org.apache.hadoop.yarn.server.resourcemanager.security
Class AMRMTokenSecretManager

java.lang.Object
  extended by org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>
      extended by org.apache.hadoop.yarn.server.resourcemanager.security.AMRMTokenSecretManager

public class AMRMTokenSecretManager
extends org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>

AMRM-tokens are per ApplicationAttempt. If users redistribute their tokens, it is their headache, god save them. I mean you are not supposed to distribute keys to your vault, right? Anyways, ResourceManager saves each token locally in memory till application finishes and to a store for restart, so no need to remember master-keys even after rolling them.


Nested Class Summary
 
Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager
org.apache.hadoop.security.token.SecretManager.InvalidToken
 
Constructor Summary
AMRMTokenSecretManager(org.apache.hadoop.conf.Configuration conf)
          Create an AMRMTokenSecretManager
 
Method Summary
 void addPersistedPassword(org.apache.hadoop.security.token.Token<org.apache.hadoop.yarn.security.AMRMTokenIdentifier> token)
          Populate persisted password of AMRMToken back to AMRMTokenSecretManager.
 void applicationMasterFinished(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId)
           
 org.apache.hadoop.yarn.security.AMRMTokenIdentifier createIdentifier()
          Creates an empty TokenId to be used for de-serializing an AMRMTokenIdentifier by the RPC layer.
 byte[] createPassword(org.apache.hadoop.yarn.security.AMRMTokenIdentifier identifier)
          Create a password for a given AMRMTokenIdentifier.
 SecretKey getMasterKey()
           
 byte[] retrievePassword(org.apache.hadoop.yarn.security.AMRMTokenIdentifier identifier)
          Retrieve the password for the given AMRMTokenIdentifier.
 void setMasterKey(SecretKey masterKey)
           
 void start()
           
 void stop()
           
 
Methods inherited from class org.apache.hadoop.security.token.SecretManager
checkAvailableForRead, createPassword, createSecretKey, generateSecret, retriableRetrievePassword
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AMRMTokenSecretManager

public AMRMTokenSecretManager(org.apache.hadoop.conf.Configuration conf)
Create an AMRMTokenSecretManager

Method Detail

start

public void start()

stop

public void stop()

applicationMasterFinished

public void applicationMasterFinished(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId)

setMasterKey

@InterfaceAudience.Private
public void setMasterKey(SecretKey masterKey)

getMasterKey

@InterfaceAudience.Private
public SecretKey getMasterKey()

createPassword

public byte[] createPassword(org.apache.hadoop.yarn.security.AMRMTokenIdentifier identifier)
Create a password for a given AMRMTokenIdentifier. Used to send to the AppicationAttempt which can give it back during authentication.

Specified by:
createPassword in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>

addPersistedPassword

public void addPersistedPassword(org.apache.hadoop.security.token.Token<org.apache.hadoop.yarn.security.AMRMTokenIdentifier> token)
                          throws IOException
Populate persisted password of AMRMToken back to AMRMTokenSecretManager.

Throws:
IOException

retrievePassword

public byte[] retrievePassword(org.apache.hadoop.yarn.security.AMRMTokenIdentifier identifier)
                        throws org.apache.hadoop.security.token.SecretManager.InvalidToken
Retrieve the password for the given AMRMTokenIdentifier. Used by RPC layer to validate a remote AMRMTokenIdentifier.

Specified by:
retrievePassword in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>
Throws:
org.apache.hadoop.security.token.SecretManager.InvalidToken

createIdentifier

public org.apache.hadoop.yarn.security.AMRMTokenIdentifier createIdentifier()
Creates an empty TokenId to be used for de-serializing an AMRMTokenIdentifier by the RPC layer.

Specified by:
createIdentifier in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>


Copyright © 2014 Apache Software Foundation. All Rights Reserved.