org.apache.hadoop.yarn.server.nodemanager.security

Class NMTokenSecretManagerInNM

java.lang.Object

org.apache.hadoop.security.token.SecretManager<NMTokenIdentifier>

org.apache.hadoop.yarn.server.security.BaseNMTokenSecretManager

org.apache.hadoop.yarn.server.nodemanager.security.NMTokenSecretManagerInNM

public class NMTokenSecretManagerInNM
extends BaseNMTokenSecretManager

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager

SecretManager.InvalidToken

Field Summary

Fields inherited from class org.apache.hadoop.yarn.server.security.BaseNMTokenSecretManager

currentMasterKey, readLock, readWriteLock, writeLock

Constructor Summary

Constructors

Constructor and Description
NMTokenSecretManagerInNM()

Method Summary

Methods

Modifier and Type	Method and Description
void	appAttemptStartContainer(NMTokenIdentifier identifier) This will be called by startContainer.
void	appFinished(ApplicationId appId)
NodeId	getNodeId()
boolean	isAppAttemptNMTokenKeyPresent(ApplicationAttemptId appAttemptId)
byte[]	retrievePassword(NMTokenIdentifier identifier) This method will be used to verify NMTokens generated by different master keys.
void	setMasterKey(MasterKey masterKey) Used by NodeManagers to create a token-secret-manager with the key obtained from the RM.
void	setNodeId(NodeId nodeId)

Methods inherited from class org.apache.hadoop.yarn.server.security.BaseNMTokenSecretManager

createIdentifier, createNewMasterKey, createNMToken, createPassword, getCurrentKey, newInstance, retrivePasswordInternal

Methods inherited from class org.apache.hadoop.security.token.SecretManager

checkAvailableForRead, createPassword, createSecretKey, generateSecret

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

NMTokenSecretManagerInNM

public NMTokenSecretManagerInNM()

Method Detail

setMasterKey

@InterfaceAudience.Private
public void setMasterKey(MasterKey masterKey)

Used by NodeManagers to create a token-secret-manager with the key obtained from the RM. This can happen during registration or when the RM rolls the master-key and signal the NM.

retrievePassword

public byte[] retrievePassword(NMTokenIdentifier identifier)
                        throws SecretManager.InvalidToken

This method will be used to verify NMTokens generated by different master keys.

Overrides:

retrievePassword in class BaseNMTokenSecretManager

Parameters:

identifier - the identifier to validate

Returns:

the password to use

Throws:

SecretManager.InvalidToken - the token was invalid

appFinished

public void appFinished(ApplicationId appId)

appAttemptStartContainer

public void appAttemptStartContainer(NMTokenIdentifier identifier)
                              throws SecretManager.InvalidToken

This will be called by startContainer. It will add the master key into the cache used for starting this container. This should be called before validating the startContainer request.

Throws:

SecretManager.InvalidToken

setNodeId

public void setNodeId(NodeId nodeId)

isAppAttemptNMTokenKeyPresent

@InterfaceAudience.Private
public boolean isAppAttemptNMTokenKeyPresent(ApplicationAttemptId appAttemptId)

getNodeId

@InterfaceAudience.Private
public NodeId getNodeId()