BlockPoolTokenSecretManager (Apache Hadoop HDFS 3.4.1.0-eep-940 API)

java.lang.Object
- org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier>
- - org.apache.hadoop.hdfs.security.token.block.BlockPoolTokenSecretManager

public class BlockPoolTokenSecretManager
extends org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier>

Manages a BlockTokenSecretManager per block pool. Routes the requests given a block pool Id to corresponding BlockTokenSecretManager

Nested Class Summary
- Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager
  org.apache.hadoop.security.token.SecretManager.InvalidToken

Constructor Summary

Constructors
Constructor Description

BlockPoolTokenSecretManager()

Constructors
Constructor	Description
`BlockPoolTokenSecretManager()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`void`	`addBlockPool(java.lang.String bpid, BlockTokenSecretManager secretMgr)`	Add a block pool Id and corresponding `BlockTokenSecretManager` to map
`void`	`addKeys(java.lang.String bpid, ExportedBlockKeys exportedKeys)`	See `BlockTokenSecretManager.addKeys(ExportedBlockKeys)`.
`void`	`checkAccess(org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier id, java.lang.String userId, org.apache.hadoop.hdfs.protocol.ExtendedBlock block, org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode mode)`	See `BlockTokenSecretManager.checkAccess(BlockTokenIdentifier, String, ExtendedBlock, BlockTokenIdentifier.AccessMode)`.
`void`	`checkAccess(org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier id, java.lang.String userId, org.apache.hadoop.hdfs.protocol.ExtendedBlock block, org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode mode, org.apache.hadoop.fs.StorageType[] storageTypes)`	See `BlockTokenSecretManager.checkAccess(BlockTokenIdentifier, String, ExtendedBlock, BlockTokenIdentifier.AccessMode, StorageType[])`
`void`	`checkAccess(org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier id, java.lang.String userId, org.apache.hadoop.hdfs.protocol.ExtendedBlock block, org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode mode, org.apache.hadoop.fs.StorageType[] storageTypes, java.lang.String[] storageIds)`	See `BlockTokenSecretManager.checkAccess(BlockTokenIdentifier, String, ExtendedBlock, BlockTokenIdentifier.AccessMode, StorageType[], String[])`
`void`	`checkAccess(org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier> token, java.lang.String userId, org.apache.hadoop.hdfs.protocol.ExtendedBlock block, org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode mode)`	See `BlockTokenSecretManager.checkAccess(Token, String, ExtendedBlock, BlockTokenIdentifier.AccessMode)`.
`void`	`checkAccess(org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier> token, java.lang.String userId, org.apache.hadoop.hdfs.protocol.ExtendedBlock block, org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode mode, org.apache.hadoop.fs.StorageType[] storageTypes, java.lang.String[] storageIds)`	See `BlockTokenSecretManager.checkAccess(Token, String, ExtendedBlock, BlockTokenIdentifier.AccessMode, StorageType[], String[])`
`void`	`clearAllKeysForTesting()`
`org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier`	`createIdentifier()`	Return an empty BlockTokenIdentifer
`byte[]`	`createPassword(org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier identifier)`
`org.apache.hadoop.hdfs.security.token.block.DataEncryptionKey`	`generateDataEncryptionKey(java.lang.String blockPoolId)`
`org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier>`	`generateToken(org.apache.hadoop.hdfs.protocol.ExtendedBlock b, java.util.EnumSet<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode> of, org.apache.hadoop.fs.StorageType[] storageTypes, java.lang.String[] storageIds)`	See `BlockTokenSecretManager.generateToken(ExtendedBlock, EnumSet, StorageType[], String[])`.
`BlockTokenSecretManager`	`get(java.lang.String bpid)`
`boolean`	`isBlockPoolRegistered(java.lang.String bpid)`
`byte[]`	`retrieveDataEncryptionKey(int keyId, java.lang.String blockPoolId, byte[] nonce)`
`byte[]`	`retrievePassword(org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier identifier)`

Methods inherited from class org.apache.hadoop.security.token.SecretManager
checkAvailableForRead, createPassword, createSecretKey, generateSecret, retriableRetrievePassword

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail
- BlockPoolTokenSecretManager
```
public BlockPoolTokenSecretManager()
```

Method Detail

addBlockPool

public void addBlockPool(java.lang.String bpid,
                         BlockTokenSecretManager secretMgr)

Add a block pool Id and corresponding BlockTokenSecretManager to map

Parameters:: bpid - block pool Id; secretMgr - BlockTokenSecretManager

get

@VisibleForTesting
public BlockTokenSecretManager get(java.lang.String bpid)

isBlockPoolRegistered

public boolean isBlockPoolRegistered(java.lang.String bpid)

createIdentifier
```
public org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier createIdentifier()
```
Return an empty BlockTokenIdentifer

