Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.hadoop.yarn.server.resourcemanager.security
Class AMRMTokenSecretManager

java.lang.Object
  extended by org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>
      extended by org.apache.hadoop.yarn.server.resourcemanager.security.AMRMTokenSecretManager

public class AMRMTokenSecretManager
extends org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>

AMRM-tokens are per ApplicationAttempt. If users redistribute their tokens, it is their headache, god save them. I mean you are not supposed to distribute keys to your vault, right? Anyways, ResourceManager saves each token locally in memory till application finishes and to a store for restart, so no need to remember master-keys even after rolling them.

Nested Class Summary
 
Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager
org.apache.hadoop.security.token.SecretManager.InvalidToken
 
Constructor Summary
AMRMTokenSecretManager(org.apache.hadoop.conf.Configuration conf, RMContext rmContext)
          Create an AMRMTokenSecretManager
 
Method Summary
 void activateNextMasterKey()
           
 void addPersistedPassword(org.apache.hadoop.security.token.Token<org.apache.hadoop.yarn.security.AMRMTokenIdentifier> token)
          Populate persisted password of AMRMToken back to AMRMTokenSecretManager.
 void applicationMasterFinished(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId)
           
 org.apache.hadoop.security.token.Token<org.apache.hadoop.yarn.security.AMRMTokenIdentifier> createAndGetAMRMToken(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId)
           
 org.apache.hadoop.yarn.security.AMRMTokenIdentifier createIdentifier()
          Creates an empty TokenId to be used for de-serializing an AMRMTokenIdentifier by the RPC layer.
 org.apache.hadoop.yarn.server.security.MasterKeyData createNewMasterKey()
           
protected  byte[] createPassword(org.apache.hadoop.yarn.security.AMRMTokenIdentifier identifier)
           
 org.apache.hadoop.yarn.server.security.MasterKeyData getCurrnetMasterKeyData()
           
 org.apache.hadoop.yarn.server.security.MasterKeyData getMasterKey()
           
 org.apache.hadoop.yarn.server.security.MasterKeyData getNextMasterKeyData()
           
 void recover(RMStateStore.RMState state)
           
 byte[] retrievePassword(org.apache.hadoop.yarn.security.AMRMTokenIdentifier identifier)
          Retrieve the password for the given AMRMTokenIdentifier.
 void start()
           
 void stop()
           
 
Methods inherited from class org.apache.hadoop.security.token.SecretManager
checkAvailableForRead, createPassword, createSecretKey, generateSecret, retriableRetrievePassword
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AMRMTokenSecretManager

public AMRMTokenSecretManager(org.apache.hadoop.conf.Configuration conf,
                              RMContext rmContext)
Create an AMRMTokenSecretManager

Method Detail

start

public void start()

stop

public void stop()

applicationMasterFinished

public void applicationMasterFinished(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId)

activateNextMasterKey

public void activateNextMasterKey()

createNewMasterKey

@InterfaceAudience.Private
public org.apache.hadoop.yarn.server.security.MasterKeyData createNewMasterKey()

createAndGetAMRMToken

public org.apache.hadoop.security.token.Token<org.apache.hadoop.yarn.security.AMRMTokenIdentifier> createAndGetAMRMToken(org.apache.hadoop.yarn.api.records.ApplicationAttemptId appAttemptId)

getMasterKey

public org.apache.hadoop.yarn.server.security.MasterKeyData getMasterKey()

addPersistedPassword

public void addPersistedPassword(org.apache.hadoop.security.token.Token<org.apache.hadoop.yarn.security.AMRMTokenIdentifier> token)
                          throws IOException
Populate persisted password of AMRMToken back to AMRMTokenSecretManager.

Throws:
IOException

retrievePassword

public byte[] retrievePassword(org.apache.hadoop.yarn.security.AMRMTokenIdentifier identifier)
                        throws org.apache.hadoop.security.token.SecretManager.InvalidToken
Retrieve the password for the given AMRMTokenIdentifier. Used by RPC layer to validate a remote AMRMTokenIdentifier.

Specified by:
retrievePassword in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>
Throws:
org.apache.hadoop.security.token.SecretManager.InvalidToken

createIdentifier

public org.apache.hadoop.yarn.security.AMRMTokenIdentifier createIdentifier()
Creates an empty TokenId to be used for de-serializing an AMRMTokenIdentifier by the RPC layer.

Specified by:
createIdentifier in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>

getCurrnetMasterKeyData

@InterfaceAudience.Private
public org.apache.hadoop.yarn.server.security.MasterKeyData getCurrnetMasterKeyData()

getNextMasterKeyData

@InterfaceAudience.Private
public org.apache.hadoop.yarn.server.security.MasterKeyData getNextMasterKeyData()

createPassword

@InterfaceAudience.Private
protected byte[] createPassword(org.apache.hadoop.yarn.security.AMRMTokenIdentifier identifier)
Specified by:
createPassword in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.AMRMTokenIdentifier>

recover

public void recover(RMStateStore.RMState state)
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2014 Apache Software Foundation. All Rights Reserved.