Versions Compared

Old Version 10

changes.mady.by.user Colin McCabe

Saved on

compared with

New Version 11

changes.mady.by.user Colin McCabe

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

AlterScramUsers

alterScramUsers will delete, create , or change SCRAM users.Deletions are done by user name.

Alterations will create the given user if it doesn't exist, or alter it if it does.

Code Block
public class ScramUserDeletion {
    private final String user;
}

public class ScramCredential {
    private final ScramMechanismInfo info;
    private final byte[] salt;
    private final byte[] password;

    // There will be one constructor that randomly generates a salt, and one that accepts a pre-defined salt.
}

public class ScramUserAlteration {
    private final String user;
    private final List<ScramCredential> credentials;

    public ScramCredentialAlteration(String user, List<ScramCredential> credentials) {
        this.user = user;
        this.credentials = credentials;
    }

    public String user() {
        return user;
    }

    public List<ScramCredential> credentials() {
        return credentials;
    }
}

public class AlterScramUsersOptions extends AbstractOptions<AlterScramUsersOptions> {}

default AlterScramUsersResult alterScramUsers(List<ScramUserDeletion> deletions,List<ScramUserAlteration> alterations) {
    return alterScramUsers(deletions, alterations, new AlterScramUsersOptions());
}

AlterScramUsersResult     alterScramUsers(List<ScramUserAlteration> alterations,
                                 List<ScramUserAlteration> alterations) {
    return alterScramUsers(deletions, alterations, new AlterScramUsersOptions());
}

AlterScramUsersResult alterScramUsers(List<ScramUserDeletion> deletions,AlterScramUsersOptions options);

public class AlterScramCredentialsResult {
    public KafkaFuture<Void> all();
    public Map<String,                           List<ScramUserAlteration> alterations,KafkaFuture<Void>> results();
}

The AlterScramUsersRequest and AlterScreamUsersResponse implement the new API.

Code Block
languagejava
{ 
  "apiKey": 51, 
  "type": "response",
  "name": "AlterScramUsersRequest",
  "validVersions": "0", 
  "flexibleVersions": "0+", 
  "fields": [ 
    { "name": "Alterations", "type": "[]ScramUserAlteration", "versions": "0+",
      "about": "The SCRAM users to create or alter.", "fields": [
      { "name": "Name", "type": "string", "versions":  AlterScramUsersOptions options);

public class AlterScramCredentialsResult {
    public KafkaFuture<Void> all();"0+",
        "about": "The user name." }
    public Map<String, KafkaFuture<Void>> results();
}

The AlterScramUsersRequest and AlterScreamUsersResponse implement the new API.

Code Block
languagejava
{ 
  "apiKeyname": 51, 
 "Credentials", "type": "responseScramCredential",
  "nameversions": "AlterScramUsersRequest0+",
    "validVersions": "0", 
  "flexibleVersionsabout": "0+", The SCRAM credentials to configure." }
  "fields": [ 
    { "name": "DeletionsMechanism", "type": "[]ScramUserDeletionint8", "versions": "0+",
          "about": "The SCRAM users to removemechanism.", "fields": [ },
        { "name": "NameIterations", "type": "stringint32", "versions": "0+",
          "about": "The usernumber name." }
      ]},
of iterations, or -1 to use the server default." },
        { "name": "AlterationsSalt", "type": "[]ScramUserAlterationbytes", "versions": "0+", ",
          "about": "The SCRAM users to alter.", "fields": [
A random salt generated by the client." },
        { "name": "NameSaltedPassword", "type": "stringbytes", "versions": "0+", ",
          "about": "The usersalted namepassword." }
      ]}
    ]}
  ]
}

{ 
  "nameapiKey": "Credentials"51, 
  "type": "ScramCredentialresponse",
  "versionsname": "0+AlterScramUsersResponse",
  "validVersions":    "0", 
  "aboutflexibleVersions": "The SCRAM credentials to configure." }
    0+", 
  "fields": [ 
    { "name": "MechanismResults", "type": "int8[]AlterScramUsersResult", "versions": "0+",
          "about": "The SCRAM mechanism." },results for alterations, in the same order as the request.", "fields": [
        { "name": "IterationsErrorCode", "type": "int32int8", "versions": "0+",
          "about": "The number of iterations, or -1 to use the server defaulterror code." },
        { "name": "SaltErrorString", "type": "bytesstring", "versions": "0+", "nullableVersions": "0+",
          "about": "AThe randomerror saltmessage, generated by the clientif any." },
    ]}  
  ] { "name": "SaltedPassword", "type": "bytes", "versions": "0+", ",
          "about": "The salted password." }

