org.apache.hadoop.yarn.server.resourcemanager.security

Class RMDelegationTokenSecretManager

java.lang.Object

org.apache.hadoop.security.token.SecretManager<TokenIdent>

org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<RMDelegationTokenIdentifier>

org.apache.hadoop.yarn.server.resourcemanager.security.RMDelegationTokenSecretManager

All Implemented Interfaces:

Recoverable

@InterfaceAudience.Private
@InterfaceStability.Unstable
public class RMDelegationTokenSecretManager
extends AbstractDelegationTokenSecretManager<RMDelegationTokenIdentifier>
implements Recoverable

A ResourceManager specific delegation token secret manager. The secret manager is responsible for generating and accepting the password for each token.

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager

AbstractDelegationTokenSecretManager.DelegationTokenInformation

Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager

SecretManager.InvalidToken

Field Summary

Fields

Modifier and Type	Field and Description
protected RMContext	rmContext

Fields inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager

allKeys, currentId, currentTokens, delegationTokenSequenceNumber, noInterruptsLock, running, storeTokenTrackingId

Constructor Summary

Constructors

Constructor and Description
RMDelegationTokenSecretManager(long delegationKeyUpdateInterval, long delegationTokenMaxLifetime, long delegationTokenRenewInterval, long delegationTokenRemoverScanInterval, RMContext rmContext) Create a secret manager

Method Summary

Methods

Modifier and Type	Method and Description
RMDelegationTokenIdentifier	createIdentifier() Create an empty token identifier.
Set<DelegationKey>	getAllMasterKeys()
Map<RMDelegationTokenIdentifier,Long>	getAllTokens()
int	getLatestDTSequenceNumber()
void	recover(RMStateStore.RMState rmState)
protected void	removeStoredMasterKey(DelegationKey key)
protected void	removeStoredToken(RMDelegationTokenIdentifier ident)
protected void	storeNewMasterKey(DelegationKey newKey)
protected void	storeNewToken(RMDelegationTokenIdentifier identifier, long renewDate)
protected void	updateStoredToken(RMDelegationTokenIdentifier id, long renewDate)

Methods inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager

addKey, addPersistedDelegationToken, cancelToken, createPassword, createSecretKey, getAllKeys, getTokenTrackingId, getTrackingIdIfEnabled, isRunning, logExpireToken, logUpdateMasterKey, renewToken, reset, retrievePassword, startThreads, stopThreads, verifyToken

Methods inherited from class org.apache.hadoop.security.token.SecretManager

checkAvailableForRead, createPassword, generateSecret

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

rmContext

protected final RMContext rmContext

Constructor Detail

RMDelegationTokenSecretManager

public RMDelegationTokenSecretManager(long delegationKeyUpdateInterval,
                              long delegationTokenMaxLifetime,
                              long delegationTokenRenewInterval,
                              long delegationTokenRemoverScanInterval,
                              RMContext rmContext)

Create a secret manager

Parameters:

delegationKeyUpdateInterval - the number of seconds for rolling new secret keys.

delegationTokenMaxLifetime - the maximum lifetime of the delegation tokens

delegationTokenRenewInterval - how often the tokens must be renewed

delegationTokenRemoverScanInterval - how often the tokens are scanned for expired tokens

Method Detail

createIdentifier

public RMDelegationTokenIdentifier createIdentifier()

Description copied from class: SecretManager

Create an empty token identifier.

Specified by:

createIdentifier in class SecretManager<RMDelegationTokenIdentifier>

Returns:

the newly created empty token identifier

storeNewMasterKey

protected void storeNewMasterKey(DelegationKey newKey)

Overrides:

storeNewMasterKey in class AbstractDelegationTokenSecretManager<RMDelegationTokenIdentifier>

removeStoredMasterKey

protected void removeStoredMasterKey(DelegationKey key)

Overrides:

removeStoredMasterKey in class AbstractDelegationTokenSecretManager<RMDelegationTokenIdentifier>

storeNewToken

protected void storeNewToken(RMDelegationTokenIdentifier identifier,
                 long renewDate)

Overrides:

storeNewToken in class AbstractDelegationTokenSecretManager<RMDelegationTokenIdentifier>

updateStoredToken

protected void updateStoredToken(RMDelegationTokenIdentifier id,
                     long renewDate)

Overrides:

updateStoredToken in class AbstractDelegationTokenSecretManager<RMDelegationTokenIdentifier>

removeStoredToken

protected void removeStoredToken(RMDelegationTokenIdentifier ident)
                          throws IOException

Overrides:

removeStoredToken in class AbstractDelegationTokenSecretManager<RMDelegationTokenIdentifier>

Throws:

IOException

getAllMasterKeys

@InterfaceAudience.Private
public Set<DelegationKey> getAllMasterKeys()

getAllTokens

@InterfaceAudience.Private
public Map<RMDelegationTokenIdentifier,Long> getAllTokens()

getLatestDTSequenceNumber

@InterfaceAudience.Private
public int getLatestDTSequenceNumber()

recover

public void recover(RMStateStore.RMState rmState)
             throws Exception

Specified by:

recover in interface Recoverable

Throws:

Exception