BaseContainerTokenSecretManager (Apache Hadoop YARN Server Common 3.2.4 API)

java.lang.Object
- org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>
- - org.apache.hadoop.yarn.server.security.BaseContainerTokenSecretManager

public class BaseContainerTokenSecretManager
extends org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>

SecretManager for ContainerTokens. Extended by both RM and NM and hence is present in yarn-server-common package.

Nested Class Summary
- Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager
  org.apache.hadoop.security.token.SecretManager.InvalidToken

Field Summary

Fields
Modifier and Type	Field and Description
`protected long`	`containerTokenExpiryInterval`
`protected MasterKeyData`	`currentMasterKey` THE masterKey.
`protected Lock`	`readLock`
`protected ReadWriteLock`	`readWriteLock`
`protected int`	`serialNo`
`protected Lock`	`writeLock`

Constructor Summary

Constructors
Constructor and Description

BaseContainerTokenSecretManager(org.apache.hadoop.conf.Configuration conf)

Constructors
Constructor and Description
`BaseContainerTokenSecretManager(org.apache.hadoop.conf.Configuration conf)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`org.apache.hadoop.yarn.security.ContainerTokenIdentifier`	`createIdentifier()` Used by the RPC layer.
`protected MasterKeyData`	`createNewMasterKey()`
`byte[]`	`createPassword(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier)`
`MasterKey`	`getCurrentKey()`
`byte[]`	`retrievePassword(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier)`
`protected byte[]`	`retrievePasswordInternal(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier, MasterKeyData masterKey)`

Methods inherited from class org.apache.hadoop.security.token.SecretManager
checkAvailableForRead, createPassword, createSecretKey, generateSecret, retriableRetrievePassword

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail
- serialNo
```
protected int serialNo
```
- readWriteLock
```
protected final ReadWriteLock readWriteLock
```
- readLock
```
protected final Lock readLock
```
- writeLock
```
protected final Lock writeLock
```
- currentMasterKey
```
protected MasterKeyData currentMasterKey
```
  THE masterKey. ResourceManager should persist this and recover it on restart instead of generating a new key. The NodeManagers get it from the ResourceManager and use it for validating container-tokens.
- containerTokenExpiryInterval
```
protected final long containerTokenExpiryInterval
```

Constructor Detail

BaseContainerTokenSecretManager

public BaseContainerTokenSecretManager(org.apache.hadoop.conf.Configuration conf)

Method Detail

createNewMasterKey

protected MasterKeyData createNewMasterKey()

getCurrentKey

@InterfaceAudience.Private
public MasterKey getCurrentKey()

createPassword
```
public byte[] createPassword(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier)
```
Specified by:

createPassword in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>

retrievePassword
```
public byte[] retrievePassword(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier)
                        throws org.apache.hadoop.security.token.SecretManager.InvalidToken
```
Specified by:

retrievePassword in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>

Throws:

org.apache.hadoop.security.token.SecretManager.InvalidToken

retrievePasswordInternal

protected byte[] retrievePasswordInternal(org.apache.hadoop.yarn.security.ContainerTokenIdentifier identifier,
                                          MasterKeyData masterKey)
                                   throws org.apache.hadoop.security.token.SecretManager.InvalidToken

Throws:: org.apache.hadoop.security.token.SecretManager.InvalidToken

createIdentifier
```
public org.apache.hadoop.yarn.security.ContainerTokenIdentifier createIdentifier()
```
Used by the RPC layer.

Specified by:

createIdentifier in class org.apache.hadoop.security.token.SecretManager<org.apache.hadoop.yarn.security.ContainerTokenIdentifier>

Class BaseContainerTokenSecretManager

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager

Field Summary

Constructor Summary

Method Summary

Methods inherited from class org.apache.hadoop.security.token.SecretManager

Methods inherited from class java.lang.Object

Field Detail

serialNo

readWriteLock

readLock

writeLock

currentMasterKey

containerTokenExpiryInterval

Constructor Detail

BaseContainerTokenSecretManager

Method Detail

createNewMasterKey

getCurrentKey

createPassword

retrievePassword

retrievePasswordInternal

createIdentifier