|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>
org.apache.hadoop.yarn.server.resourcemanager.security.AMRMTokenSecretManager
public class AMRMTokenSecretManager
AMRM-tokens are per ApplicationAttempt. If users redistribute their tokens, it is their headache, god save them. I mean you are not supposed to distribute keys to your vault, right? Anyways, ResourceManager saves each token locally in memory till application finishes and to a store for restart, so no need to remember master-keys even after rolling them.
Nested Class Summary |
---|
Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager |
---|
org.apache.hadoop.security.token.SecretManager.InvalidToken |
Constructor Summary | |
---|---|
AMRMTokenSecretManager(org.apache.hadoop.conf.Configuration conf)
Create an AMRMTokenSecretManager |
Method Summary | |
---|---|
void |
addPersistedPassword(org.apache.hadoop.security.token.Token<org.apache.hadoop.yarn.security.AMRMTokenIdentifier> token)
Populate persisted password of AMRMToken back to AMRMTokenSecretManager. |
void |
applicationMasterFinished(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId)
|
org.apache.hadoop.yarn.security.AMRMTokenIdentifier |
createIdentifier()
Creates an empty TokenId to be used for de-serializing an AMRMTokenIdentifier by the RPC layer. |
byte[] |
createPassword(org.apache.hadoop.yarn.security.AMRMTokenIdentifier identifier)
Create a password for a given AMRMTokenIdentifier . |
SecretKey |
getMasterKey()
|
byte[] |
retrievePassword(org.apache.hadoop.yarn.security.AMRMTokenIdentifier identifier)
Retrieve the password for the given AMRMTokenIdentifier . |
void |
setMasterKey(SecretKey masterKey)
|
void |
start()
|
void |
stop()
|
Methods inherited from class org.apache.hadoop.security.token.SecretManager |
---|
checkAvailableForRead, createPassword, createSecretKey, generateSecret, retriableRetrievePassword |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public AMRMTokenSecretManager(org.apache.hadoop.conf.Configuration conf)
AMRMTokenSecretManager
Method Detail |
---|
public void start()
public void stop()
public void applicationMasterFinished(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId)
@InterfaceAudience.Private public void setMasterKey(SecretKey masterKey)
@InterfaceAudience.Private public SecretKey getMasterKey()
public byte[] createPassword(org.apache.hadoop.yarn.security.AMRMTokenIdentifier identifier)
AMRMTokenIdentifier
. Used to
send to the AppicationAttempt which can give it back during authentication.
createPassword
in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>
public void addPersistedPassword(org.apache.hadoop.security.token.Token<org.apache.hadoop.yarn.security.AMRMTokenIdentifier> token) throws IOException
IOException
public byte[] retrievePassword(org.apache.hadoop.yarn.security.AMRMTokenIdentifier identifier) throws org.apache.hadoop.security.token.SecretManager.InvalidToken
AMRMTokenIdentifier
.
Used by RPC layer to validate a remote AMRMTokenIdentifier
.
retrievePassword
in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>
org.apache.hadoop.security.token.SecretManager.InvalidToken
public org.apache.hadoop.yarn.security.AMRMTokenIdentifier createIdentifier()
AMRMTokenIdentifier
by the RPC layer.
createIdentifier
in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |