Package org.apache.storm.security.auth.workertoken

Class WorkerTokenManager

java.lang.Object

org.apache.storm.security.auth.workertoken.WorkerTokenManager

public class WorkerTokenManager
extends Object

The WorkerTokenManager manages the life cycle of worker tokens in nimbus.

Constructor Summary

Constructors

Constructor	Description
WorkerTokenManager(Map<String,Object> daemonConf, IStormClusterState state)	Constructor.

Method Summary

Modifier and Type	Method	Description
WorkerToken	createOrUpdateTokenFor(WorkerTokenServiceType serviceType, String user, String topologyId)	Create or update an existing key.
protected SecretKey	generateSecret()	Generate a new random secret key.
protected SecretKey	getCurrentSecret()	Get the secret that should be used to sign a token.
boolean	shouldRenewWorkerToken(Map<String,String> creds, WorkerTokenServiceType type)
void	upsertWorkerTokensInCredsForTopo(Map<String,String> creds, String user, String topologyId)	Create or renew WorkerToken credentials for a topology.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

WorkerTokenManager

public WorkerTokenManager(Map<String,Object> daemonConf,
                          IStormClusterState state)

Constructor. This assumes that state can store the tokens securely, and that they should be enabled at all. Please use ClientAuthUtils.areWorkerTokensEnabledServer to validate this first.

Parameters:

daemonConf - the config for nimbus.

state - the state used to store private keys.

Method Detail

generateSecret

protected SecretKey generateSecret()

Generate a new random secret key.

Returns:

the new key

getCurrentSecret

protected SecretKey getCurrentSecret()

Get the secret that should be used to sign a token. This may either reuse a secret or generate a new one so any user should call this once and save the result.

Returns:

the key to use.

createOrUpdateTokenFor

public WorkerToken createOrUpdateTokenFor(WorkerTokenServiceType serviceType,
                                          String user,
                                          String topologyId)

Create or update an existing key.

Parameters:

serviceType - the type of service to create a token for

user - the user the token is for

topologyId - the topology the token is for

Returns:

a newly generated token that should be good to start using form now until it expires.

upsertWorkerTokensInCredsForTopo

public void upsertWorkerTokensInCredsForTopo(Map<String,String> creds,
                                             String user,
                                             String topologyId)

Create or renew WorkerToken credentials for a topology.

Parameters:

creds - the map of credentials for.

user - the user the credentials are for

topologyId - the topology the credentials are for

shouldRenewWorkerToken

public boolean shouldRenewWorkerToken(Map<String,String> creds,
                                      WorkerTokenServiceType type)