Specified by:

createIdentifier in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier>

createPassword
```
public byte[] createPassword(org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier identifier)
```
Specified by:

createPassword in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier>

retrievePassword
```
public byte[] retrievePassword(org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier identifier)
                        throws org.apache.hadoop.security.token.SecretManager.InvalidToken
```
Specified by:

retrievePassword in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier>

Throws:

org.apache.hadoop.security.token.SecretManager.InvalidToken

checkAccess

public void checkAccess(org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier id,
                        java.lang.String userId,
                        org.apache.hadoop.hdfs.protocol.ExtendedBlock block,
                        org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode mode,
                        org.apache.hadoop.fs.StorageType[] storageTypes,
                        java.lang.String[] storageIds)
                 throws org.apache.hadoop.security.token.SecretManager.InvalidToken

See

BlockTokenSecretManager.checkAccess(BlockTokenIdentifier,
                String, ExtendedBlock, BlockTokenIdentifier.AccessMode,
                StorageType[], String[])

Throws:: org.apache.hadoop.security.token.SecretManager.InvalidToken

checkAccess

public void checkAccess(org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier id,
                        java.lang.String userId,
                        org.apache.hadoop.hdfs.protocol.ExtendedBlock block,
                        org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode mode,
                        org.apache.hadoop.fs.StorageType[] storageTypes)
                 throws org.apache.hadoop.security.token.SecretManager.InvalidToken

See

BlockTokenSecretManager.checkAccess(BlockTokenIdentifier,
 String, ExtendedBlock, BlockTokenIdentifier.AccessMode,
 StorageType[])

Throws:: org.apache.hadoop.security.token.SecretManager.InvalidToken

checkAccess

public void checkAccess(org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier id,
                        java.lang.String userId,
                        org.apache.hadoop.hdfs.protocol.ExtendedBlock block,
                        org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode mode)
                 throws org.apache.hadoop.security.token.SecretManager.InvalidToken

See

BlockTokenSecretManager.checkAccess(BlockTokenIdentifier,
 String, ExtendedBlock, BlockTokenIdentifier.AccessMode)

Throws:: org.apache.hadoop.security.token.SecretManager.InvalidToken

checkAccess

public void checkAccess(org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier> token,
                        java.lang.String userId,
                        org.apache.hadoop.hdfs.protocol.ExtendedBlock block,
                        org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode mode)
                 throws org.apache.hadoop.security.token.SecretManager.InvalidToken

See

BlockTokenSecretManager.checkAccess(Token, String,
                ExtendedBlock, BlockTokenIdentifier.AccessMode)

Throws:: org.apache.hadoop.security.token.SecretManager.InvalidToken

checkAccess

public void checkAccess(org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier> token,
                        java.lang.String userId,
                        org.apache.hadoop.hdfs.protocol.ExtendedBlock block,
                        org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode mode,
                        org.apache.hadoop.fs.StorageType[] storageTypes,
                        java.lang.String[] storageIds)
                 throws org.apache.hadoop.security.token.SecretManager.InvalidToken

See

BlockTokenSecretManager.checkAccess(Token, String,
                ExtendedBlock, BlockTokenIdentifier.AccessMode,
                StorageType[], String[])

Throws:: org.apache.hadoop.security.token.SecretManager.InvalidToken

addKeys

public void addKeys(java.lang.String bpid,
                    ExportedBlockKeys exportedKeys)
             throws java.io.IOException

See BlockTokenSecretManager.addKeys(ExportedBlockKeys).

Throws:: java.io.IOException

generateToken

public org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier> generateToken(org.apache.hadoop.hdfs.protocol.ExtendedBlock b,
                                                                                                                              java.util.EnumSet<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode> of,
                                                                                                                              org.apache.hadoop.fs.StorageType[] storageTypes,
                                                                                                                              java.lang.String[] storageIds)
                                                                                                                       throws java.io.IOException

See

BlockTokenSecretManager.generateToken(ExtendedBlock, EnumSet,
  StorageType[], String[])

Throws:: java.io.IOException

clearAllKeysForTesting

@VisibleForTesting
public void clearAllKeysForTesting()

generateDataEncryptionKey

public org.apache.hadoop.hdfs.security.token.block.DataEncryptionKey generateDataEncryptionKey(java.lang.String blockPoolId)

retrieveDataEncryptionKey

public byte[] retrieveDataEncryptionKey(int keyId,
                                        java.lang.String blockPoolId,
                                        byte[] nonce)
                                 throws java.io.IOException

Throws:: java.io.IOException

Class BlockPoolTokenSecretManager

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager

Constructor Summary

Method Summary

Methods inherited from class org.apache.hadoop.security.token.SecretManager

Methods inherited from class java.lang.Object

Constructor Detail

BlockPoolTokenSecretManager

Method Detail

addBlockPool

get

isBlockPoolRegistered

createIdentifier

createPassword

retrievePassword

checkAccess

checkAccess

checkAccess

checkAccess

checkAccess

addKeys

generateToken

clearAllKeysForTesting

generateDataEncryptionKey

retrieveDataEncryptionKey