Package org.apache.hadoop.yarn.server.nodemanager.amrmproxy

Class AMRMProxyTokenSecretManager

java.lang.Object

org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>

org.apache.hadoop.yarn.server.nodemanager.amrmproxy.AMRMProxyTokenSecretManager

public class AMRMProxyTokenSecretManager
extends org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>

This secret manager instance is used by the AMRMProxyService to generate and manage tokens.

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager

org.apache.hadoop.security.token.SecretManager.InvalidToken

Constructor Summary

Constructors

Constructor	Description
AMRMProxyTokenSecretManager(NMStateStoreService nmStateStoreService)	Create an AMRMProxyTokenSecretManager.

Method Summary

Modifier and Type	Method	Description
void	activateNextMasterKey()
void	applicationMasterFinished(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId)
org.apache.hadoop.security.token.Token<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>	createAndGetAMRMToken(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId)
org.apache.hadoop.yarn.security.AMRMTokenIdentifier	createIdentifier()	Creates an empty TokenId to be used for de-serializing an AMRMTokenIdentifier by the RPC layer.
org.apache.hadoop.yarn.server.security.MasterKeyData	createNewMasterKey()
protected byte[]	createPassword(org.apache.hadoop.yarn.security.AMRMTokenIdentifier identifier)
org.apache.hadoop.yarn.server.security.MasterKeyData	getCurrentMasterKeyData()
org.apache.hadoop.yarn.server.security.MasterKeyData	getMasterKey()
org.apache.hadoop.yarn.server.security.MasterKeyData	getNextMasterKeyData()
void	init(org.apache.hadoop.conf.Configuration conf)
void	recover(NMStateStoreService.RecoveredAMRMProxyState state)	Recover secretManager from state store.
byte[]	retrievePassword(org.apache.hadoop.yarn.security.AMRMTokenIdentifier identifier)	Retrieve the password for the given AMRMTokenIdentifier.
void	rollMasterKey()
void	setNMStateStoreService(NMStateStoreService nmStateStoreService)
void	start()
void	stop()

Methods inherited from class org.apache.hadoop.security.token.SecretManager

checkAvailableForRead, createPassword, createSecretKey, generateSecret, retriableRetrievePassword

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AMRMProxyTokenSecretManager

public AMRMProxyTokenSecretManager(NMStateStoreService nmStateStoreService)

Create an AMRMProxyTokenSecretManager.

Parameters:

nmStateStoreService - NM state store

Method Detail

init

public void init(org.apache.hadoop.conf.Configuration conf)

start

public void start()

stop

public void stop()

setNMStateStoreService

@VisibleForTesting
public void setNMStateStoreService(NMStateStoreService nmStateStoreService)

applicationMasterFinished

public void applicationMasterFinished(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId)

rollMasterKey

@Private
@VisibleForTesting
public void rollMasterKey()

activateNextMasterKey

@Private
@VisibleForTesting
public void activateNextMasterKey()

createNewMasterKey

@Private
@VisibleForTesting
public org.apache.hadoop.yarn.server.security.MasterKeyData createNewMasterKey()

createAndGetAMRMToken

public org.apache.hadoop.security.token.Token<org.apache.hadoop.yarn.security.AMRMTokenIdentifier> createAndGetAMRMToken(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId)

getMasterKey

@VisibleForTesting
public org.apache.hadoop.yarn.server.security.MasterKeyData getMasterKey()

retrievePassword

public byte[] retrievePassword(org.apache.hadoop.yarn.security.AMRMTokenIdentifier identifier)
                        throws org.apache.hadoop.security.token.SecretManager.InvalidToken

Retrieve the password for the given AMRMTokenIdentifier. Used by RPC layer to validate a remote AMRMTokenIdentifier.

Specified by:

retrievePassword in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>

Throws:

org.apache.hadoop.security.token.SecretManager.InvalidToken

createIdentifier

public org.apache.hadoop.yarn.security.AMRMTokenIdentifier createIdentifier()

Creates an empty TokenId to be used for de-serializing an AMRMTokenIdentifier by the RPC layer.

Specified by:

createIdentifier in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>

getCurrentMasterKeyData

@Private
@VisibleForTesting
public org.apache.hadoop.yarn.server.security.MasterKeyData getCurrentMasterKeyData()

getNextMasterKeyData

@Private
@VisibleForTesting
public org.apache.hadoop.yarn.server.security.MasterKeyData getNextMasterKeyData()

createPassword

@Private
protected byte[] createPassword(org.apache.hadoop.yarn.security.AMRMTokenIdentifier identifier)

Specified by:

createPassword in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>

recover

public void recover(NMStateStoreService.RecoveredAMRMProxyState state)

Recover secretManager from state store. Called after serviceInit before serviceStart.

Parameters:

state - the state to recover from