From 342c4856b80e61d135fd44aa565b79ddff3c6b45 Mon Sep 17 00:00:00 2001
From: slfan1989 <55643692+slfan1989@users.noreply.github.com>
Date: Tue, 20 Sep 2022 04:14:55 +0800
Subject: [PATCH] YARN-11293. [Federation]
StoreNewMasterKey/removeStoredMasterKey With MemoryStateStore. (#4852)
---
.../hadoop-yarn-server-common/pom.xml | 3 +
.../FederationDelegationTokenStateStore.java | 69 +++++++++
.../store/FederationStateStore.java | 3 +-
.../impl/MemoryFederationStateStore.java | 81 +++++++++++
.../store/impl/SQLFederationStateStore.java | 21 +++
.../impl/ZookeeperFederationStateStore.java | 21 +++
.../store/records/RouterMasterKey.java | 133 ++++++++++++++++++
.../store/records/RouterMasterKeyRequest.java | 43 ++++++
.../records/RouterMasterKeyResponse.java | 44 ++++++
.../records/RouterRMDTSecretManagerState.java | 52 +++++++
.../impl/pb/RouterMasterKeyPBImpl.java | 133 ++++++++++++++++++
.../impl/pb/RouterMasterKeyRequestPBImpl.java | 128 +++++++++++++++++
.../pb/RouterMasterKeyResponsePBImpl.java | 128 +++++++++++++++++
.../utils/FederationStateStoreFacade.java | 58 ++++++++
.../proto/yarn_server_federation_protos.proto | 30 +++-
.../impl/FederationStateStoreBaseTest.java | 77 ++++++++++
.../impl/TestSQLFederationStateStore.java | 16 +++
.../TestZookeeperFederationStateStore.java | 16 +++
.../TestFederationProtocolRecords.java | 22 +++
.../utils/TestFederationStateStoreFacade.java | 37 +++++
.../FederationStateStoreService.java | 22 +++
21 files changed, 1135 insertions(+), 2 deletions(-)
create mode 100644 hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/FederationDelegationTokenStateStore.java
create mode 100644 hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/RouterMasterKey.java
create mode 100644 hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/RouterMasterKeyRequest.java
create mode 100644 hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/RouterMasterKeyResponse.java
create mode 100644 hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/RouterRMDTSecretManagerState.java
create mode 100644 hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/impl/pb/RouterMasterKeyPBImpl.java
create mode 100644 hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/impl/pb/RouterMasterKeyRequestPBImpl.java
create mode 100644 hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/impl/pb/RouterMasterKeyResponsePBImpl.java
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/pom.xml b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/pom.xml
index 3bf70bf756..cecfd1e3ed 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/pom.xml
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/pom.xml
@@ -196,6 +196,9 @@
${basedir}/../../hadoop-yarn-api/src/main/proto
+
+ ${basedir}/../../hadoop-yarn-common/src/main/proto
+
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/FederationDelegationTokenStateStore.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/FederationDelegationTokenStateStore.java
new file mode 100644
index 0000000000..294c072679
--- /dev/null
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/FederationDelegationTokenStateStore.java
@@ -0,0 +1,69 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.hadoop.yarn.server.federation.store;
+
+import org.apache.hadoop.classification.InterfaceAudience.Private;
+import org.apache.hadoop.classification.InterfaceStability.Unstable;
+import org.apache.hadoop.yarn.exceptions.YarnException;
+import org.apache.hadoop.yarn.server.federation.store.records.RouterMasterKeyRequest;
+import org.apache.hadoop.yarn.server.federation.store.records.RouterMasterKeyResponse;
+
+import java.io.IOException;
+
+/**
+ * FederationDelegationTokenStateStore maintains the state of all
+ * DelegationToken that have been submitted to the federated cluster.
+ */
+@Private
+@Unstable
+public interface FederationDelegationTokenStateStore {
+
+ /**
+ * The Router Supports Store NewMasterKey.
+ * During this Process, Facade will call the specific StateStore to store the MasterKey.
+ *
+ * @param request The request contains RouterMasterKey, which is an abstraction for DelegationKey
+ * @return routerMasterKeyResponse
+ * @throws YarnException if the call to the state store is unsuccessful
+ * @throws IOException An IO Error occurred
+ */
+ RouterMasterKeyResponse storeNewMasterKey(RouterMasterKeyRequest request)
+ throws YarnException, IOException;
+
+ /**
+ * The Router Supports Remove MasterKey.
+ * During this Process, Facade will call the specific StateStore to remove the MasterKey.
+ *
+ * @param request The request contains RouterMasterKey, which is an abstraction for DelegationKey
+ * @return routerMasterKeyResponse
+ * @throws YarnException if the call to the state store is unsuccessful
+ * @throws IOException An IO Error occurred
+ */
+ RouterMasterKeyResponse removeStoredMasterKey(RouterMasterKeyRequest request)
+ throws YarnException, IOException;
+
+ /**
+ * The Router Supports GetMasterKeyByDelegationKey.
+ *
+ * @param request The request contains RouterMasterKey, which is an abstraction for DelegationKey
+ * @return routerMasterKeyResponse
+ * @throws YarnException if the call to the state store is unsuccessful
+ * @throws IOException An IO Error occurred
+ */
+ RouterMasterKeyResponse getMasterKeyByDelegationKey(RouterMasterKeyRequest request)
+ throws YarnException, IOException;
+}
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/FederationStateStore.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/FederationStateStore.java
index 67461e6c30..3ca8ccc2bf 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/FederationStateStore.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/FederationStateStore.java
@@ -31,7 +31,8 @@
*/
public interface FederationStateStore extends
FederationApplicationHomeSubClusterStore, FederationMembershipStateStore,
- FederationPolicyStore, FederationReservationHomeSubClusterStore {
+ FederationPolicyStore, FederationReservationHomeSubClusterStore,
+ FederationDelegationTokenStateStore {
/**
* Initialize the FederationStore.
