Package org.apache.hadoop.yarn.server.router.security

Class RouterDelegationTokenSecretManager

java.lang.Object
org.apache.hadoop.security.token.SecretManager<TokenIdent>
org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>
org.apache.hadoop.yarn.server.router.security.RouterDelegationTokenSecretManager
public class RouterDelegationTokenSecretManager extends org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>
A Router specific delegation token secret manager. The secret manager is responsible for generating and accepting the password for each token.

  • Nested Class Summary

    Nested classes/interfaces inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager

    org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation

    Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager

    org.apache.hadoop.security.token.SecretManager.InvalidToken

  • Field Summary

    Fields inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager

    allKeys, currentId, currentTokens, delegationTokenSequenceNumber, noInterruptsLock, running, storeTokenTrackingId, tokenOwnerStats

  • Constructor Summary

    Constructors
    Constructor
    Description
    RouterDelegationTokenSecretManager(long delegationKeyUpdateInterval, long delegationTokenMaxLifetime, long delegationTokenRenewInterval, long delegationTokenRemoverScanInterval, org.apache.hadoop.conf.Configuration conf)
    Create a Router Secret manager.

  • Method Summary

    Modifier and Type
    Method
    Description
    org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier
    createIdentifier()
     
    Set<org.apache.hadoop.security.token.delegation.DelegationKey>
    getAllMasterKeys()
     
    Map<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier,Long>
    getAllTokens()
     
    protected int
    getCurrentKeyId()
     
    protected int
    getDelegationTokenSeqNum()
     
    int
    getLatestDTSequenceNumber()
     
    org.apache.hadoop.security.token.delegation.DelegationKey
    getMasterKeyByDelegationKey(org.apache.hadoop.security.token.delegation.DelegationKey key)
    The Router supports obtaining the DelegationKey stored in the Router StateStote according to the DelegationKey.
    long
    getRenewDate(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier ident)
     
    org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier
    getTokenByRouterStoreToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier identifier)
    Get RMDelegationTokenIdentifier according to RouterStoreToken.
    protected org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation
    getTokenInfo(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier ident)
     
    protected int
    incrementCurrentKeyId()
     
    protected int
    incrementDelegationTokenSeqNum()
     
    void
    removeStoredMasterKey(org.apache.hadoop.security.token.delegation.DelegationKey delegationKey)
    The Router Supports Remove the master key.
    void
    removeStoredToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier identifier)
    The Router Supports Remove Token.
    protected void
    setDelegationTokenSeqNum(int seqNum)
     
    void
    setFederationFacade(org.apache.hadoop.yarn.server.federation.utils.FederationStateStoreFacade federationFacade)
     
    void
    storeNewMasterKey(org.apache.hadoop.security.token.delegation.DelegationKey newKey)
    The Router Supports Store the New Master Key.
    void
    storeNewToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier identifier, long renewDate)
    The Router Supports Store new Token.
    void
    storeNewToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier identifier, org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfo)
    The Router Supports Store new Token.
    protected void
    storeToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier rmDelegationTokenIdentifier, org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfo)
     
    void
    updateStoredToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier id, long renewDate)
    The Router Supports Update Token.
    void
    updateStoredToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier identifier, org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfo)
    The Router Supports Update Token.
    protected void
    updateToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier rmDelegationTokenIdentifier, org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfo)
     

    Methods inherited from class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager

    addKey, addPersistedDelegationToken, addTokenForOwnerStats, cancelToken, checkToken, createPassword, createSecretKey, decodeTokenIdentifier, getAllKeys, getCandidateTokensForCleanup, getCurrentTokensSize, getDelegationKey, getMetrics, getTokenRenewInterval, getTokenTrackingId, getTopTokenRealOwners, getTrackingIdIfEnabled, isRunning, logExpireToken, logExpireTokens, logUpdateMasterKey, removeExpiredStoredToken, renewToken, reset, retrievePassword, rollMasterKey, setCurrentKeyId, startThreads, stopThreads, storeDelegationKey, syncTokenOwnerStats, updateDelegationKey, verifyToken

    Methods inherited from class org.apache.hadoop.security.token.SecretManager

    checkAvailableForRead, createPassword, generateSecret, retriableRetrievePassword, update, validateSecretKeyLength

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • RouterDelegationTokenSecretManager

      public RouterDelegationTokenSecretManager(long delegationKeyUpdateInterval, long delegationTokenMaxLifetime, long delegationTokenRenewInterval, long delegationTokenRemoverScanInterval, org.apache.hadoop.conf.Configuration conf)
      Create a Router Secret manager.
      Parameters:
      delegationKeyUpdateInterval - the number of milliseconds for rolling new secret keys.
      delegationTokenMaxLifetime - the maximum lifetime of the delegation tokens in milliseconds
      delegationTokenRenewInterval - how often the tokens must be renewed in milliseconds
      delegationTokenRemoverScanInterval - how often the tokens are scanned
      conf - Configuration.

