...
Discussion thread: here
JIRA: here
Jira | ||||||
---|---|---|---|---|---|---|
|
Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).
...
Operation | Resource | API |
---|---|---|
CreateTokens | Cluster | createTokens for other users // New |
DescribeTokens | Cluster | describeTokens for others tokens // New |
DescribeToken | DelegationToken | describeTokens for a given tokenId //Existing |
...
Code Block | ||
---|---|---|
| ||
>> bin/kafka-delegation-token.sh --bootstrap-server broker1:9092 --create -owner-principal User:owner1 --renewer-principal User:renewer1 --max-life-time 1486750745585 |
Proposed Changes
Create/Renew Tokens:
Token request requester users with 'CreateTokens' permission on 'Cluster' Resource can create token or renew tokens for other users. The token requester must be authenticated using any of the available secure channels (Kerberos, SCRAM, SSL) to createor renew tokens for for other users. The token requester can not use delegation token based authentication for creating or renewing tokens.
Describe Tokens:
Users with 'DescribeTokens' permission on Cluster resource can describe others tokens.
Token Details in Zookeeper
Token details properties storage format version will be updated to 2.
...