Package org.apache.hadoop.yarn.server.router.security

Class RouterDelegationTokenSecretManager

java.lang.Object

org.apache.hadoop.security.token.SecretManager<TokenIdent>

org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

org.apache.hadoop.yarn.server.router.security.RouterDelegationTokenSecretManager

public class RouterDelegationTokenSecretManager
extends org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

A Router specific delegation token secret manager. The secret manager is responsible for generating and accepting the password for each token.

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager

org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation

Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager

org.apache.hadoop.security.token.SecretManager.InvalidToken

Field Summary

Fields inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager

allKeys, currentId, currentTokens, delegationTokenSequenceNumber, noInterruptsLock, running, storeTokenTrackingId, tokenOwnerStats

Constructor Summary

Constructors

Constructor	Description
RouterDelegationTokenSecretManager(long delegationKeyUpdateInterval, long delegationTokenMaxLifetime, long delegationTokenRenewInterval, long delegationTokenRemoverScanInterval, org.apache.hadoop.conf.Configuration conf)	Create a Router Secret manager.

Method Summary

Modifier and Type	Method	Description
org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier	createIdentifier()
java.util.Set<org.apache.hadoop.security.token.delegation.DelegationKey>	getAllMasterKeys()
java.util.Map<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier,java.lang.Long>	getAllTokens()
protected int	getCurrentKeyId()
protected int	getDelegationTokenSeqNum()
int	getLatestDTSequenceNumber()
org.apache.hadoop.security.token.delegation.DelegationKey	getMasterKeyByDelegationKey(org.apache.hadoop.security.token.delegation.DelegationKey key)	The Router supports obtaining the DelegationKey stored in the Router StateStote according to the DelegationKey.
long	getRenewDate(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier ident)
org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier	getTokenByRouterStoreToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier identifier)	Get RMDelegationTokenIdentifier according to RouterStoreToken.
protected org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation	getTokenInfo(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier ident)
protected int	incrementCurrentKeyId()
protected int	incrementDelegationTokenSeqNum()
void	removeStoredMasterKey(org.apache.hadoop.security.token.delegation.DelegationKey delegationKey)	The Router Supports Remove the master key.
void	removeStoredToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier identifier)	The Router Supports Remove Token.
protected void	setDelegationTokenSeqNum(int seqNum)
void	setFederationFacade(org.apache.hadoop.yarn.server.federation.utils.FederationStateStoreFacade federationFacade)
void	storeNewMasterKey(org.apache.hadoop.security.token.delegation.DelegationKey newKey)	The Router Supports Store the New Master Key.
void	storeNewToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier identifier, long renewDate)	The Router Supports Store new Token.
void	storeNewToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier identifier, org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfo)	The Router Supports Store new Token.
protected void	storeToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier rmDelegationTokenIdentifier, org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfo)
void	updateStoredToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier id, long renewDate)	The Router Supports Update Token.
void	updateStoredToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier identifier, org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfo)	The Router Supports Update Token.
protected void	updateToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier rmDelegationTokenIdentifier, org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfo)

Methods inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager

addKey, addPersistedDelegationToken, addTokenForOwnerStats, cancelToken, checkToken, createPassword, createSecretKey, decodeTokenIdentifier, getAllKeys, getCandidateTokensForCleanup, getCurrentTokensSize, getDelegationKey, getMetrics, getTokenRenewInterval, getTokenTrackingId, getTopTokenRealOwners, getTrackingIdIfEnabled, isRunning, logExpireToken, logExpireTokens, logUpdateMasterKey, removeExpiredStoredToken, renewToken, reset, retrievePassword, rollMasterKey, setCurrentKeyId, startThreads, stopThreads, storeDelegationKey, syncTokenOwnerStats, updateDelegationKey, verifyToken

Methods inherited from class org.apache.hadoop.security.token.SecretManager

checkAvailableForRead, createPassword, generateSecret, retriableRetrievePassword, update

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RouterDelegationTokenSecretManager

public RouterDelegationTokenSecretManager(long delegationKeyUpdateInterval,
                                          long delegationTokenMaxLifetime,
                                          long delegationTokenRenewInterval,
                                          long delegationTokenRemoverScanInterval,
                                          org.apache.hadoop.conf.Configuration conf)

Create a Router Secret manager.

Parameters:

delegationKeyUpdateInterval - the number of milliseconds for rolling new secret keys.

delegationTokenMaxLifetime - the maximum lifetime of the delegation tokens in milliseconds

delegationTokenRenewInterval - how often the tokens must be renewed in milliseconds

delegationTokenRemoverScanInterval - how often the tokens are scanned

conf - Configuration.

Method Detail

createIdentifier

public org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier createIdentifier()

Specified by:

createIdentifier in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

storeNewMasterKey

public void storeNewMasterKey(org.apache.hadoop.security.token.delegation.DelegationKey newKey)

The Router Supports Store the New Master Key. During this Process, Facade will call the specific StateStore to store the MasterKey.