  • Method Details

    • createIdentifier

      public org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier createIdentifier()
      Specified by:
      createIdentifier in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

    • storeNewMasterKey

      public void storeNewMasterKey(org.apache.hadoop.security.token.delegation.DelegationKey newKey)
      The Router Supports Store the New Master Key. During this Process, Facade will call the specific StateStore to store the MasterKey.
      Overrides:
      storeNewMasterKey in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>
      Parameters:
      newKey - DelegationKey

    • removeStoredMasterKey

      public void removeStoredMasterKey(org.apache.hadoop.security.token.delegation.DelegationKey delegationKey)
      The Router Supports Remove the master key. During this Process, Facade will call the specific StateStore to remove the MasterKey.
      Overrides:
      removeStoredMasterKey in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>
      Parameters:
      delegationKey - DelegationKey

    • storeNewToken

      public void storeNewToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier identifier, long renewDate) throws IOException
      The Router Supports Store new Token.
      Overrides:
      storeNewToken in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>
      Parameters:
      identifier - RMDelegationToken
      renewDate - renewDate
      Throws:
      IOException - IO exception occurred.

    • storeNewToken

      public void storeNewToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier identifier, org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfo)
      The Router Supports Store new Token.
      Parameters:
      identifier - RMDelegationToken.
      tokenInfo - DelegationTokenInformation.

    • updateStoredToken

      public void updateStoredToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier id, long renewDate) throws IOException
      The Router Supports Update Token.
      Overrides:
      updateStoredToken in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>
      Parameters:
      id - RMDelegationToken
      renewDate - renewDate
      Throws:
      IOException - IO exception occurred

    • updateStoredToken

      public void updateStoredToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier identifier, org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfo)
      The Router Supports Update Token.
      Parameters:
      identifier - RMDelegationToken.
      tokenInfo - DelegationTokenInformation.

    • removeStoredToken

      public void removeStoredToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier identifier) throws IOException
      The Router Supports Remove Token.
      Overrides:
      removeStoredToken in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>
      Parameters:
      identifier - Delegation Token
      Throws:
      IOException - IO exception occurred.

    • getMasterKeyByDelegationKey

      public org.apache.hadoop.security.token.delegation.DelegationKey getMasterKeyByDelegationKey(org.apache.hadoop.security.token.delegation.DelegationKey key) throws org.apache.hadoop.yarn.exceptions.YarnException, IOException
      The Router supports obtaining the DelegationKey stored in the Router StateStote according to the DelegationKey.
      Parameters:
      key - Param DelegationKey
      Returns:
      Delegation Token
      Throws:
      org.apache.hadoop.yarn.exceptions.YarnException - An internal conversion error occurred when getting the Token
      IOException - IO exception occurred

    • getTokenByRouterStoreToken

      public org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier getTokenByRouterStoreToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier identifier) throws org.apache.hadoop.yarn.exceptions.YarnException, IOException
      Get RMDelegationTokenIdentifier according to RouterStoreToken.
      Parameters:
      identifier - RMDelegationTokenIdentifier
      Returns:
      RMDelegationTokenIdentifier
      Throws:
      org.apache.hadoop.yarn.exceptions.YarnException - An internal conversion error occurred when getting the Token
      IOException - IO exception occurred

    • setFederationFacade

      public void setFederationFacade(org.apache.hadoop.yarn.server.federation.utils.FederationStateStoreFacade federationFacade)

    • getLatestDTSequenceNumber

      @Public @VisibleForTesting public int getLatestDTSequenceNumber()

    • getAllMasterKeys

      @Public @VisibleForTesting public Set<org.apache.hadoop.security.token.delegation.DelegationKey> getAllMasterKeys()

    • getAllTokens

      @Public @VisibleForTesting public Map<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier,Long> getAllTokens()

    • getRenewDate

      public long getRenewDate(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier ident) throws org.apache.hadoop.security.token.SecretManager.InvalidToken
      Throws:
      org.apache.hadoop.security.token.SecretManager.InvalidToken

    • incrementDelegationTokenSeqNum

      protected int incrementDelegationTokenSeqNum()
      Overrides:
      incrementDelegationTokenSeqNum in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

    • storeToken

      protected void storeToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier rmDelegationTokenIdentifier, org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfo) throws IOException
      Overrides:
      storeToken in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>
      Throws:
      IOException

    • updateToken

      protected void updateToken(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier rmDelegationTokenIdentifier, org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfo) throws IOException
      Overrides:
      updateToken in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>
      Throws:
      IOException

    • getTokenInfo

      protected org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation getTokenInfo(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier ident)
      Overrides:
      getTokenInfo in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

    • getDelegationTokenSeqNum

      protected int getDelegationTokenSeqNum()
      Overrides:
      getDelegationTokenSeqNum in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

    • setDelegationTokenSeqNum

      protected void setDelegationTokenSeqNum(int seqNum)
      Overrides:
      setDelegationTokenSeqNum in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

    • getCurrentKeyId

      protected int getCurrentKeyId()
      Overrides:
      getCurrentKeyId in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>

    • incrementCurrentKeyId

      protected int incrementCurrentKeyId()
      Overrides:
      incrementCurrentKeyId in class org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier>