THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Field | Description |
---|---|
Renewer | Renewer is an Kafka Principal, which is allowed to renew this token before the max lifetime expires. If Renewer list is empty, then Renewer will default to the owner (Principal which requested this token). |
MaxLifeTime | Max lifetime for token in milli seconds. if value is -1, then MaxLifeTime will default to a server side config value.MaxLifeTimeStamp = Token Issue TimeStamp + MaxLifeTime |
DelegationTokenResponse
Code Block |
---|
DelegationTokenResponse => ErrorCode TokenDetails ErrorCode => INT16 TokenDetails => Owner ExpiryTimeStamp MaxLifeTimeStamp TokenId HMAC [Renewer] Owner => String ExpiryTimeStamp => INT64 MaxLifeTimeStamp => INT64 TokenId => String HMAC => bytes Renewer => String |
...
Possible Error Codes
* AuthorizationException
RenewDelegationTokenRequest
Code Block |
---|
RenewDelegationTokenRequest => HMAC ExpiryTime HMAC => bytes ExpiryTime => INT64 |
Field | Description |
---|---|
HMAC | HMAC of the delegation token to be renewed |
ExpiryTime | Token Expiry time in milli seconds to future date. |
RenewDelegationTokenResponse
Code Block |
---|
RenewDelegationTokenResponse => ErrorCode ErrorCode => INT32 |
Possible Error Codes
* AuthorizationException
* TokenExpiredException
* TokenRenewerMismatchException
* TokenNotFoundException
ExpireTokenRequest
Code Block |
---|
ExpireTokenRequest => HMAC HMAC => bytes |
ExpireTokenResponse
ExpireTokenResponse
Code Block |
---|
ExpireTokenResponse => ErrorCode ErroCode => INT32 |
Possible Error Codes
* AuthorizationException
Configuration options
The following options will be added to KafkaConfig.java
and can be configured as properties for Kafka server:
delegation.token.max.lifetime.sec : The token has a maximum lifetime beyond which it cannot be renewed any more. Default value 7 days.
delegation.token.expiry.time.sec : The token validity time in seconds before the token needs to be renewed. Default value 1 day.
delegation.token.master.key : Secret/masterKey to generate and verify delegation tokens. This masterKey needs to be configured with all the brokers.
...