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/impl/MemoryFederationStateStore.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/impl/MemoryFederationStateStore.java
index 920b8e8912..b4c99bab9d 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/impl/MemoryFederationStateStore.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/impl/MemoryFederationStateStore.java
@@ -17,15 +17,20 @@
package org.apache.hadoop.yarn.server.federation.store.impl;
+import java.io.IOException;
+import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
+import java.util.Set;
import java.util.TimeZone;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.hadoop.classification.VisibleForTesting;
import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.security.token.delegation.DelegationKey;
import org.apache.hadoop.yarn.api.records.ApplicationId;
import org.apache.hadoop.yarn.api.records.ReservationId;
import org.apache.hadoop.yarn.exceptions.YarnException;
@@ -71,6 +76,10 @@
import org.apache.hadoop.yarn.server.federation.store.records.UpdateReservationHomeSubClusterResponse;
import org.apache.hadoop.yarn.server.federation.store.records.DeleteReservationHomeSubClusterRequest;
import org.apache.hadoop.yarn.server.federation.store.records.DeleteReservationHomeSubClusterResponse;
+import org.apache.hadoop.yarn.server.federation.store.records.RouterMasterKey;
+import org.apache.hadoop.yarn.server.federation.store.records.RouterMasterKeyRequest;
+import org.apache.hadoop.yarn.server.federation.store.records.RouterMasterKeyResponse;
+import org.apache.hadoop.yarn.server.federation.store.records.RouterRMDTSecretManagerState;
import org.apache.hadoop.yarn.server.federation.store.utils.FederationApplicationHomeSubClusterStoreInputValidator;
import org.apache.hadoop.yarn.server.federation.store.utils.FederationReservationHomeSubClusterStoreInputValidator;
import org.apache.hadoop.yarn.server.federation.store.utils.FederationMembershipStateStoreInputValidator;
@@ -90,6 +99,7 @@ public class MemoryFederationStateStore implements FederationStateStore {
private Map applications;
private Map reservations;
private Map policies;
+ private RouterRMDTSecretManagerState routerRMSecretManagerState;
private final MonotonicClock clock = new MonotonicClock();
@@ -102,6 +112,7 @@ public void init(Configuration conf) {
applications = new ConcurrentHashMap();
reservations = new ConcurrentHashMap();
policies = new ConcurrentHashMap();
+ routerRMSecretManagerState = new RouterRMDTSecretManagerState();
}
@Override
@@ -395,4 +406,74 @@ public DeleteReservationHomeSubClusterResponse deleteReservationHomeSubCluster(
reservations.remove(reservationId);
return DeleteReservationHomeSubClusterResponse.newInstance();
}
+
+ @Override
+ public RouterMasterKeyResponse storeNewMasterKey(RouterMasterKeyRequest request)
+ throws YarnException, IOException {
+ // Restore the DelegationKey from the request
+ RouterMasterKey masterKey = request.getRouterMasterKey();
+ DelegationKey delegationKey = getDelegationKeyByMasterKey(masterKey);
+
+ Set rmDTMasterKeyState = routerRMSecretManagerState.getMasterKeyState();
+ if (rmDTMasterKeyState.contains(delegationKey)) {
+ LOG.info("Error storing info for RMDTMasterKey with keyID: {}.", delegationKey.getKeyId());
+ throw new IOException("RMDTMasterKey with keyID: " + delegationKey.getKeyId() +
+ " is already stored");
+ }
+
+ routerRMSecretManagerState.getMasterKeyState().add(delegationKey);
+ LOG.info("Store Router-RMDT master key with key id: {}. Currently rmDTMasterKeyState size: {}",
+ delegationKey.getKeyId(), rmDTMasterKeyState.size());
+
+ return RouterMasterKeyResponse.newInstance(masterKey);
+ }
+
+ @Override
+ public RouterMasterKeyResponse removeStoredMasterKey(RouterMasterKeyRequest request)
+ throws YarnException, IOException {
+ // Restore the DelegationKey from the request
+ RouterMasterKey masterKey = request.getRouterMasterKey();
+ DelegationKey delegationKey = getDelegationKeyByMasterKey(masterKey);
+
+ LOG.info("Remove Router-RMDT master key with key id: {}.", delegationKey.getKeyId());
+ Set rmDTMasterKeyState = routerRMSecretManagerState.getMasterKeyState();
+ rmDTMasterKeyState.remove(delegationKey);
+
+ return RouterMasterKeyResponse.newInstance(masterKey);
+ }
+
+ @Override
+ public RouterMasterKeyResponse getMasterKeyByDelegationKey(RouterMasterKeyRequest request)
+ throws YarnException, IOException {
+ // Restore the DelegationKey from the request
+ RouterMasterKey masterKey = request.getRouterMasterKey();
+ DelegationKey delegationKey = getDelegationKeyByMasterKey(masterKey);
+
+ Set rmDTMasterKeyState = routerRMSecretManagerState.getMasterKeyState();
+ if (!rmDTMasterKeyState.contains(delegationKey)) {
+ throw new IOException("GetMasterKey with keyID: " + masterKey.getKeyId() +
+ " does not exist.");
+ }
+ RouterMasterKey resultRouterMasterKey = RouterMasterKey.newInstance(delegationKey.getKeyId(),
+ ByteBuffer.wrap(delegationKey.getEncodedKey()), delegationKey.getExpiryDate());
+ return RouterMasterKeyResponse.newInstance(resultRouterMasterKey);
+ }
+
+ /**
+ * Get DelegationKey By based on MasterKey.
+ *
+ * @param masterKey masterKey
+ * @return DelegationKey
+ */
+ private static DelegationKey getDelegationKeyByMasterKey(RouterMasterKey masterKey) {
+ ByteBuffer keyByteBuf = masterKey.getKeyBytes();
+ byte[] keyBytes = new byte[keyByteBuf.remaining()];
+ keyByteBuf.get(keyBytes);
+ return new DelegationKey(masterKey.getKeyId(), masterKey.getExpiryDate(), keyBytes);
+ }
+
+ @VisibleForTesting
+ public RouterRMDTSecretManagerState getRouterRMSecretManagerState() {
+ return routerRMSecretManagerState;
+ }
}
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/impl/SQLFederationStateStore.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/impl/SQLFederationStateStore.java
index 0c0b5c9e0f..d561141309 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/impl/SQLFederationStateStore.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/impl/SQLFederationStateStore.java
@@ -18,6 +18,7 @@
package org.apache.hadoop.yarn.server.federation.store.impl;
+import java.io.IOException;
import java.nio.ByteBuffer;
import java.sql.CallableStatement;
import java.sql.Connection;
@@ -81,6 +82,8 @@
import org.apache.hadoop.yarn.server.federation.store.records.UpdateReservationHomeSubClusterRequest;
import org.apache.hadoop.yarn.server.federation.store.records.UpdateReservationHomeSubClusterResponse;
import org.apache.hadoop.yarn.server.federation.store.records.ReservationHomeSubCluster;
+import org.apache.hadoop.yarn.server.federation.store.records.RouterMasterKeyRequest;
+import org.apache.hadoop.yarn.server.federation.store.records.RouterMasterKeyResponse;
import org.apache.hadoop.yarn.server.federation.store.utils.FederationApplicationHomeSubClusterStoreInputValidator;
import org.apache.hadoop.yarn.server.federation.store.utils.FederationMembershipStateStoreInputValidator;
import org.apache.hadoop.yarn.server.federation.store.utils.FederationPolicyStoreInputValidator;
@@ -1385,4 +1388,22 @@ public UpdateReservationHomeSubClusterResponse updateReservationHomeSubCluster(
"Unable to update the subCluster " + subClusterId +
" according to reservation" + reservationId);
}
+
+ @Override
+ public RouterMasterKeyResponse storeNewMasterKey(RouterMasterKeyRequest request)
+ throws YarnException, IOException {
+ throw new NotImplementedException("Code is not implemented");
+ }
+
+ @Override
+ public RouterMasterKeyResponse removeStoredMasterKey(RouterMasterKeyRequest request)
