Package org.apache.hadoop.hdfs.security.token.block

Class BlockPoolTokenSecretManager

java.lang.Object

org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier>

org.apache.hadoop.hdfs.security.token.block.BlockPoolTokenSecretManager

public class BlockPoolTokenSecretManager
extends org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier>

Manages a BlockTokenSecretManager per block pool. Routes the requests given a block pool Id to corresponding BlockTokenSecretManager

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager

org.apache.hadoop.security.token.SecretManager.InvalidToken

Field Summary

Fields inherited from class org.apache.hadoop.security.token.SecretManager

LOG

Constructor Summary

Constructors

Constructor	Description
BlockPoolTokenSecretManager()

Method Summary

Modifier and Type	Method	Description
void	addBlockPool(String bpid, BlockTokenSecretManager secretMgr)	Add a block pool Id and corresponding BlockTokenSecretManager to map
void	addKeys(String bpid, ExportedBlockKeys exportedKeys, boolean updateCurrentKey)	See BlockTokenSecretManager.addKeys(ExportedBlockKeys).
void	checkAccess(org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier id, String userId, org.apache.hadoop.hdfs.protocol.ExtendedBlock block, org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode mode)	See BlockTokenSecretManager.checkAccess(BlockTokenIdentifier, String, ExtendedBlock, BlockTokenIdentifier.AccessMode).
void	checkAccess(org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier id, String userId, org.apache.hadoop.hdfs.protocol.ExtendedBlock block, org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode mode, org.apache.hadoop.fs.StorageType[] storageTypes)	See BlockTokenSecretManager.checkAccess(BlockTokenIdentifier, String, ExtendedBlock, BlockTokenIdentifier.AccessMode, StorageType[])
void	checkAccess(org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier id, String userId, org.apache.hadoop.hdfs.protocol.ExtendedBlock block, org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode mode, org.apache.hadoop.fs.StorageType[] storageTypes, String[] storageIds)	See BlockTokenSecretManager.checkAccess(BlockTokenIdentifier, String, ExtendedBlock, BlockTokenIdentifier.AccessMode, StorageType[], String[])
void	checkAccess(org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier> token, String userId, org.apache.hadoop.hdfs.protocol.ExtendedBlock block, org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode mode)	See BlockTokenSecretManager.checkAccess(Token, String, ExtendedBlock, BlockTokenIdentifier.AccessMode).
void	checkAccess(org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier> token, String userId, org.apache.hadoop.hdfs.protocol.ExtendedBlock block, org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode mode, org.apache.hadoop.fs.StorageType[] storageTypes, String[] storageIds)	See BlockTokenSecretManager.checkAccess(Token, String, ExtendedBlock, BlockTokenIdentifier.AccessMode, StorageType[], String[])
void	clearAllKeysForTesting()
org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier	createIdentifier()	Return an empty BlockTokenIdentifer
byte[]	createPassword(org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier identifier)
org.apache.hadoop.hdfs.security.token.block.DataEncryptionKey	generateDataEncryptionKey(String blockPoolId)
org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier>	generateToken(org.apache.hadoop.hdfs.protocol.ExtendedBlock b, EnumSet<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode> of, org.apache.hadoop.fs.StorageType[] storageTypes, String[] storageIds)	See BlockTokenSecretManager.generateToken(ExtendedBlock, EnumSet, StorageType[], String[]).
BlockTokenSecretManager	get(String bpid)
boolean	isBlockPoolRegistered(String bpid)
byte[]	retrieveDataEncryptionKey(int keyId, String blockPoolId, byte[] nonce)
byte[]	retrievePassword(org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier identifier)

Methods inherited from class org.apache.hadoop.security.token.SecretManager

checkAvailableForRead, createPassword, createSecretKey, generateSecret, retriableRetrievePassword, update, validateSecretKeyLength

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

BlockPoolTokenSecretManager

public BlockPoolTokenSecretManager()

Method Details

addBlockPool

public void addBlockPool(String bpid,
 BlockTokenSecretManager secretMgr)

Add a block pool Id and corresponding BlockTokenSecretManager to map

Parameters:

bpid - block pool Id

secretMgr - BlockTokenSecretManager

get

@VisibleForTesting
public BlockTokenSecretManager get(String bpid)

isBlockPoolRegistered

public boolean isBlockPoolRegistered(String bpid)

createIdentifier

public org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier createIdentifier()

