org.apache.hadoop.yarn.server.resourcemanager.security
Class RMDelegationTokenSecretManager

java.lang.Object
  extended by org.apache.hadoop.security.token.SecretManager<TokenIdent>
      extended by org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>
          extended by org.apache.hadoop.yarn.server.resourcemanager.security.RMDelegationTokenSecretManager
All Implemented Interfaces:
Recoverable

@InterfaceAudience.Private
@InterfaceStability.Unstable
public class RMDelegationTokenSecretManager
extends org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>
implements Recoverable

A ResourceManager specific delegation token secret manager. The secret manager is responsible for generating and accepting the password for each token.


Nested Class Summary
 
Nested classes/interfaces inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation
 
Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager
org.apache.hadoop.security.token.SecretManager.InvalidToken
 
Field Summary
protected  RMContext rmContext
           
 
Fields inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
allKeys, currentId, currentTokens, delegationTokenSequenceNumber, noInterruptsLock, running, storeTokenTrackingId
 
Constructor Summary
RMDelegationTokenSecretManager(long delegationKeyUpdateInterval, long delegationTokenMaxLifetime, long delegationTokenRenewInterval, long delegationTokenRemoverScanInterval, RMContext rmContext)
          Create a secret manager
 
Method Summary
 org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier createIdentifier()
           
 Set<org.apache.hadoop.security.token.delegation.DelegationKey> getAllMasterKeys()
           
 Map<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier,Long> getAllTokens()
           
 int getLatestDTSequenceNumber()
           
 void recover(RMStateStore.RMState rmState)
           
protected  void removeStoredMasterKey(org.apache.hadoop.security.token.delegation.DelegationKey key)
           
protected  void removeStoredToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier ident)
           
protected  void storeNewMasterKey(org.apache.hadoop.security.token.delegation.DelegationKey newKey)
           
protected  void storeNewToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier identifier, long renewDate)
           
protected  void updateStoredToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier id, long renewDate)
           
 
Methods inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
addKey, addPersistedDelegationToken, cancelToken, checkToken, createPassword, createSecretKey, getAllKeys, getTokenTrackingId, getTrackingIdIfEnabled, isRunning, logExpireToken, logUpdateMasterKey, renewToken, reset, retrievePassword, startThreads, stopThreads, verifyToken
 
Methods inherited from class org.apache.hadoop.security.token.SecretManager
checkAvailableForRead, createPassword, generateSecret, retriableRetrievePassword
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

rmContext

protected final RMContext rmContext
Constructor Detail

RMDelegationTokenSecretManager

public RMDelegationTokenSecretManager(long delegationKeyUpdateInterval,
                                      long delegationTokenMaxLifetime,
                                      long delegationTokenRenewInterval,
                                      long delegationTokenRemoverScanInterval,
                                      RMContext rmContext)
Create a secret manager

Parameters:
delegationKeyUpdateInterval - the number of seconds for rolling new secret keys.
delegationTokenMaxLifetime - the maximum lifetime of the delegation tokens
delegationTokenRenewInterval - how often the tokens must be renewed
delegationTokenRemoverScanInterval - how often the tokens are scanned for expired tokens
Method Detail

createIdentifier

public org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier createIdentifier()
Specified by:
createIdentifier in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

storeNewMasterKey

protected void storeNewMasterKey(org.apache.hadoop.security.token.delegation.DelegationKey newKey)
Overrides:
storeNewMasterKey in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

removeStoredMasterKey

protected void removeStoredMasterKey(org.apache.hadoop.security.token.delegation.DelegationKey key)
Overrides:
removeStoredMasterKey in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

storeNewToken

protected void storeNewToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier identifier,
                             long renewDate)
Overrides:
storeNewToken in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

updateStoredToken

protected void updateStoredToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier id,
                                 long renewDate)
Overrides:
updateStoredToken in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

removeStoredToken

protected void removeStoredToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier ident)
                          throws IOException
Overrides:
removeStoredToken in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>
Throws:
IOException

getAllMasterKeys

@InterfaceAudience.Private
public Set<org.apache.hadoop.security.token.delegation.DelegationKey> getAllMasterKeys()

getAllTokens

@InterfaceAudience.Private
public Map<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier,Long> getAllTokens()

getLatestDTSequenceNumber

@InterfaceAudience.Private
public int getLatestDTSequenceNumber()

recover

public void recover(RMStateStore.RMState rmState)
             throws Exception
Specified by:
recover in interface Recoverable
Throws:
Exception


Copyright © 2014 Apache Software Foundation. All Rights Reserved.