+ throws YarnException, IOException {
+ throw new NotImplementedException("Code is not implemented");
+ }
+
+ @Override
+ public RouterMasterKeyResponse getMasterKeyByDelegationKey(RouterMasterKeyRequest request)
+ throws YarnException, IOException {
+ throw new NotImplementedException("Code is not implemented");
+ }
}
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/impl/ZookeeperFederationStateStore.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/impl/ZookeeperFederationStateStore.java
index d710dacd54..18dfdc27d8 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/impl/ZookeeperFederationStateStore.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/impl/ZookeeperFederationStateStore.java
@@ -25,6 +25,7 @@
import java.util.List;
import java.util.TimeZone;
+import org.apache.commons.lang3.NotImplementedException;
import org.apache.hadoop.classification.VisibleForTesting;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.util.curator.ZKCuratorManager;
@@ -77,6 +78,8 @@
import org.apache.hadoop.yarn.server.federation.store.records.DeleteReservationHomeSubClusterResponse;
import org.apache.hadoop.yarn.server.federation.store.records.UpdateReservationHomeSubClusterRequest;
import org.apache.hadoop.yarn.server.federation.store.records.UpdateReservationHomeSubClusterResponse;
+import org.apache.hadoop.yarn.server.federation.store.records.RouterMasterKeyResponse;
+import org.apache.hadoop.yarn.server.federation.store.records.RouterMasterKeyRequest;
import org.apache.hadoop.yarn.server.federation.store.records.impl.pb.SubClusterIdPBImpl;
import org.apache.hadoop.yarn.server.federation.store.records.impl.pb.SubClusterInfoPBImpl;
import org.apache.hadoop.yarn.server.federation.store.records.impl.pb.SubClusterPolicyConfigurationPBImpl;
@@ -851,4 +854,22 @@ public UpdateReservationHomeSubClusterResponse updateReservationHomeSubCluster(
opDurations.addUpdateReservationHomeSubClusterDuration(start, end);
return UpdateReservationHomeSubClusterResponse.newInstance();
}
+
+ @Override
+ public RouterMasterKeyResponse storeNewMasterKey(RouterMasterKeyRequest request)
+ throws YarnException, IOException {
+ throw new NotImplementedException("Code is not implemented");
+ }
+
+ @Override
+ public RouterMasterKeyResponse removeStoredMasterKey(RouterMasterKeyRequest request)
+ throws YarnException, IOException {
+ throw new NotImplementedException("Code is not implemented");
+ }
+
+ @Override
+ public RouterMasterKeyResponse getMasterKeyByDelegationKey(RouterMasterKeyRequest request)
+ throws YarnException, IOException {
+ throw new NotImplementedException("Code is not implemented");
+ }
}
\ No newline at end of file
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/RouterMasterKey.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/RouterMasterKey.java
new file mode 100644
index 0000000000..0090723e51
--- /dev/null
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/RouterMasterKey.java
@@ -0,0 +1,133 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.yarn.server.federation.store.records;
+
+import org.apache.commons.lang3.builder.EqualsBuilder;
+import org.apache.commons.lang3.builder.HashCodeBuilder;
+import org.apache.hadoop.classification.InterfaceAudience.Private;
+import org.apache.hadoop.classification.InterfaceAudience.Public;
+import org.apache.hadoop.classification.InterfaceStability.Unstable;
+import org.apache.hadoop.yarn.util.Records;
+
+import java.nio.ByteBuffer;
+
+@Private
+@Unstable
+public abstract class RouterMasterKey {
+
+ @Private
+ @Unstable
+ public static RouterMasterKey newInstance(Integer keyId, ByteBuffer keyBytes, Long expiryDate) {
+ RouterMasterKey policy = Records.newRecord(RouterMasterKey.class);
+ policy.setKeyId(keyId);
+ policy.setKeyBytes(keyBytes);
+ policy.setExpiryDate(expiryDate);
+ return policy;
+ }
+
+ @Private
+ @Unstable
+ public static RouterMasterKey newInstance(RouterMasterKey masterKey) {
+ RouterMasterKey routerMasterKey = Records.newRecord(RouterMasterKey.class);
+ routerMasterKey.setKeyId(masterKey.getKeyId());
+ routerMasterKey.setKeyBytes(masterKey.getKeyBytes());
+ routerMasterKey.setExpiryDate(masterKey.getExpiryDate());
+ return routerMasterKey;
+ }
+
+ /**
+ * Get the keyId of the MasterKey.
+ *
+ * @return MasterKeyId.
+ */
+ @Public
+ @Unstable
+ public abstract Integer getKeyId();
+
+ /**
+ * Set the keyId of the MasterKey.
+ *
+ * @param keyId MasterKeyId.
+ */
+ @Private
+ @Unstable
+ public abstract void setKeyId(Integer keyId);
+
+ /**
+ * Get the keyBytes of the DelegationKey.
+ *
+ * @return KeyBytes of the DelegationKey.
+ */
+ @Public
+ @Unstable
+ public abstract ByteBuffer getKeyBytes();
+
+ /**
+ * Set the keyBytes of the DelegationKey.
+ *
+ * @param keyBytes KeyBytes of the DelegationKey.
+ */
+ @Private
+ @Unstable
+ public abstract void setKeyBytes(ByteBuffer keyBytes);
+
+ /**
+ * Get the ExpiryDate of the DelegationKey.
+ *
+ * @return ExpiryDate of the DelegationKey.
+ */
+ @Private
+ @Unstable
+ public abstract Long getExpiryDate();
+
+ /**
+ * Set the expiryDate of the DelegationKey.
+ *
+ * @param expiryDate expiryDate of the DelegationKey.
+ */
+ @Private
+ @Unstable
+ public abstract void setExpiryDate(Long expiryDate);
+
+ @Override
+ public int hashCode() {
+ return new HashCodeBuilder()
+ .append(this.getExpiryDate().longValue())
+ .append(this.getKeyId().intValue())
+ .append(getKeyBytes().array())
+ .hashCode();
+ }
+
+ @Override
+ public boolean equals(Object right) {
+ if (this == right) {
+ return true;
+ }
+
+ if (right == null || getClass() != right.getClass()) {
+ return false;
+ }
+
+ RouterMasterKey r = (RouterMasterKey) right;
+ return new EqualsBuilder()
+ .append(this.getKeyId().intValue(), r.getKeyId().intValue())
+ .append(this.getExpiryDate().longValue(), this.getExpiryDate().longValue())
+ .append(getKeyBytes().array(), r.getKeyBytes())
+ .isEquals();
+ }
+}
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/RouterMasterKeyRequest.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/RouterMasterKeyRequest.java
new file mode 100644
index 0000000000..9be6ed01ef
--- /dev/null
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/RouterMasterKeyRequest.java
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.hadoop.yarn.server.federation.store.records;
+
+import org.apache.hadoop.classification.InterfaceAudience.Private;
+import org.apache.hadoop.classification.InterfaceAudience.Public;
+import org.apache.hadoop.classification.InterfaceStability.Unstable;
+import org.apache.hadoop.yarn.util.Records;
+
+@Private
+@Unstable
+public abstract class RouterMasterKeyRequest {
+
+ @Private
+ @Unstable
+ public static RouterMasterKeyRequest newInstance(RouterMasterKey routerMasterKey) {
+ RouterMasterKeyRequest request = Records.newRecord(RouterMasterKeyRequest.class);
+ request.setRouterMasterKey(routerMasterKey);
+ return request;
+ }
+
+ @Public
+ @Unstable
+ public abstract RouterMasterKey getRouterMasterKey();
+
+ @Private
+ @Unstable
+ public abstract void setRouterMasterKey(RouterMasterKey routerMasterKey);
+}
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/RouterMasterKeyResponse.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/RouterMasterKeyResponse.java
new file mode 100644
index 0000000000..27c0a93eef
--- /dev/null
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/RouterMasterKeyResponse.java
@@ -0,0 +1,44 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.yarn.server.federation.store.records;
