org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>
org.apache.hadoop.yarn.server.resourcemanager.security.AMRMTokenSecretManager
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Object
public class AMRMTokenSecretManager
AMRM-tokens are per ApplicationAttempt. If users redistribute their tokens, it is their headache, god save them. I mean you are not supposed to distribute keys to your vault, right? Anyways, ResourceManager saves each token locally in memory till application finishes and to a store for restart, so no need to remember master-keys even after rolling them.
| Nested Class Summary |
|---|
| Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager |
|---|
org.apache.hadoop.security.token.SecretManager.InvalidToken |
| Constructor Summary | |
|---|---|
AMRMTokenSecretManager(org.apache.hadoop.conf.Configuration conf)
Create an AMRMTokenSecretManager |
|
| Method Summary | |
|---|---|
void |
addPersistedPassword(org.apache.hadoop.security.token.Token<org.apache.hadoop.yarn.security.AMRMTokenIdentifier> token)
Populate persisted password of AMRMToken back to AMRMTokenSecretManager. |
void |
applicationMasterFinished(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId)
|
org.apache.hadoop.yarn.security.AMRMTokenIdentifier |
createIdentifier()
Creates an empty TokenId to be used for de-serializing an AMRMTokenIdentifier by the RPC layer. |
byte[] |
createPassword(org.apache.hadoop.yarn.security.AMRMTokenIdentifier identifier)
Create a password for a given AMRMTokenIdentifier. |
SecretKey |
getMasterKey()
|
byte[] |
retrievePassword(org.apache.hadoop.yarn.security.AMRMTokenIdentifier identifier)
Retrieve the password for the given AMRMTokenIdentifier. |
void |
setMasterKey(SecretKey masterKey)
|
void |
start()
|
void |
stop()
|
| Methods inherited from class org.apache.hadoop.security.token.SecretManager |
|---|
checkAvailableForRead, createPassword, createSecretKey, generateSecret, retriableRetrievePassword |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
|---|
public AMRMTokenSecretManager(org.apache.hadoop.conf.Configuration conf)
AMRMTokenSecretManager
| Method Detail |
|---|
public void start()
public void stop()
public void applicationMasterFinished(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId)
@InterfaceAudience.Private public void setMasterKey(SecretKey masterKey)
@InterfaceAudience.Private public SecretKey getMasterKey()
public byte[] createPassword(org.apache.hadoop.yarn.security.AMRMTokenIdentifier identifier)
AMRMTokenIdentifier. Used to
send to the AppicationAttempt which can give it back during authentication.
createPassword in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>
public void addPersistedPassword(org.apache.hadoop.security.token.Token<org.apache.hadoop.yarn.security.AMRMTokenIdentifier> token)
throws IOException
IOException
public byte[] retrievePassword(org.apache.hadoop.yarn.security.AMRMTokenIdentifier identifier)
throws org.apache.hadoop.security.token.SecretManager.InvalidToken
AMRMTokenIdentifier.
Used by RPC layer to validate a remote AMRMTokenIdentifier.
retrievePassword in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>org.apache.hadoop.security.token.SecretManager.InvalidTokenpublic org.apache.hadoop.yarn.security.AMRMTokenIdentifier createIdentifier()
AMRMTokenIdentifier by the RPC layer.
createIdentifier in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||