      ]}
    ]}  
  ]       
}   

{ 
  "apiKey": 51, 
  "type": "response",
  "name": "AlterScramUsersResponse",
  "validVersions": "0", 
  "flexibleVersions": "0+", 
  "fields": [ 
    { "name": "Results", "type": "[]AlterScramUsersResult", "versions": "0+",
      "about": "The results for removals, followed by the results for alterations.", "fields": [
        { "name": "ErrorCode", "type": "int8", "versions": "0+",
          "about": "The error code." },

A removal or alteration will return INVALID_REQUEST if an empty user name is passed, or an invalid number of iterations, or a duplicate user name.  Note that if the number of iterations is set to -1, the server-side default will be used.

A removal will return a new error code, RESOURCE_NOT_FOUND, if it was instructed to delete a user, but that user was not found.

The RPC will require ALTER on CLUSTER.  It will return CLUSTER_AUTHORIZATION_FAILED if the user has insufficient permissions.  It will be will be sent to the controller, and will return NOT_CONTROLLER if the receiving broker is not the controller.

DeleteScramUsers

deleteScramusers will delete SCRAM users.

Deletions are done by user name.

Code Block
public class ScramUserDeletion {
    private final String user;
}

public class DeleteScramUsersOptions extends AbstractOptions<AlterScramUsersOptions> {}

default DeleteScramUsersResult deleteScramUsers(List<ScramUserDeletion> deletions) {
    return deleteScramUsers(deletions, new DeleteScramUsersOptions());
}

DeleteScramUsersResult deleteScramUsers(List<ScramUserDeletion> deletions,
          { "name": "ErrorString", "type": "string", "versions": "0+", "nullableVersions": "0+",
             "about": "The error message, if any." }
    ]} DeleteScramUsersOptions options);

public class ]DeleteScramUsersResult {
    public KafkaFuture<Void> 
}

A removal or alteration will return INVALID_REQUEST if an empty user name is passed, or an invalid number of iterations, or a duplicate user name.  Note that if the number of iterations is set to -1, the server-side default will be used.

A removal will return a new error code, RESOURCE_NOT_FOUND, if it was instructed to delete a user, but that user was not found.

...

all();
    public Map<String, KafkaFuture<Void>> results();
}

The DeleteScramUsersRequest and DeleteScramUsersResponse implement the new API.

Code Block
languagejava
{ 
  "apiKey": 52, 
  "type": "response",
  "name": "DeleteScramUsersRequest",
  "validVersions": "0", 
  "flexibleVersions": "0+", 
  "fields": [ 
    { "name": "Deletions", "type": "[]ScramUserDeletion", "versions": "0+",
      "about": "The SCRAM users to remove.", "fields": [
        { "name": "Name", "type": "string", "versions": "0+",
          "about": "The user name." }
      ]}
    ]}  
  ]       
}   

{ 
  "apiKey": 52, 
  "type": "response",
  "name": "DeleteScramUsersResponse",
  "validVersions": "0", 
  "flexibleVersions": "0+", 
  "fields": [ 
    { "name": "Results", "type": "[]RemoveScramUsersResult", "versions": "0+",
      "about": "The results for removals, in the same order as the request", "fields": [
        { "name": "ErrorCode", "type": "int8", "versions": "0+",
          "about": "The error code." },
        { "name": "ErrorString", "type": "string", "versions": "0+", "nullableVersions": "0+",
          "about": "The error message, if any." }
    ]}  
  ]       
}

Command-Line Changes

We will extend the kafka-configs.sh command to so that it is possible to set a SCRAM configuration without using --zookeeper.  The command-line syntax will be unchanged, except for the fact that users will now be able to pass --bootstrap-server instead of --zookeeper.

...