+
+import org.apache.hadoop.classification.InterfaceAudience.Private;
+import org.apache.hadoop.classification.InterfaceAudience.Public;
+import org.apache.hadoop.classification.InterfaceStability.Unstable;
+import org.apache.hadoop.yarn.util.Records;
+
+@Private
+@Unstable
+public abstract class RouterMasterKeyResponse {
+
+ @Private
+ @Unstable
+ public static RouterMasterKeyResponse newInstance(RouterMasterKey masterKey) {
+ RouterMasterKeyResponse request = Records.newRecord(RouterMasterKeyResponse.class);
+ request.setRouterMasterKey(masterKey);
+ return request;
+ }
+
+ @Public
+ @Unstable
+ public abstract RouterMasterKey getRouterMasterKey();
+
+ @Private
+ @Unstable
+ public abstract void setRouterMasterKey(RouterMasterKey masterKey);
+}
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/RouterRMDTSecretManagerState.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/RouterRMDTSecretManagerState.java
new file mode 100644
index 0000000000..85a8002c91
--- /dev/null
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/RouterRMDTSecretManagerState.java
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.yarn.server.federation.store.records;
+
+import org.apache.hadoop.security.token.delegation.DelegationKey;
+import org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier;
+
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+public class RouterRMDTSecretManagerState {
+
+ // DTIdentifier -> renewDate
+ private Map delegationTokenState = new HashMap<>();
+
+ private Set masterKeyState = new HashSet<>();
+
+ private int dtSequenceNumber = 0;
+
+ public Map getTokenState() {
+ return delegationTokenState;
+ }
+
+ public Set getMasterKeyState() {
+ return masterKeyState;
+ }
+
+ public int getDTSequenceNumber() {
+ return dtSequenceNumber;
+ }
+
+ public void setDtSequenceNumber(int dtSequenceNumber) {
+ this.dtSequenceNumber = dtSequenceNumber;
+ }
+}
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/impl/pb/RouterMasterKeyPBImpl.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/impl/pb/RouterMasterKeyPBImpl.java
new file mode 100644
index 0000000000..e2adccc955
--- /dev/null
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/impl/pb/RouterMasterKeyPBImpl.java
@@ -0,0 +1,133 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.yarn.server.federation.store.records.impl.pb;
+
+import org.apache.hadoop.thirdparty.protobuf.ByteString;
+import org.apache.hadoop.thirdparty.protobuf.TextFormat;
+import org.apache.hadoop.yarn.api.records.impl.pb.ProtoUtils;
+import org.apache.hadoop.yarn.federation.proto.YarnServerFederationProtos.RouterMasterKeyProtoOrBuilder;
+import org.apache.hadoop.yarn.federation.proto.YarnServerFederationProtos.RouterMasterKeyProto;
+import org.apache.hadoop.yarn.server.federation.store.records.RouterMasterKey;
+
+import java.nio.ByteBuffer;
+
+public class RouterMasterKeyPBImpl extends RouterMasterKey {
+
+ private RouterMasterKeyProto proto = RouterMasterKeyProto.getDefaultInstance();
+ private RouterMasterKeyProto.Builder builder = null;
+ private boolean viaProto = false;
+
+ public RouterMasterKeyPBImpl() {
+ builder = RouterMasterKeyProto.newBuilder();
+ }
+
+ public RouterMasterKeyPBImpl(RouterMasterKeyProto masterKeyProto) {
+ this.proto = masterKeyProto;
+ viaProto = true;
+ }
+
+ public RouterMasterKeyProto getProto() {
+ proto = viaProto ? proto : builder.build();
+ viaProto = true;
+ return proto;
+ }
+
+ private void maybeInitBuilder() {
+ if (viaProto || builder == null) {
+ builder = RouterMasterKeyProto.newBuilder(proto);
+ }
+ viaProto = false;
+ }
+
+ @Override
+ public int hashCode() {
+ return getProto().hashCode();
+ }
+
+ @Override
+ public boolean equals(Object other) {
+ if (other == null) {
+ return false;
+ }
+ if (other.getClass().isAssignableFrom(this.getClass())) {
+ return this.getProto().equals(this.getClass().cast(other).getProto());
+ }
+ return false;
+ }
+
+ @Override
+ public String toString() {
+ return TextFormat.shortDebugString(getProto());
+ }
+
+ @Override
+ public Integer getKeyId() {
+ RouterMasterKeyProtoOrBuilder p = viaProto ? proto : builder;
+ return p.getKeyId();
+ }
+
+ @Override
+ public void setKeyId(Integer keyId) {
+ maybeInitBuilder();
+ if (keyId == null) {
+ builder.clearKeyId();
+ return;
+ }
+ builder.setKeyId(keyId);
+ }
+
+ @Override
+ public ByteBuffer getKeyBytes() {
+ RouterMasterKeyProtoOrBuilder p = viaProto ? proto : builder;
+ return convertFromProtoFormat(p.getKeyBytes());
+ }
+
+ @Override
+ public void setKeyBytes(ByteBuffer keyBytes) {
+ maybeInitBuilder();
+ if (keyBytes == null) {
+ builder.clearKeyBytes();
+ return;
+ }
+ builder.setKeyBytes(convertToProtoFormat(keyBytes));
+ }
+
+ @Override
+ public Long getExpiryDate() {
+ RouterMasterKeyProtoOrBuilder p = viaProto ? proto : builder;
+ return p.getExpiryDate();
+ }
+
+ @Override
+ public void setExpiryDate(Long expiryDate) {
+ maybeInitBuilder();
+ if (expiryDate == null) {
+ builder.clearExpiryDate();
+ return;
+ }
+ builder.setExpiryDate(expiryDate);
+ }
+
+ protected final ByteBuffer convertFromProtoFormat(ByteString byteString) {
+ return ProtoUtils.convertFromProtoFormat(byteString);
+ }
+
+ protected final ByteString convertToProtoFormat(ByteBuffer byteBuffer) {
+ return ProtoUtils.convertToProtoFormat(byteBuffer);
+ }
+}
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/impl/pb/RouterMasterKeyRequestPBImpl.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/impl/pb/RouterMasterKeyRequestPBImpl.java
new file mode 100644
index 0000000000..2d457e2f85
--- /dev/null
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/impl/pb/RouterMasterKeyRequestPBImpl.java
@@ -0,0 +1,128 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.yarn.server.federation.store.records.impl.pb;
+
+import org.apache.hadoop.classification.InterfaceAudience.Private;
+import org.apache.hadoop.classification.InterfaceStability.Unstable;
+import org.apache.hadoop.yarn.server.federation.store.records.RouterMasterKey;
+import org.apache.hadoop.yarn.server.federation.store.records.RouterMasterKeyRequest;
+import org.apache.hadoop.yarn.federation.proto.YarnServerFederationProtos.RouterMasterKeyProto;
+import org.apache.hadoop.yarn.federation.proto.YarnServerFederationProtos.RouterMasterKeyRequestProto;
+import org.apache.hadoop.yarn.federation.proto.YarnServerFederationProtos.RouterMasterKeyRequestProtoOrBuilder;
+import org.apache.hadoop.thirdparty.protobuf.TextFormat;
+
+@Private
+@Unstable
+public class RouterMasterKeyRequestPBImpl extends RouterMasterKeyRequest {
+
+ private RouterMasterKeyRequestProto proto = RouterMasterKeyRequestProto.getDefaultInstance();
+ private RouterMasterKeyRequestProto.Builder builder = null;
+ private boolean viaProto = false;
+ private RouterMasterKey routerMasterKey = null;
+
+ public RouterMasterKeyRequestPBImpl() {
+ builder = RouterMasterKeyRequestProto.newBuilder();
+ }
+
+ public RouterMasterKeyRequestPBImpl(RouterMasterKeyRequestProto proto) {
+ this.proto = proto;
+ viaProto = true;
+ }
+
+ public RouterMasterKeyRequestProto getProto() {
+ mergeLocalToProto();
+ proto = viaProto ? proto : builder.build();
+ viaProto = true;
+ return proto;
+ }
+
+ private void mergeLocalToProto() {
+ if (viaProto) {
+ maybeInitBuilder();
+ }
+ mergeLocalToBuilder();
+ proto = builder.build();
+ viaProto = true;
+ }
+
+ private void maybeInitBuilder() {
+ if (viaProto || builder == null) {
+ builder = RouterMasterKeyRequestProto.newBuilder(proto);
