab);
-          javax.security.auth.login.Configuration.setConfiguration(jconf);
-          setSystemPropertyIfUnset(ZooKeeperSaslClient.ENABLE_CLIENT_SASL_KEY,
-              "true");
-          setSystemPropertyIfUnset(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY,
-              jaasClientEntry);
-          LOG.info(
-              "Enabling ZK sasl client: jaasClientEntry = " + jaasClientEntry
-                  + ", principal = " + principal + ", keytab = " + keytab);
+          String existingJaasConf = System.getProperty(
+              "java.security.auth.login.config");
+          if (existingJaasConf == null || existingJaasConf.isEmpty()) {
+            if (principal == null || keytab == null) {
+              throw new IOException("SASL is configured for registry, " +
+                  "but neither keytab/principal nor java.security.auth.login" +
+                  ".config system property are specified");
+            }
+            // in this case, keytab and principal are specified and no jaas
+            // config is specified, so we will create one
+            LOG.info(
+                "Enabling ZK sasl client: jaasClientEntry = " + jaasClientEntry
+                    + ", principal = " + principal + ", keytab = " + keytab);
+            JaasConfiguration jconf =
+                new JaasConfiguration(jaasClientEntry, principal, keytab);
+            javax.security.auth.login.Configuration.setConfiguration(jconf);
+            setSystemPropertyIfUnset(ZooKeeperSaslClient.ENABLE_CLIENT_SASL_KEY,
+                "true");
+            setSystemPropertyIfUnset(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY,
+                jaasClientEntry);
+          } else {
+            // in this case, jaas config is specified so we will not change it
+            LOG.info("Using existing ZK sasl configuration: " +
+                "jaasClientEntry = " + System.getProperty(
+                    ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, "Client") +
+                ", sasl client = " + System.getProperty(
+                    ZooKeeperSaslClient.ENABLE_CLIENT_SASL_KEY,
+                    ZooKeeperSaslClient.ENABLE_CLIENT_SASL_DEFAULT) +
+                ", jaas = " + existingJaasConf);
+          }
           break;
 
         default:


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org