BaseContainerTokenSecretManager (Apache Hadoop YARN Server Common 3.4.1.300-dep-1001 API)

java.lang.Object
- org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>
- - org.apache.hadoop.yarn.server.security.BaseContainerTokenSecretManager

public class BaseContainerTokenSecretManager
extends org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>

SecretManager for ContainerTokens. Extended by both RM and NM and hence is present in yarn-server-common package.

Nested Class Summary
- Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager
  org.apache.hadoop.security.token.SecretManager.InvalidToken

Field Summary

Fields
Modifier and Type	Field	Description
`protected long`	`containerTokenExpiryInterval`
`protected MasterKeyData`	`currentMasterKey`	THE masterKey.
`protected java.util.concurrent.locks.Lock`	`readLock`
`protected java.util.concurrent.locks.ReadWriteLock`	`readWriteLock`
`protected int`	`serialNo`
`protected java.util.concurrent.locks.Lock`	`writeLock`

Constructor Summary

Constructors
Constructor Description

BaseContainerTokenSecretManager(org.apache.hadoop.conf.Configuration conf)

Constructors
Constructor	Description
`BaseContainerTokenSecretManager(org.apache.hadoop.conf.Configuration conf)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`org.apache.hadoop.yarn.security.ContainerTokenIdentifier`	`createIdentifier()`	Used by the RPC layer.
`protected MasterKeyData`	`createNewMasterKey()`
`byte[]`	`createPassword(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier)`
`MasterKey`	`getCurrentKey()`
`byte[]`	`retrievePassword(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier)`
`protected byte[]`	`retrievePasswordInternal(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier, MasterKeyData masterKey)`

Methods inherited from class org.apache.hadoop.security.token.SecretManager
checkAvailableForRead, createPassword, createSecretKey, generateSecret, retriableRetrievePassword, update

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

serialNo
```
protected int serialNo
```

readWriteLock

protected final java.util.concurrent.locks.ReadWriteLock readWriteLock

readLock

protected final java.util.concurrent.locks.Lock readLock

writeLock

protected final java.util.concurrent.locks.Lock writeLock

currentMasterKey
```
protected MasterKeyData currentMasterKey
```
THE masterKey. ResourceManager should persist this and recover it on restart instead of generating a new key. The NodeManagers get it from the ResourceManager and use it for validating container-tokens.

containerTokenExpiryInterval

protected final long containerTokenExpiryInterval

Constructor Detail

BaseContainerTokenSecretManager

public BaseContainerTokenSecretManager(org.apache.hadoop.conf.Configuration conf)

Method Detail

createNewMasterKey

protected MasterKeyData createNewMasterKey()

getCurrentKey

@Private
public MasterKey getCurrentKey()

createPassword
```
public byte[] createPassword(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier)
```
Specified by:

createPassword in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>

retrievePassword
```
public byte[] retrievePassword(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier)
                        throws org.apache.hadoop.security.token.SecretManager.InvalidToken
```
Specified by:

retrievePassword in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>

Throws:

org.apache.hadoop.security.token.SecretManager.InvalidToken

retrievePasswordInternal

protected byte[] retrievePasswordInternal(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier,
                                          MasterKeyData masterKey)
                                   throws org.apache.hadoop.security.token.SecretManager.InvalidToken

Throws:: org.apache.hadoop.security.token.SecretManager.InvalidToken

createIdentifier
```
public org.apache.hadoop.yarn.security.ContainerTokenIdentifier createIdentifier()
```
Used by the RPC layer.

Specified by:

createIdentifier in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>

Class BaseContainerTokenSecretManager

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager

Field Summary

Constructor Summary

Method Summary

Methods inherited from class org.apache.hadoop.security.token.SecretManager

Methods inherited from class java.lang.Object

Field Detail

serialNo

readWriteLock

readLock

writeLock

currentMasterKey

containerTokenExpiryInterval

Constructor Detail

BaseContainerTokenSecretManager

Method Detail

createNewMasterKey

getCurrentKey

createPassword

retrievePassword

retrievePasswordInternal

createIdentifier