Class WorkerTokenManager
- java.lang.Object
-
- org.apache.storm.security.auth.workertoken.WorkerTokenManager
-
public class WorkerTokenManager extends Object
The WorkerTokenManager manages the life cycle of worker tokens in nimbus.
-
-
Constructor Summary
Constructors Constructor Description WorkerTokenManager(Map<String,Object> daemonConf, IStormClusterState state)Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description WorkerTokencreateOrUpdateTokenFor(WorkerTokenServiceType serviceType, String user, String topologyId)Create or update an existing key.protected SecretKeygenerateSecret()Generate a new random secret key.protected SecretKeygetCurrentSecret()Get the secret that should be used to sign a token.booleanshouldRenewWorkerToken(Map<String,String> creds, WorkerTokenServiceType type)voidupsertWorkerTokensInCredsForTopo(Map<String,String> creds, String user, String topologyId)Create or renew WorkerToken credentials for a topology.
-
-
-
Constructor Detail
-
WorkerTokenManager
public WorkerTokenManager(Map<String,Object> daemonConf, IStormClusterState state)
Constructor. This assumes that state can store the tokens securely, and that they should be enabled at all. Please use ClientAuthUtils.areWorkerTokensEnabledServer to validate this first.- Parameters:
daemonConf- the config for nimbus.state- the state used to store private keys.
-
-
Method Detail
-
generateSecret
protected SecretKey generateSecret()
Generate a new random secret key.- Returns:
- the new key
-
getCurrentSecret
protected SecretKey getCurrentSecret()
Get the secret that should be used to sign a token. This may either reuse a secret or generate a new one so any user should call this once and save the result.- Returns:
- the key to use.
-
createOrUpdateTokenFor
public WorkerToken createOrUpdateTokenFor(WorkerTokenServiceType serviceType, String user, String topologyId)
Create or update an existing key.- Parameters:
serviceType- the type of service to create a token foruser- the user the token is fortopologyId- the topology the token is for- Returns:
- a newly generated token that should be good to start using form now until it expires.
-
upsertWorkerTokensInCredsForTopo
public void upsertWorkerTokensInCredsForTopo(Map<String,String> creds, String user, String topologyId)
Create or renew WorkerToken credentials for a topology.- Parameters:
creds- the map of credentials for.user- the user the credentials are fortopologyId- the topology the credentials are for
-
shouldRenewWorkerToken
public boolean shouldRenewWorkerToken(Map<String,String> creds, WorkerTokenServiceType type)
-
-