+ }
+ viaProto = false;
+ }
+
+ private void mergeLocalToBuilder() {
+ RouterMasterKeyPBImpl masterKeyRequest = (RouterMasterKeyPBImpl) this.routerMasterKey;
+ RouterMasterKeyProto routerMasterKeyProto = builder.getRouterMasterKey();
+ if (this.routerMasterKey != null && !masterKeyRequest.getProto().equals(routerMasterKeyProto)) {
+ builder.setRouterMasterKey(convertToProtoFormat(this.routerMasterKey));
+ }
+ }
+
+ @Override
+ public RouterMasterKey getRouterMasterKey() {
+ RouterMasterKeyRequestProtoOrBuilder p = viaProto ? proto : builder;
+ if (this.routerMasterKey != null) {
+ return this.routerMasterKey;
+ }
+ if (!p.hasRouterMasterKey()) {
+ return null;
+ }
+ this.routerMasterKey = convertFromProtoFormat(p.getRouterMasterKey());
+ return this.routerMasterKey;
+ }
+
+ @Override
+ public void setRouterMasterKey(RouterMasterKey masterKey) {
+ maybeInitBuilder();
+ if (masterKey == null) {
+ builder.clearRouterMasterKey();
+ }
+ this.routerMasterKey = masterKey;
+ }
+
+ @Override
+ public int hashCode() {
+ return getProto().hashCode();
+ }
+
+ @Override
+ public boolean equals(Object other) {
+ if (other == null) {
+ return false;
+ }
+ if (other.getClass().isAssignableFrom(this.getClass())) {
+ return this.getProto().equals(this.getClass().cast(other).getProto());
+ }
+ return false;
+ }
+
+ @Override
+ public String toString() {
+ return TextFormat.shortDebugString(getProto());
+ }
+
+ private RouterMasterKey convertFromProtoFormat(RouterMasterKeyProto masterKeyProto) {
+ return new RouterMasterKeyPBImpl(masterKeyProto);
+ }
+
+ private RouterMasterKeyProto convertToProtoFormat(RouterMasterKey masterKey) {
+ return ((RouterMasterKeyPBImpl) masterKey).getProto();
+ }
+}
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/impl/pb/RouterMasterKeyResponsePBImpl.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/impl/pb/RouterMasterKeyResponsePBImpl.java
new file mode 100644
index 0000000000..1fbe1cce2d
--- /dev/null
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/store/records/impl/pb/RouterMasterKeyResponsePBImpl.java
@@ -0,0 +1,128 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.yarn.server.federation.store.records.impl.pb;
+
+import org.apache.hadoop.classification.InterfaceAudience.Private;
+import org.apache.hadoop.classification.InterfaceStability.Unstable;
+import org.apache.hadoop.thirdparty.protobuf.TextFormat;
+import org.apache.hadoop.yarn.federation.proto.YarnServerFederationProtos.RouterMasterKeyProto;
+import org.apache.hadoop.yarn.federation.proto.YarnServerFederationProtos.RouterMasterKeyResponseProto;
+import org.apache.hadoop.yarn.federation.proto.YarnServerFederationProtos.RouterMasterKeyResponseProtoOrBuilder;
+import org.apache.hadoop.yarn.server.federation.store.records.RouterMasterKey;
+import org.apache.hadoop.yarn.server.federation.store.records.RouterMasterKeyResponse;
+
+@Private
+@Unstable
+public class RouterMasterKeyResponsePBImpl extends RouterMasterKeyResponse {
+
+ private RouterMasterKeyResponseProto proto = RouterMasterKeyResponseProto.getDefaultInstance();
+ private RouterMasterKeyResponseProto.Builder builder = null;
+ private boolean viaProto = false;
+ private RouterMasterKey routerMasterKey = null;
+
+ public RouterMasterKeyResponsePBImpl() {
+ builder = RouterMasterKeyResponseProto.newBuilder();
+ }
+
+ public RouterMasterKeyResponsePBImpl(RouterMasterKeyResponseProto proto) {
+ this.proto = proto;
+ viaProto = true;
+ }
+
+ public RouterMasterKeyResponseProto getProto() {
+ mergeLocalToProto();
+ proto = viaProto ? proto : builder.build();
+ viaProto = true;
+ return proto;
+ }
+
+ private void mergeLocalToProto() {
+ if (viaProto) {
+ maybeInitBuilder();
+ }
+ mergeLocalToBuilder();
+ proto = builder.build();
+ viaProto = true;
+ }
+
+ private void maybeInitBuilder() {
+ if (viaProto || builder == null) {
+ builder = RouterMasterKeyResponseProto.newBuilder(proto);
+ }
+ viaProto = false;
+ }
+
+ private void mergeLocalToBuilder() {
+ RouterMasterKeyPBImpl masterKeyRequest = (RouterMasterKeyPBImpl) this.routerMasterKey;
+ RouterMasterKeyProto routerMasterKeyProto = builder.getRouterMasterKey();
+ if (this.routerMasterKey != null && !masterKeyRequest.getProto().equals(routerMasterKeyProto)) {
+ builder.setRouterMasterKey(convertToProtoFormat(this.routerMasterKey));
+ }
+ }
+
+ @Override
+ public RouterMasterKey getRouterMasterKey() {
+ RouterMasterKeyResponseProtoOrBuilder p = viaProto ? proto : builder;
+ if (this.routerMasterKey != null) {
+ return this.routerMasterKey;
+ }
+ if (!p.hasRouterMasterKey()) {
+ return null;
+ }
+ this.routerMasterKey = convertFromProtoFormat(p.getRouterMasterKey());
+ return this.routerMasterKey;
+ }
+
+ @Override
+ public void setRouterMasterKey(RouterMasterKey masterKey) {
+ maybeInitBuilder();
+ if (masterKey == null) {
+ builder.clearRouterMasterKey();
+ }
+ this.routerMasterKey = masterKey;
+ }
+
+ @Override
+ public int hashCode() {
+ return getProto().hashCode();
+ }
+
+ @Override
+ public boolean equals(Object other) {
+ if (other == null) {
+ return false;
+ }
+ if (other.getClass().isAssignableFrom(this.getClass())) {
+ return this.getProto().equals(this.getClass().cast(other).getProto());
+ }
+ return false;
+ }
+
+ @Override
+ public String toString() {
+ return TextFormat.shortDebugString(getProto());
+ }
+
+ private RouterMasterKey convertFromProtoFormat(RouterMasterKeyProto masterKeyProto) {
+ return new RouterMasterKeyPBImpl(masterKeyProto);
+ }
+
+ private RouterMasterKeyProto convertToProtoFormat(RouterMasterKey masterKey) {
+ return ((RouterMasterKeyPBImpl) masterKey).getProto();
+ }
+}
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/utils/FederationStateStoreFacade.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/utils/FederationStateStoreFacade.java
index d95be57576..b94e85bab4 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/utils/FederationStateStoreFacade.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/federation/utils/FederationStateStoreFacade.java
@@ -18,6 +18,8 @@
package org.apache.hadoop.yarn.server.federation.utils;
+import java.io.IOException;
+import java.nio.ByteBuffer;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -41,6 +43,7 @@
import org.apache.hadoop.io.retry.RetryPolicies;
import org.apache.hadoop.io.retry.RetryPolicy;
import org.apache.hadoop.io.retry.RetryProxy;
+import org.apache.hadoop.security.token.delegation.DelegationKey;
import org.apache.hadoop.util.ReflectionUtils;
import org.apache.hadoop.yarn.api.records.ApplicationId;
import org.apache.hadoop.yarn.api.records.ReservationId;
@@ -74,6 +77,9 @@
import org.apache.hadoop.yarn.server.federation.store.records.UpdateApplicationHomeSubClusterRequest;
import org.apache.hadoop.yarn.server.federation.store.records.UpdateReservationHomeSubClusterRequest;
import org.apache.hadoop.yarn.server.federation.store.records.DeleteReservationHomeSubClusterRequest;
+import org.apache.hadoop.yarn.server.federation.store.records.RouterMasterKeyRequest;
+import org.apache.hadoop.yarn.server.federation.store.records.RouterMasterKeyResponse;
+import org.apache.hadoop.yarn.server.federation.store.records.RouterMasterKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -720,4 +726,56 @@ protected Object getAppHomeSubClusterCacheRequest(ApplicationId applicationId) {
public FederationStateStore getStateStore() {
return stateStore;
}
+
+ /**
+ * The Router Supports Store NewMasterKey (RouterMasterKey{@link RouterMasterKey}).
