Package org.apache.hadoop.yarn.server.resourcemanager.security

Class RMDelegationTokenSecretManager

java.lang.Object
org.apache.hadoop.security.token.SecretManager<TokenIdent>
org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>
org.apache.hadoop.yarn.server.resourcemanager.security.RMDelegationTokenSecretManager
All Implemented Interfaces:
Recoverable
@Private @Unstable public class RMDelegationTokenSecretManager extends org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier> implements Recoverable
A ResourceManager specific delegation token secret manager. The secret manager is responsible for generating and accepting the password for each token.

  • Nested Class Summary

    Nested classes/interfaces inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager

    org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation

    Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager

    org.apache.hadoop.security.token.SecretManager.InvalidToken

  • Field Summary

    Fields inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager

    allKeys, currentId, currentTokens, delegationTokenSequenceNumber, noInterruptsLock, running, storeTokenTrackingId, tokenOwnerStats

  • Constructor Summary

    Constructors
    Constructor
    Description
    RMDelegationTokenSecretManager(long delegationKeyUpdateInterval, long delegationTokenMaxLifetime, long delegationTokenRenewInterval, long delegationTokenRemoverScanInterval, RMContext rmContext)
    Create a secret manager

  • Method Summary

    Modifier and Type
    Method
    Description
    org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier
    createIdentifier()
     
    Set<org.apache.hadoop.security.token.delegation.DelegationKey>
    getAllMasterKeys()
     
    Map<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier,Long>
    getAllTokens()
     
    int
    getLatestDTSequenceNumber()
     
    long
    getRenewDate(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier ident)
     
    void
    recover(RMStateStore.RMState rmState)
     
    protected void
    removeStoredMasterKey(org.apache.hadoop.security.token.delegation.DelegationKey key)
     
    protected void
    removeStoredToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier ident)
     
    protected void
    storeNewMasterKey(org.apache.hadoop.security.token.delegation.DelegationKey newKey)
     
    protected void
    storeNewToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier identifier, long renewDate)
     
    protected void
    updateStoredToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier id, long renewDate)
     

    Methods inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager

    addKey, addPersistedDelegationToken, addTokenForOwnerStats, cancelToken, checkToken, createPassword, createSecretKey, decodeTokenIdentifier, getAllKeys, getCandidateTokensForCleanup, getCurrentKeyId, getCurrentTokensSize, getDelegationKey, getDelegationTokenSeqNum, getMetrics, getTokenInfo, getTokenRenewInterval, getTokenTrackingId, getTopTokenRealOwners, getTrackingIdIfEnabled, incrementCurrentKeyId, incrementDelegationTokenSeqNum, isRunning, logExpireToken, logExpireTokens, logUpdateMasterKey, removeExpiredStoredToken, renewToken, reset, retrievePassword, rollMasterKey, setCurrentKeyId, setDelegationTokenSeqNum, startThreads, stopThreads, storeDelegationKey, storeToken, syncTokenOwnerStats, updateDelegationKey, updateToken, verifyToken

    Methods inherited from class org.apache.hadoop.security.token.SecretManager

    checkAvailableForRead, createPassword, generateSecret, retriableRetrievePassword, update, validateSecretKeyLength

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • RMDelegationTokenSecretManager

      public RMDelegationTokenSecretManager(long delegationKeyUpdateInterval, long delegationTokenMaxLifetime, long delegationTokenRenewInterval, long delegationTokenRemoverScanInterval, RMContext rmContext)
      Create a secret manager
      Parameters:
      delegationKeyUpdateInterval - the number of milliseconds for rolling new secret keys.
      delegationTokenMaxLifetime - the maximum lifetime of the delegation tokens in milliseconds
      delegationTokenRenewInterval - how often the tokens must be renewed in milliseconds
      delegationTokenRemoverScanInterval - how often the tokens are scanned for expired tokens in milliseconds
      rmContext - current context of the ResourceManager

  • Method Details

    • createIdentifier

      public org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier createIdentifier()
      Specified by:
      createIdentifier in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

    • storeNewMasterKey

      protected void storeNewMasterKey(org.apache.hadoop.security.token.delegation.DelegationKey newKey)
      Overrides:
      storeNewMasterKey in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

    • removeStoredMasterKey

      protected void removeStoredMasterKey(org.apache.hadoop.security.token.delegation.DelegationKey key)
      Overrides:
      removeStoredMasterKey in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

    • storeNewToken

      protected void storeNewToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier identifier, long renewDate)
      Overrides:
      storeNewToken in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

    • updateStoredToken

      protected void updateStoredToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier id, long renewDate)
      Overrides:
      updateStoredToken in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

    • removeStoredToken

      protected void removeStoredToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier ident) throws IOException
      Overrides:
      removeStoredToken in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>
      Throws:
      IOException

    • getAllMasterKeys

      @Private @VisibleForTesting public Set<org.apache.hadoop.security.token.delegation.DelegationKey> getAllMasterKeys()

    • getAllTokens

      @Private @VisibleForTesting public Map<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier,Long> getAllTokens()

    • getLatestDTSequenceNumber

      @Private @VisibleForTesting public int getLatestDTSequenceNumber()

    • recover

      public void recover(RMStateStore.RMState rmState) throws Exception
      Specified by:
      recover in interface Recoverable
      Throws:
      Exception

    • getRenewDate

      public long getRenewDate(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier ident) throws org.apache.hadoop.security.token.SecretManager.InvalidToken
      Throws:
      org.apache.hadoop.security.token.SecretManager.InvalidToken