Return an empty BlockTokenIdentifer

Specified by:

createIdentifier in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier>

createPassword

public byte[] createPassword(org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier identifier)

Specified by:

createPassword in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier>

retrievePassword

public byte[] retrievePassword(org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier identifier)
                        throws org.apache.hadoop.security.token.SecretManager.InvalidToken

Specified by:

retrievePassword in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier>

Throws:

org.apache.hadoop.security.token.SecretManager.InvalidToken

checkAccess

public void checkAccess(org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier id,
 String userId,
 org.apache.hadoop.hdfs.protocol.ExtendedBlock block,
 org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode mode,
 org.apache.hadoop.fs.StorageType[] storageTypes,
 String[] storageIds)
                 throws org.apache.hadoop.security.token.SecretManager.InvalidToken

See BlockTokenSecretManager.checkAccess(BlockTokenIdentifier, String, ExtendedBlock, BlockTokenIdentifier.AccessMode, StorageType[], String[])

Throws:

org.apache.hadoop.security.token.SecretManager.InvalidToken

checkAccess

public void checkAccess(org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier id,
 String userId,
 org.apache.hadoop.hdfs.protocol.ExtendedBlock block,
 org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode mode,
 org.apache.hadoop.fs.StorageType[] storageTypes)
                 throws org.apache.hadoop.security.token.SecretManager.InvalidToken

See BlockTokenSecretManager.checkAccess(BlockTokenIdentifier, String, ExtendedBlock, BlockTokenIdentifier.AccessMode, StorageType[])

Throws:

org.apache.hadoop.security.token.SecretManager.InvalidToken

checkAccess

public void checkAccess(org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier id,
 String userId,
 org.apache.hadoop.hdfs.protocol.ExtendedBlock block,
 org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode mode)
                 throws org.apache.hadoop.security.token.SecretManager.InvalidToken

See BlockTokenSecretManager.checkAccess(BlockTokenIdentifier, String, ExtendedBlock, BlockTokenIdentifier.AccessMode).

Throws:

org.apache.hadoop.security.token.SecretManager.InvalidToken

checkAccess

public void checkAccess(org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier> token,
 String userId,
 org.apache.hadoop.hdfs.protocol.ExtendedBlock block,
 org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode mode)
                 throws org.apache.hadoop.security.token.SecretManager.InvalidToken

See BlockTokenSecretManager.checkAccess(Token, String, ExtendedBlock, BlockTokenIdentifier.AccessMode).

Throws:

org.apache.hadoop.security.token.SecretManager.InvalidToken

checkAccess

public void checkAccess(org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier> token,
 String userId,
 org.apache.hadoop.hdfs.protocol.ExtendedBlock block,
 org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode mode,
 org.apache.hadoop.fs.StorageType[] storageTypes,
 String[] storageIds)
                 throws org.apache.hadoop.security.token.SecretManager.InvalidToken

See BlockTokenSecretManager.checkAccess(Token, String, ExtendedBlock, BlockTokenIdentifier.AccessMode, StorageType[], String[])

Throws:

org.apache.hadoop.security.token.SecretManager.InvalidToken

addKeys

public void addKeys(String bpid,
 ExportedBlockKeys exportedKeys,
 boolean updateCurrentKey)
             throws IOException

See BlockTokenSecretManager.addKeys(ExportedBlockKeys).

Throws:

IOException

generateToken

public org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier> generateToken(org.apache.hadoop.hdfs.protocol.ExtendedBlock b,
 EnumSet<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier.AccessMode> of,
 org.apache.hadoop.fs.StorageType[] storageTypes,
 String[] storageIds)
                                                                                                                       throws IOException

See BlockTokenSecretManager.generateToken(ExtendedBlock, EnumSet, StorageType[], String[]).

Throws:

IOException

clearAllKeysForTesting

@VisibleForTesting
public void clearAllKeysForTesting()

generateDataEncryptionKey

public org.apache.hadoop.hdfs.security.token.block.DataEncryptionKey generateDataEncryptionKey(String blockPoolId)

retrieveDataEncryptionKey

public byte[] retrieveDataEncryptionKey(int keyId,
 String blockPoolId,
 byte[] nonce)
                                 throws IOException

Throws:

IOException