+ *
+ * @param newKey Key used for generating and verifying delegation tokens
+ * @throws YarnException if the call to the state store is unsuccessful
+ * @throws IOException An IO Error occurred
+ * @return RouterMasterKeyResponse
+ */
+ public RouterMasterKeyResponse storeNewMasterKey(DelegationKey newKey)
+ throws YarnException, IOException {
+ LOG.info("Storing master key with keyID {}.", newKey.getKeyId());
+ ByteBuffer keyBytes = ByteBuffer.wrap(newKey.getEncodedKey());
+ RouterMasterKey masterKey = RouterMasterKey.newInstance(newKey.getKeyId(),
+ keyBytes, newKey.getExpiryDate());
+ RouterMasterKeyRequest keyRequest = RouterMasterKeyRequest.newInstance(masterKey);
+ return stateStore.storeNewMasterKey(keyRequest);
+ }
+
+ /**
+ * The Router Supports Remove MasterKey (RouterMasterKey{@link RouterMasterKey}).
+ *
+ * @param newKey Key used for generating and verifying delegation tokens
+ * @throws YarnException if the call to the state store is unsuccessful
+ * @throws IOException An IO Error occurred
+ */
+ public void removeStoredMasterKey(DelegationKey newKey) throws YarnException, IOException {
+ LOG.info("Removing master key with keyID {}.", newKey.getKeyId());
+ ByteBuffer keyBytes = ByteBuffer.wrap(newKey.getEncodedKey());
+ RouterMasterKey masterKey = RouterMasterKey.newInstance(newKey.getKeyId(),
+ keyBytes, newKey.getExpiryDate());
+ RouterMasterKeyRequest keyRequest = RouterMasterKeyRequest.newInstance(masterKey);
+ stateStore.removeStoredMasterKey(keyRequest);
+ }
+
+ /**
+ * The Router Supports GetMasterKeyByDelegationKey.
+ *
+ * @param newKey Key used for generating and verifying delegation tokens
+ * @throws YarnException if the call to the state store is unsuccessful
+ * @throws IOException An IO Error occurred
+ * @return RouterMasterKeyResponse
+ */
+ public RouterMasterKeyResponse getMasterKeyByDelegationKey(DelegationKey newKey)
+ throws YarnException, IOException {
+ LOG.info("Storing master key with keyID {}.", newKey.getKeyId());
+ ByteBuffer keyBytes = ByteBuffer.wrap(newKey.getEncodedKey());
+ RouterMasterKey masterKey = RouterMasterKey.newInstance(newKey.getKeyId(),
+ keyBytes, newKey.getExpiryDate());
+ RouterMasterKeyRequest keyRequest = RouterMasterKeyRequest.newInstance(masterKey);
+ return stateStore.getMasterKeyByDelegationKey(keyRequest);
+ }
}
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/proto/yarn_server_federation_protos.proto b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/proto/yarn_server_federation_protos.proto
index 33f5cb3fc1..ff2b97091b 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/proto/yarn_server_federation_protos.proto
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/proto/yarn_server_federation_protos.proto
@@ -25,6 +25,7 @@ package hadoop.yarn;
import "yarn_protos.proto";
import "yarn_server_common_protos.proto";
+import "yarn_security_token.proto";
message SubClusterIdProto {
optional string id = 1;
@@ -213,4 +214,31 @@ message GetSubClusterPoliciesConfigurationsRequestProto {
message GetSubClusterPoliciesConfigurationsResponseProto {
repeated SubClusterPolicyConfigurationProto policies_configurations = 1;
- }
+}
+
+message RouterMasterKeyProto {
+ optional int32 key_id = 1;
+ optional bytes key_bytes = 2;
+ optional uint64 expiry_date = 3;
+}
+
+message RouterMasterKeyRequestProto {
+ optional RouterMasterKeyProto router_master_key = 1;
+}
+
+message RouterMasterKeyResponseProto {
+ optional RouterMasterKeyProto router_master_key = 1;
+}
+
+message RouterStoreTokenProto {
+ optional YARNDelegationTokenIdentifierProto token_identifier = 1;
+ optional int64 renew_date = 2;
+}
+
+message RouterRMTokenRequestProto {
+ optional RouterStoreTokenProto router_store_token = 1;
+}
+
+message RouterRMTokenResponseProto {
+ optional RouterStoreTokenProto router_store_token = 1;
+}
\ No newline at end of file
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/server/federation/store/impl/FederationStateStoreBaseTest.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/server/federation/store/impl/FederationStateStoreBaseTest.java
index 296e4846ea..258762682d 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/server/federation/store/impl/FederationStateStoreBaseTest.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/server/federation/store/impl/FederationStateStoreBaseTest.java
@@ -21,9 +21,12 @@
import java.nio.ByteBuffer;
import java.util.Calendar;
import java.util.List;
+import java.util.Set;
+import java.util.HashSet;
import java.util.TimeZone;
import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.security.token.delegation.DelegationKey;
import org.apache.hadoop.test.LambdaTestUtils;
import org.apache.hadoop.util.Time;
import org.apache.hadoop.yarn.api.records.ApplicationId;
@@ -68,6 +71,9 @@
import org.apache.hadoop.yarn.server.federation.store.records.DeleteReservationHomeSubClusterResponse;
import org.apache.hadoop.yarn.server.federation.store.records.UpdateReservationHomeSubClusterRequest;
import org.apache.hadoop.yarn.server.federation.store.records.UpdateReservationHomeSubClusterResponse;
+import org.apache.hadoop.yarn.server.federation.store.records.RouterMasterKey;
+import org.apache.hadoop.yarn.server.federation.store.records.RouterMasterKeyRequest;
+import org.apache.hadoop.yarn.server.federation.store.records.RouterMasterKeyResponse;
import org.apache.hadoop.yarn.util.MonotonicClock;
import org.junit.After;
import org.junit.Assert;
@@ -760,4 +766,75 @@ public void testUpdateReservationHomeSubClusterUnknownApp() throws Exception {
"Reservation " + reservationId + " does not exist",
() -> stateStore.updateReservationHomeSubCluster(updateReservationRequest));
}
+
+ @Test
+ public void testStoreNewMasterKey() throws Exception {
+ // store delegation key;
+ DelegationKey key = new DelegationKey(1234, 4321, "keyBytes".getBytes());
+ Set keySet = new HashSet<>();
+ keySet.add(key);
+
+ RouterMasterKey routerMasterKey = RouterMasterKey.newInstance(key.getKeyId(),
+ ByteBuffer.wrap(key.getEncodedKey()), key.getExpiryDate());
+ RouterMasterKeyRequest routerMasterKeyRequest =
+ RouterMasterKeyRequest.newInstance(routerMasterKey);
+ RouterMasterKeyResponse response = stateStore.storeNewMasterKey(routerMasterKeyRequest);
+
+ Assert.assertNotNull(response);
+ RouterMasterKey routerMasterKeyResp = response.getRouterMasterKey();
+ Assert.assertNotNull(routerMasterKeyResp);
+ Assert.assertEquals(routerMasterKey.getKeyId(), routerMasterKeyResp.getKeyId());
+ Assert.assertEquals(routerMasterKey.getKeyBytes(), routerMasterKeyResp.getKeyBytes());
+ Assert.assertEquals(routerMasterKey.getExpiryDate(), routerMasterKeyResp.getExpiryDate());
+ }
+
+ @Test
+ public void testGetMasterKeyByDelegationKey() throws YarnException, IOException {