Overrides:

storeNewMasterKey in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

Parameters:

newKey - DelegationKey

removeStoredMasterKey

public void removeStoredMasterKey(org.apache.hadoop.security.token.delegation.DelegationKey delegationKey)

The Router Supports Remove the master key. During this Process, Facade will call the specific StateStore to remove the MasterKey.

Overrides:

removeStoredMasterKey in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

Parameters:

delegationKey - DelegationKey

storeNewToken

public void storeNewToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier identifier,
                          long renewDate)
                   throws java.io.IOException

The Router Supports Store new Token.

Overrides:

storeNewToken in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

Parameters:

identifier - RMDelegationToken

renewDate - renewDate

Throws:

java.io.IOException - IO exception occurred.

storeNewToken

public void storeNewToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier identifier,
                          org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfo)

The Router Supports Store new Token.

Parameters:

identifier - RMDelegationToken.

tokenInfo - DelegationTokenInformation.

updateStoredToken

public void updateStoredToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier id,
                              long renewDate)
                       throws java.io.IOException

The Router Supports Update Token.

Overrides:

updateStoredToken in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

Parameters:

id - RMDelegationToken

renewDate - renewDate

Throws:

java.io.IOException - IO exception occurred

updateStoredToken

public void updateStoredToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier identifier,
                              org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfo)

The Router Supports Update Token.

Parameters:

identifier - RMDelegationToken.

tokenInfo - DelegationTokenInformation.

removeStoredToken

public void removeStoredToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier identifier)
                       throws java.io.IOException

The Router Supports Remove Token.

Overrides:

removeStoredToken in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

Parameters:

identifier - Delegation Token

Throws:

java.io.IOException - IO exception occurred.

getMasterKeyByDelegationKey

public org.apache.hadoop.security.token.delegation.DelegationKey getMasterKeyByDelegationKey(org.apache.hadoop.security.token.delegation.DelegationKey key)
                                                                                      throws org.apache.hadoop.yarn.exceptions.YarnException,
                                                                                             java.io.IOException

The Router supports obtaining the DelegationKey stored in the Router StateStote according to the DelegationKey.

Parameters:

key - Param DelegationKey

Returns:

Delegation Token

Throws:

org.apache.hadoop.yarn.exceptions.YarnException - An internal conversion error occurred when getting the Token

java.io.IOException - IO exception occurred

getTokenByRouterStoreToken

public org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier getTokenByRouterStoreToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier identifier)
                                                                                              throws org.apache.hadoop.yarn.exceptions.YarnException,
                                                                                                     java.io.IOException

Get RMDelegationTokenIdentifier according to RouterStoreToken.

Parameters:

identifier - RMDelegationTokenIdentifier

Returns:

RMDelegationTokenIdentifier

Throws:

org.apache.hadoop.yarn.exceptions.YarnException - An internal conversion error occurred when getting the Token

java.io.IOException - IO exception occurred

setFederationFacade

public void setFederationFacade(org.apache.hadoop.yarn.server.federation.utils.FederationStateStoreFacade federationFacade)

getLatestDTSequenceNumber

@Public
@VisibleForTesting
public int getLatestDTSequenceNumber()

getAllMasterKeys

@Public
@VisibleForTesting
public java.util.Set<org.apache.hadoop.security.token.delegation.DelegationKey> getAllMasterKeys()

getAllTokens

@Public
@VisibleForTesting
public java.util.Map<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier,java.lang.Long> getAllTokens()

getRenewDate

public long getRenewDate(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier ident)
                  throws org.apache.hadoop.security.token.SecretManager.InvalidToken

Throws:

org.apache.hadoop.security.token.SecretManager.InvalidToken

incrementDelegationTokenSeqNum

protected int incrementDelegationTokenSeqNum()

Overrides:

incrementDelegationTokenSeqNum in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

storeToken

protected void storeToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier rmDelegationTokenIdentifier,
                          org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfo)
                   throws java.io.IOException

Overrides:

storeToken in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

Throws:

java.io.IOException

updateToken

protected void updateToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier rmDelegationTokenIdentifier,
                           org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfo)
                    throws java.io.IOException

Overrides:

updateToken in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

Throws:

java.io.IOException

getTokenInfo

protected org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation getTokenInfo(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier ident)

Overrides:

getTokenInfo in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

getDelegationTokenSeqNum

protected int getDelegationTokenSeqNum()

Overrides:

getDelegationTokenSeqNum in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

setDelegationTokenSeqNum

protected void setDelegationTokenSeqNum(int seqNum)

Overrides:

setDelegationTokenSeqNum in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

getCurrentKeyId

protected int getCurrentKeyId()

Overrides:

getCurrentKeyId in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

incrementCurrentKeyId

protected int incrementCurrentKeyId()

Overrides:

incrementCurrentKeyId in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>