...
AlterScramUsers
alterScramUsers will delete, create , or change SCRAM users.Deletions are done by user name.
Alterations will create the given user if it doesn't exist, or alter it if it does.
Code Block |
---|
public class ScramUserDeletion { private final String user; } public class ScramCredential { private final ScramMechanismInfo info; private final byte[] salt; private final byte[] password; // There will be one constructor that randomly generates a salt, and one that accepts a pre-defined salt. } public class ScramUserAlteration { private final String user; private final List<ScramCredential> credentials; public ScramCredentialAlteration(String user, List<ScramCredential> credentials) { this.user = user; this.credentials = credentials; } public String user() { return user; } public List<ScramCredential> credentials() { return credentials; } } public class AlterScramUsersOptions extends AbstractOptions<AlterScramUsersOptions> {} default AlterScramUsersResult alterScramUsers(List<ScramUserDeletion> deletions,List<ScramUserAlteration> alterations) { return alterScramUsers(deletions, alterations, new AlterScramUsersOptions()); } AlterScramUsersResult alterScramUsers(List<ScramUserAlteration> alterations, List<ScramUserAlteration> alterations) { return alterScramUsers(deletions, alterations, new AlterScramUsersOptions()); } AlterScramUsersResult alterScramUsers(List<ScramUserDeletion> deletions,AlterScramUsersOptions options); public class AlterScramCredentialsResult { public KafkaFuture<Void> all(); public Map<String, List<ScramUserAlteration> alterations,KafkaFuture<Void>> results(); } |
The AlterScramUsersRequest and AlterScreamUsersResponse implement the new API.
Code Block | ||
---|---|---|
| ||
{ "apiKey": 51, "type": "response", "name": "AlterScramUsersRequest", "validVersions": "0", "flexibleVersions": "0+", "fields": [ { "name": "Alterations", "type": "[]ScramUserAlteration", "versions": "0+", "about": "The SCRAM users to create or alter.", "fields": [ { "name": "Name", "type": "string", "versions": AlterScramUsersOptions options); public class AlterScramCredentialsResult { public KafkaFuture<Void> all();"0+", "about": "The user name." } public Map<String, KafkaFuture<Void>> results(); } |
The AlterScramUsersRequest and AlterScreamUsersResponse implement the new API.
Code Block | ||
---|---|---|
| ||
{ "apiKeyname": 51, "Credentials", "type": "responseScramCredential", "nameversions": "AlterScramUsersRequest0+", "validVersions": "0", "flexibleVersionsabout": "0+", The SCRAM credentials to configure." } "fields": [ { "name": "DeletionsMechanism", "type": "[]ScramUserDeletionint8", "versions": "0+", "about": "The SCRAM users to removemechanism.", "fields": [ }, { "name": "NameIterations", "type": "stringint32", "versions": "0+", "about": "The usernumber name." } ]}, of iterations, or -1 to use the server default." }, { "name": "AlterationsSalt", "type": "[]ScramUserAlterationbytes", "versions": "0+", ", "about": "The SCRAM users to alter.", "fields": [ A random salt generated by the client." }, { "name": "NameSaltedPassword", "type": "stringbytes", "versions": "0+", ", "about": "The usersalted namepassword." } ]} ]} ] } { "nameapiKey": "Credentials"51, "type": "ScramCredentialresponse", "versionsname": "0+AlterScramUsersResponse", "validVersions": "0", "aboutflexibleVersions": "The SCRAM credentials to configure." } 0+", "fields": [ { "name": "MechanismResults", "type": "int8[]AlterScramUsersResult", "versions": "0+", "about": "The SCRAM mechanism." },results for alterations, in the same order as the request.", "fields": [ { "name": "IterationsErrorCode", "type": "int32int8", "versions": "0+", "about": "The number of iterations, or -1 to use the server defaulterror code." }, { "name": "SaltErrorString", "type": "bytesstring", "versions": "0+", "nullableVersions": "0+", "about": "AThe randomerror saltmessage, generated by the clientif any." }, ]} ] { "name": "SaltedPassword", "type": "bytes", "versions": "0+", ", "about": "The salted password." } ]} ]} ] } { "apiKey": 51, "type": "response", "name": "AlterScramUsersResponse", "validVersions": "0", "flexibleVersions": "0+", "fields": [ { "name": "Results", "type": "[]AlterScramUsersResult", "versions": "0+", "about": "The results for removals, followed by the results for alterations.", "fields": [ { "name": "ErrorCode", "type": "int8", "versions": "0+", "about": "The error code." }, |
A removal or alteration will return INVALID_REQUEST if an empty user name is passed, or an invalid number of iterations, or a duplicate user name. Note that if the number of iterations is set to -1, the server-side default will be used.
A removal will return a new error code, RESOURCE_NOT_FOUND, if it was instructed to delete a user, but that user was not found.
The RPC will require ALTER on CLUSTER. It will return CLUSTER_AUTHORIZATION_FAILED if the user has insufficient permissions. It will be will be sent to the controller, and will return NOT_CONTROLLER if the receiving broker is not the controller.
DeleteScramUsers
deleteScramusers will delete SCRAM users.
Deletions are done by user name.
Code Block |
---|
public class ScramUserDeletion { private final String user; } public class DeleteScramUsersOptions extends AbstractOptions<AlterScramUsersOptions> {} default DeleteScramUsersResult deleteScramUsers(List<ScramUserDeletion> deletions) { return deleteScramUsers(deletions, new DeleteScramUsersOptions()); } DeleteScramUsersResult deleteScramUsers(List<ScramUserDeletion> deletions, { "name": "ErrorString", "type": "string", "versions": "0+", "nullableVersions": "0+", "about": "The error message, if any." } ]} DeleteScramUsersOptions options); public class ]DeleteScramUsersResult { public KafkaFuture<Void> } |
A removal or alteration will return INVALID_REQUEST if an empty user name is passed, or an invalid number of iterations, or a duplicate user name. Note that if the number of iterations is set to -1, the server-side default will be used.
A removal will return a new error code, RESOURCE_NOT_FOUND, if it was instructed to delete a user, but that user was not found.
...
all();
public Map<String, KafkaFuture<Void>> results();
} |
The DeleteScramUsersRequest and DeleteScramUsersResponse implement the new API.
Code Block | ||
---|---|---|
| ||
{
"apiKey": 52,
"type": "response",
"name": "DeleteScramUsersRequest",
"validVersions": "0",
"flexibleVersions": "0+",
"fields": [
{ "name": "Deletions", "type": "[]ScramUserDeletion", "versions": "0+",
"about": "The SCRAM users to remove.", "fields": [
{ "name": "Name", "type": "string", "versions": "0+",
"about": "The user name." }
]}
]}
]
}
{
"apiKey": 52,
"type": "response",
"name": "DeleteScramUsersResponse",
"validVersions": "0",
"flexibleVersions": "0+",
"fields": [
{ "name": "Results", "type": "[]RemoveScramUsersResult", "versions": "0+",
"about": "The results for removals, in the same order as the request", "fields": [
{ "name": "ErrorCode", "type": "int8", "versions": "0+",
"about": "The error code." },
{ "name": "ErrorString", "type": "string", "versions": "0+", "nullableVersions": "0+",
"about": "The error message, if any." }
]}
]
} |
Command-Line Changes
We will extend the kafka-configs.sh command to so that it is possible to set a SCRAM configuration without using --zookeeper. The command-line syntax will be unchanged, except for the fact that users will now be able to pass --bootstrap-server instead of --zookeeper.
...