+ // store delegation key;
+ DelegationKey key = new DelegationKey(5678, 8765, "keyBytes".getBytes());
+ Set keySet = new HashSet<>();
+ keySet.add(key);
+
+ RouterMasterKey routerMasterKey = RouterMasterKey.newInstance(key.getKeyId(),
+ ByteBuffer.wrap(key.getEncodedKey()), key.getExpiryDate());
+ RouterMasterKeyRequest routerMasterKeyRequest =
+ RouterMasterKeyRequest.newInstance(routerMasterKey);
+ RouterMasterKeyResponse response = stateStore.storeNewMasterKey(routerMasterKeyRequest);
+ Assert.assertNotNull(response);
+
+ RouterMasterKeyResponse routerMasterKeyResponse =
+ stateStore.getMasterKeyByDelegationKey(routerMasterKeyRequest);
+
+ Assert.assertNotNull(routerMasterKeyResponse);
+
+ RouterMasterKey routerMasterKeyResp = routerMasterKeyResponse.getRouterMasterKey();
+ Assert.assertNotNull(routerMasterKeyResp);
+ Assert.assertEquals(routerMasterKey.getKeyId(), routerMasterKeyResp.getKeyId());
+ Assert.assertEquals(routerMasterKey.getKeyBytes(), routerMasterKeyResp.getKeyBytes());
+ Assert.assertEquals(routerMasterKey.getExpiryDate(), routerMasterKeyResp.getExpiryDate());
+ }
+
+ @Test
+ public void testRemoveStoredMasterKey() throws YarnException, IOException {
+ // store delegation key;
+ DelegationKey key = new DelegationKey(1234, 4321, "keyBytes".getBytes());
+ Set keySet = new HashSet<>();
+ keySet.add(key);
+
+ RouterMasterKey routerMasterKey = RouterMasterKey.newInstance(key.getKeyId(),
+ ByteBuffer.wrap(key.getEncodedKey()), key.getExpiryDate());
+ RouterMasterKeyRequest routerMasterKeyRequest =
+ RouterMasterKeyRequest.newInstance(routerMasterKey);
+ RouterMasterKeyResponse response = stateStore.storeNewMasterKey(routerMasterKeyRequest);
+ Assert.assertNotNull(response);
+
+ RouterMasterKeyResponse masterKeyResponse =
+ stateStore.removeStoredMasterKey(routerMasterKeyRequest);
+ Assert.assertNotNull(masterKeyResponse);
+
+ RouterMasterKey routerMasterKeyResp = masterKeyResponse.getRouterMasterKey();
+ Assert.assertEquals(routerMasterKey.getKeyId(), routerMasterKeyResp.getKeyId());
+ Assert.assertEquals(routerMasterKey.getKeyBytes(), routerMasterKeyResp.getKeyBytes());
+ Assert.assertEquals(routerMasterKey.getExpiryDate(), routerMasterKeyResp.getExpiryDate());
+ }
}
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/server/federation/store/impl/TestSQLFederationStateStore.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/server/federation/store/impl/TestSQLFederationStateStore.java
index d257b870d0..d0dec2603d 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/server/federation/store/impl/TestSQLFederationStateStore.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/server/federation/store/impl/TestSQLFederationStateStore.java
@@ -17,6 +17,7 @@
package org.apache.hadoop.yarn.server.federation.store.impl;
+import org.apache.commons.lang3.NotImplementedException;
import org.apache.hadoop.test.LambdaTestUtils;
import org.apache.hadoop.util.Time;
import org.apache.hadoop.yarn.api.records.ApplicationId;
@@ -555,4 +556,19 @@ public void testDeleteReservationHomeSubClusterAbnormalSituation() throws Except
LambdaTestUtils.intercept(YarnException.class, errorMsg,
() -> stateStore.deleteReservationHomeSubCluster(delRequest));
}
+
+ @Test(expected = NotImplementedException.class)
+ public void testStoreNewMasterKey() throws Exception {
+ super.testStoreNewMasterKey();
+ }
+
+ @Test(expected = NotImplementedException.class)
+ public void testGetMasterKeyByDelegationKey() throws YarnException, IOException {
+ super.testGetMasterKeyByDelegationKey();
+ }
+
+ @Test(expected = NotImplementedException.class)
+ public void testRemoveStoredMasterKey() throws YarnException, IOException {
+ super.testRemoveStoredMasterKey();
+ }
}
\ No newline at end of file
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/server/federation/store/impl/TestZookeeperFederationStateStore.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/server/federation/store/impl/TestZookeeperFederationStateStore.java
index 272394b6b2..788adef371 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/server/federation/store/impl/TestZookeeperFederationStateStore.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/server/federation/store/impl/TestZookeeperFederationStateStore.java
@@ -19,6 +19,7 @@
import java.io.IOException;
+import org.apache.commons.lang3.NotImplementedException;
import org.apache.curator.framework.CuratorFramework;
import org.apache.curator.framework.CuratorFrameworkFactory;
import org.apache.curator.retry.RetryNTimes;
@@ -168,4 +169,19 @@ public void testMetricsInited() throws Exception {
MetricsRecords.assertMetric(record, "DeleteReservationHomeSubClusterNumOps", expectOps);
MetricsRecords.assertMetric(record, "UpdateReservationHomeSubClusterNumOps", expectOps);
}
+
+ @Test(expected = NotImplementedException.class)
+ public void testStoreNewMasterKey() throws Exception {
+ super.testStoreNewMasterKey();
+ }
+
+ @Test(expected = NotImplementedException.class)
+ public void testGetMasterKeyByDelegationKey() throws YarnException, IOException {
+ super.testGetMasterKeyByDelegationKey();
+ }
+
+ @Test(expected = NotImplementedException.class)
+ public void testRemoveStoredMasterKey() throws YarnException, IOException {
+ super.testRemoveStoredMasterKey();
+ }
}
\ No newline at end of file
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/server/federation/store/records/TestFederationProtocolRecords.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/server/federation/store/records/TestFederationProtocolRecords.java
index cf8cf719d0..13a98a9993 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/server/federation/store/records/TestFederationProtocolRecords.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/server/federation/store/records/TestFederationProtocolRecords.java
@@ -47,6 +47,9 @@
import org.apache.hadoop.yarn.federation.proto.YarnServerFederationProtos.SubClusterRegisterResponseProto;
import org.apache.hadoop.yarn.federation.proto.YarnServerFederationProtos.UpdateApplicationHomeSubClusterRequestProto;
import org.apache.hadoop.yarn.federation.proto.YarnServerFederationProtos.UpdateApplicationHomeSubClusterResponseProto;
+import org.apache.hadoop.yarn.federation.proto.YarnServerFederationProtos.RouterMasterKeyProto;
+import org.apache.hadoop.yarn.federation.proto.YarnServerFederationProtos.RouterMasterKeyRequestProto;
+import org.apache.hadoop.yarn.federation.proto.YarnServerFederationProtos.RouterMasterKeyResponseProto;
import org.apache.hadoop.yarn.server.federation.store.records.impl.pb.AddApplicationHomeSubClusterRequestPBImpl;
import org.apache.hadoop.yarn.server.federation.store.records.impl.pb.AddApplicationHomeSubClusterResponsePBImpl;
import org.apache.hadoop.yarn.server.federation.store.records.impl.pb.DeleteApplicationHomeSubClusterRequestPBImpl;
