org.apache.hadoop.yarn.server.nodemanager.security
Class NMTokenSecretManagerInNM
java.lang.Object
org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.NMTokenIdentifier>
org.apache.hadoop.yarn.server.security.BaseNMTokenSecretManager
org.apache.hadoop.yarn.server.nodemanager.security.NMTokenSecretManagerInNM
public class NMTokenSecretManagerInNM
- extends org.apache.hadoop.yarn.server.security.BaseNMTokenSecretManager
| Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager |
org.apache.hadoop.security.token.SecretManager.InvalidToken |
| Fields inherited from class org.apache.hadoop.yarn.server.security.BaseNMTokenSecretManager |
currentMasterKey, readLock, readWriteLock, writeLock |
|
Method Summary |
void |
appAttemptStartContainer(org.apache.hadoop.yarn.security.NMTokenIdentifier identifier)
This will be called by startContainer. |
void |
appFinished(org.apache.hadoop.yarn.api.records.ApplicationId appId)
|
org.apache.hadoop.yarn.api.records.NodeId |
getNodeId()
|
boolean |
isAppAttemptNMTokenKeyPresent(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId)
|
byte[] |
retrievePassword(org.apache.hadoop.yarn.security.NMTokenIdentifier identifier)
This method will be used to verify NMTokens generated by different master
keys. |
void |
setMasterKey(org.apache.hadoop.yarn.server.api.records.MasterKey masterKey)
Used by NodeManagers to create a token-secret-manager with the key
obtained from the RM. |
void |
setNodeId(org.apache.hadoop.yarn.api.records.NodeId nodeId)
|
| Methods inherited from class org.apache.hadoop.yarn.server.security.BaseNMTokenSecretManager |
createIdentifier, createNewMasterKey, createNMToken, createPassword, getCurrentKey, newInstance, retrivePasswordInternal |
| Methods inherited from class org.apache.hadoop.security.token.SecretManager |
checkAvailableForRead, createPassword, createSecretKey, generateSecret, retriableRetrievePassword |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
NMTokenSecretManagerInNM
public NMTokenSecretManagerInNM()
setMasterKey
@InterfaceAudience.Private
public void setMasterKey(org.apache.hadoop.yarn.server.api.records.MasterKey masterKey)
- Used by NodeManagers to create a token-secret-manager with the key
obtained from the RM. This can happen during registration or when the RM
rolls the master-key and signal the NM.
retrievePassword
public byte[] retrievePassword(org.apache.hadoop.yarn.security.NMTokenIdentifier identifier)
throws org.apache.hadoop.security.token.SecretManager.InvalidToken
- This method will be used to verify NMTokens generated by different master
keys.
- Overrides:
retrievePassword in class org.apache.hadoop.yarn.server.security.BaseNMTokenSecretManager
- Throws:
org.apache.hadoop.security.token.SecretManager.InvalidToken
appFinished
public void appFinished(org.apache.hadoop.yarn.api.records.ApplicationId appId)
appAttemptStartContainer
public void appAttemptStartContainer(org.apache.hadoop.yarn.security.NMTokenIdentifier identifier)
throws org.apache.hadoop.security.token.SecretManager.InvalidToken
- This will be called by startContainer. It will add the master key into
the cache used for starting this container. This should be called before
validating the startContainer request.
- Throws:
org.apache.hadoop.security.token.SecretManager.InvalidToken
setNodeId
public void setNodeId(org.apache.hadoop.yarn.api.records.NodeId nodeId)
isAppAttemptNMTokenKeyPresent
@InterfaceAudience.Private
public boolean isAppAttemptNMTokenKeyPresent(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId)
getNodeId
@InterfaceAudience.Private
public org.apache.hadoop.yarn.api.records.NodeId getNodeId()
Copyright © 2014 Apache Software Foundation. All Rights Reserved.