public DistributedKeyManager(CConfiguration conf, Codec<KeyIdentifier> codec, ZKClient zookeeper) { this(conf, codec, zookeeper, getACLs(conf)); }
@Override public KeyManager get() { return new DistributedKeyManager(cConf, keyCodec, zkClient); } }
public boolean hasKey(int keyId) { return super.hasKey(keyId); } }
private synchronized void rotateKey() { long now = System.currentTimeMillis(); // create a new secret key generateKey(); // clear out any expired keys for (KeyIdentifier keyIdent : keyCache.getResources()) { // we can only remove keys that expired prior to the oldest non-expired token if (keyIdent.getExpiration() < (now - maxTokenExpiration)) { LOG.debug("Removing expired key: id={}, expiration={}", keyIdent.getKeyId(), keyIdent.getExpiration()); keyCache.remove(Integer.toString(keyIdent.getKeyId())); } } lastKeyUpdate = now; }
@Override protected void doInit() throws IOException { this.keyCache.addListener(this); try { keyCache.init(); } catch (InterruptedException ie) { throw Throwables.propagate(ie); } this.leaderElection = new LeaderElection(zookeeper, "/leader", new ElectionHandler() { @Override public void leader() { leader.set(true); LOG.debug("Transitioned to leader"); if (currentKey == null) { rotateKey(); } } @Override public void follower() { leader.set(false); LOG.debug("Transitioned to follower"); } }); this.leaderElection.start(); startExpirationThread(); }
@Test public void testGetACLs() throws Exception { CConfiguration kerbConf = CConfiguration.create(); kerbConf.set(Constants.Security.KERBEROS_ENABLED, "true"); kerbConf.set(Constants.Security.CFG_CDAP_MASTER_KRB_PRINCIPAL, "prinicpal@REALM.NET"); kerbConf.set(Constants.Security.CFG_CDAP_MASTER_KRB_KEYTAB_PATH, "/path/to/keytab"); Assert.assertEquals(ZooDefs.Ids.CREATOR_ALL_ACL, DistributedKeyManager.getACLs(kerbConf)); CConfiguration noKerbConf = CConfiguration.create(); noKerbConf.unset(Constants.Security.CFG_CDAP_MASTER_KRB_PRINCIPAL); Assert.assertEquals(ZooDefs.Ids.OPEN_ACL_UNSAFE, DistributedKeyManager.getACLs(noKerbConf)); }