@@ -75,6 +78,9 @@
import org.apache.hadoop.yarn.server.federation.store.records.impl.pb.SubClusterRegisterResponsePBImpl;
import org.apache.hadoop.yarn.server.federation.store.records.impl.pb.UpdateApplicationHomeSubClusterRequestPBImpl;
import org.apache.hadoop.yarn.server.federation.store.records.impl.pb.UpdateApplicationHomeSubClusterResponsePBImpl;
+import org.apache.hadoop.yarn.server.federation.store.records.impl.pb.RouterMasterKeyPBImpl;
+import org.apache.hadoop.yarn.server.federation.store.records.impl.pb.RouterMasterKeyRequestPBImpl;
+import org.apache.hadoop.yarn.server.federation.store.records.impl.pb.RouterMasterKeyResponsePBImpl;
import org.apache.hadoop.yarn.server.records.Version;
import org.junit.BeforeClass;
import org.junit.Test;
@@ -92,6 +98,7 @@ public static void setup() throws Exception {
generateByNewInstance(SubClusterInfo.class);
generateByNewInstance(ApplicationHomeSubCluster.class);
generateByNewInstance(SubClusterPolicyConfiguration.class);
+ generateByNewInstance(RouterMasterKey.class);
}
@Test
@@ -262,4 +269,19 @@ public void testGetSubClusterPoliciesConfigurationsResponse()
GetSubClusterPoliciesConfigurationsResponsePBImpl.class,
GetSubClusterPoliciesConfigurationsResponseProto.class);
}
+
+ @Test
+ public void testRouterMasterKey() throws Exception {
+ validatePBImplRecord(RouterMasterKeyPBImpl.class, RouterMasterKeyProto.class);
+ }
+
+ @Test
+ public void testRouterMasterKeyRequest() throws Exception {
+ validatePBImplRecord(RouterMasterKeyRequestPBImpl.class, RouterMasterKeyRequestProto.class);
+ }
+
+ @Test
+ public void testRouterMasterKeyResponse() throws Exception {
+ validatePBImplRecord(RouterMasterKeyResponsePBImpl.class, RouterMasterKeyResponseProto.class);
+ }
}
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/server/federation/utils/TestFederationStateStoreFacade.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/server/federation/utils/TestFederationStateStoreFacade.java
index 0606f5c454..1bfa6b90ff 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/server/federation/utils/TestFederationStateStoreFacade.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/test/java/org/apache/hadoop/yarn/server/federation/utils/TestFederationStateStoreFacade.java
@@ -22,8 +22,11 @@
import java.util.Arrays;
import java.util.Collection;
import java.util.Map;
+import java.util.Set;
+import java.util.HashSet;
import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.security.token.delegation.DelegationKey;
import org.apache.hadoop.yarn.api.records.ApplicationId;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.exceptions.YarnException;
@@ -33,6 +36,7 @@
import org.apache.hadoop.yarn.server.federation.store.records.SubClusterId;
import org.apache.hadoop.yarn.server.federation.store.records.SubClusterInfo;
import org.apache.hadoop.yarn.server.federation.store.records.SubClusterPolicyConfiguration;
+import org.apache.hadoop.yarn.server.federation.store.records.RouterRMDTSecretManagerState;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
@@ -232,4 +236,37 @@ public void testGetApplicationHomeSubClusterCache() throws YarnException {
}
}
+ @Test
+ public void testStoreNewMasterKey() throws YarnException, IOException {
+ // store delegation key;
+ DelegationKey key = new DelegationKey(1234, 4321, "keyBytes".getBytes());
+ Set keySet = new HashSet<>();
+ keySet.add(key);
+ facade.storeNewMasterKey(key);
+
+ MemoryFederationStateStore federationStateStore =
+ (MemoryFederationStateStore) facade.getStateStore();
+ RouterRMDTSecretManagerState secretManagerState =
+ federationStateStore.getRouterRMSecretManagerState();
+ Assert.assertEquals(keySet, secretManagerState.getMasterKeyState());
+ }
+
+ @Test
+ public void testRemoveStoredMasterKey() throws YarnException, IOException {
+ // store delegation key;
+ DelegationKey key = new DelegationKey(4567, 7654, "keyBytes".getBytes());
+ Set keySet = new HashSet<>();
+ keySet.add(key);
+ facade.storeNewMasterKey(key);
+
+ // check to delete delegationKey
+ facade.removeStoredMasterKey(key);
+ keySet.clear();
+
+ MemoryFederationStateStore federationStateStore =
+ (MemoryFederationStateStore) facade.getStateStore();
+ RouterRMDTSecretManagerState secretManagerState =
+ federationStateStore.getRouterRMSecretManagerState();
+ Assert.assertEquals(keySet, secretManagerState.getMasterKeyState());
+ }
}
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/federation/FederationStateStoreService.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/federation/FederationStateStoreService.java
index a473186ed6..060540d01e 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/federation/FederationStateStoreService.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/federation/FederationStateStoreService.java
@@ -18,10 +18,12 @@
package org.apache.hadoop.yarn.server.resourcemanager.federation;
+import java.io.IOException;
import java.net.InetSocketAddress;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
+import org.apache.commons.lang3.NotImplementedException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.io.retry.RetryPolicy;
import org.apache.hadoop.net.NetUtils;
@@ -70,6 +72,8 @@
import org.apache.hadoop.yarn.server.federation.store.records.UpdateApplicationHomeSubClusterResponse;
import org.apache.hadoop.yarn.server.federation.store.records.UpdateReservationHomeSubClusterRequest;
import org.apache.hadoop.yarn.server.federation.store.records.UpdateReservationHomeSubClusterResponse;
+import org.apache.hadoop.yarn.server.federation.store.records.RouterMasterKeyRequest;
+import org.apache.hadoop.yarn.server.federation.store.records.RouterMasterKeyResponse;
import org.apache.hadoop.yarn.server.federation.utils.FederationStateStoreFacade;
import org.apache.hadoop.yarn.server.records.Version;
import org.apache.hadoop.yarn.server.resourcemanager.RMContext;
@@ -356,4 +360,22 @@ public DeleteReservationHomeSubClusterResponse deleteReservationHomeSubCluster(
DeleteReservationHomeSubClusterRequest request) throws YarnException {
return stateStoreClient.deleteReservationHomeSubCluster(request);
}
+
+ @Override
+ public RouterMasterKeyResponse storeNewMasterKey(RouterMasterKeyRequest request)
+ throws YarnException, IOException {
+ throw new NotImplementedException("Code is not implemented");
+ }
+
+ @Override
+ public RouterMasterKeyResponse removeStoredMasterKey(RouterMasterKeyRequest request)
+ throws YarnException, IOException {
+ throw new NotImplementedException("Code is not implemented");
+ }
+
+ @Override
+ public RouterMasterKeyResponse getMasterKeyByDelegationKey(RouterMasterKeyRequest request)
+ throws YarnException, IOException {
+ throw new NotImplementedException("Code is not implemented");
+ }
}