Class WorkerTokenManager
java.lang.Object
org.apache.storm.security.auth.workertoken.WorkerTokenManager
The WorkerTokenManager manages the life cycle of worker tokens in nimbus.
- 
Constructor SummaryConstructorsConstructorDescriptionWorkerTokenManager(Map<String, Object> daemonConf, IStormClusterState state) Constructor.
- 
Method SummaryModifier and TypeMethodDescriptioncreateOrUpdateTokenFor(WorkerTokenServiceType serviceType, String user, String topologyId) Create or update an existing key.protected SecretKeyGenerate a new random secret key.protected SecretKeyGet the secret that should be used to sign a token.booleanshouldRenewWorkerToken(Map<String, String> creds, WorkerTokenServiceType type) voidCreate or renew WorkerToken credentials for a topology.
- 
Constructor Details- 
WorkerTokenManagerConstructor. This assumes that state can store the tokens securely, and that they should be enabled at all. Please use ClientAuthUtils.areWorkerTokensEnabledServer to validate this first.- Parameters:
- daemonConf- the config for nimbus.
- state- the state used to store private keys.
 
 
- 
- 
Method Details- 
generateSecretGenerate a new random secret key.- Returns:
- the new key
 
- 
getCurrentSecretGet the secret that should be used to sign a token. This may either reuse a secret or generate a new one so any user should call this once and save the result.- Returns:
- the key to use.
 
- 
createOrUpdateTokenForpublic WorkerToken createOrUpdateTokenFor(WorkerTokenServiceType serviceType, String user, String topologyId) Create or update an existing key.- Parameters:
- serviceType- the type of service to create a token for
- user- the user the token is for
- topologyId- the topology the token is for
- Returns:
- a newly generated token that should be good to start using form now until it expires.
 
- 
upsertWorkerTokensInCredsForTopopublic void upsertWorkerTokensInCredsForTopo(Map<String, String> creds, String user, String topologyId) Create or renew WorkerToken credentials for a topology.- Parameters:
- creds- the map of credentials for.
- user- the user the credentials are for
- topologyId- the topology the credentials are for
 
- 
shouldRenewWorkerToken
 
-