AMRMTokenSecretManager (hadoop-yarn-server-resourcemanager 2.5.1-mapr-1410-SNAPSHOT API)

java.lang.Object
- org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>
- - org.apache.hadoop.yarn.server.resourcemanager.security.AMRMTokenSecretManager

```
public class AMRMTokenSecretManager
extends org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>
```
AMRM-tokens are per ApplicationAttempt. If users redistribute their tokens, it is their headache, god save them. I mean you are not supposed to distribute keys to your vault, right? Anyways, ResourceManager saves each token locally in memory till application finishes and to a store for restart, so no need to remember master-keys even after rolling them.

Nested Class Summary
- Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager
  org.apache.hadoop.security.token.SecretManager.InvalidToken

Constructor Summary

Constructors
Constructor and Description

AMRMTokenSecretManager(org.apache.hadoop.conf.Configuration conf)
Create an AMRMTokenSecretManager

Constructors
Constructor and Description
`AMRMTokenSecretManager(org.apache.hadoop.conf.Configuration conf)` Create an `AMRMTokenSecretManager`

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`addPersistedPassword(org.apache.hadoop.security.token.Token<org.apache.hadoop.yarn.security.AMRMTokenIdentifier> token)` Populate persisted password of AMRMToken back to AMRMTokenSecretManager.
`void`	`applicationMasterFinished(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId)`
`org.apache.hadoop.yarn.security.AMRMTokenIdentifier`	`createIdentifier()` Creates an empty TokenId to be used for de-serializing an `AMRMTokenIdentifier` by the RPC layer.
`byte[]`	`createPassword(org.apache.hadoop.yarn.security.AMRMTokenIdentifier identifier)` Create a password for a given `AMRMTokenIdentifier`.
`SecretKey`	`getMasterKey()`
`byte[]`	`retrievePassword(org.apache.hadoop.yarn.security.AMRMTokenIdentifier identifier)` Retrieve the password for the given `AMRMTokenIdentifier`.
`void`	`setMasterKey(SecretKey masterKey)`
`void`	`start()`
`void`	`stop()`

Methods inherited from class org.apache.hadoop.security.token.SecretManager
checkAvailableForRead, createPassword, createSecretKey, generateSecret, retriableRetrievePassword

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - AMRMTokenSecretManager
```
public AMRMTokenSecretManager(org.apache.hadoop.conf.Configuration conf)
```
    Create an AMRMTokenSecretManager
- Method Detail
  - start
```
public void start()
```
  - stop
```
public void stop()
```
  - applicationMasterFinished
```
public void applicationMasterFinished(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId)
```
  - setMasterKey
```
@InterfaceAudience.Private
public void setMasterKey(SecretKey masterKey)
```
  - getMasterKey
```
@InterfaceAudience.Private
public SecretKey getMasterKey()
```
  - createPassword
```
public byte[] createPassword(org.apache.hadoop.yarn.security.AMRMTokenIdentifier identifier)
```
    Create a password for a given AMRMTokenIdentifier. Used to send to the AppicationAttempt which can give it back during authentication.
    
    Specified by:
    
    createPassword in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>
  - addPersistedPassword
```
public void addPersistedPassword(org.apache.hadoop.security.token.Token<org.apache.hadoop.yarn.security.AMRMTokenIdentifier> token)
                          throws IOException
```
    Populate persisted password of AMRMToken back to AMRMTokenSecretManager.
    
    Throws:
    
    IOException
  - retrievePassword
```
public byte[] retrievePassword(org.apache.hadoop.yarn.security.AMRMTokenIdentifier identifier)
                        throws org.apache.hadoop.security.token.SecretManager.InvalidToken
```
    Retrieve the password for the given AMRMTokenIdentifier. Used by RPC layer to validate a remote AMRMTokenIdentifier.
    
    Specified by:
    
    retrievePassword in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>
    
    Throws:
    
    org.apache.hadoop.security.token.SecretManager.InvalidToken
  - createIdentifier
```
public org.apache.hadoop.yarn.security.AMRMTokenIdentifier createIdentifier()
```
    Creates an empty TokenId to be used for de-serializing an AMRMTokenIdentifier by the RPC layer.
    
    Specified by:
    
    createIdentifier in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>

Class AMRMTokenSecretManager

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager

Constructor Summary

Method Summary

Methods inherited from class org.apache.hadoop.security.token.SecretManager

Methods inherited from class java.lang.Object

Constructor Detail

AMRMTokenSecretManager

Method Detail

start

stop

applicationMasterFinished

setMasterKey

getMasterKey

createPassword

addPersistedPassword

retrievePassword

createIdentifier