Versions Compared

Old Version 68

changes.mady.by.user Manikumar Reddy O.

Saved on

compared with

New Version 69

changes.mady.by.user Manikumar Reddy O.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Current state["DISCUSSION"]. 

Discussion thread: here

JIRA: KAFKA-1696 

Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).

...

Code Block
DelegationTokenRequest => [Renewer] MaxDateMaxDateMs
  Renewer => string
  MaxDateMaxDateMs => INT64

Field

Description

Renewer

Renewer is an Kafka Principal, which is allowed to renew this token before the max lifetime expires.  If Renewer list is empty, then Renewer will default to the owner (Principal which requested this token).

MaxDateMaxDateMs
Max lifetime for token in milli seconds. if value is -1, then MaxLifeTime will default to a server side config value.

...

Code Block
DelegationTokenResponse => ErrorCode TokenDetails
  ErrorCode => INT16
  TokenDetails => Owner IssueDateIssueDateMs ExpiryDateExpiryDateMs TokenId HMAC [Renewer]
    Owner => String
    IssueDateIssueDateMs  => INT64
    ExpiryDateExpiryDateMs => INT64
    TokenId => String 
    HMAC => bytes
    Renewer => String

Field

Description

Owner

Kakfa Principal which requested the delegation token

IssueDateIssueDateMs

timestamp (in msec) when this token was generated. Unit is milliseconds since beginning of the epoch (midnight Jan 1, 1970 (UTC)).

ExpiryDateExpiryDateMs

timestamp (in msec) at which this token expires. Unit is milliseconds since beginning of the epoch (midnight Jan 1, 1970 (UTC)).

TokenId

Sequence number/UUID to ensure uniqueness 

HMAC
Keyed-hash message authentication code
Renewer
Renewers list
Possible Error Codes
* AuthorizationExceptionDelegationTokenDisabledException
RenewDelegationTokenRequest
Code Block
RenewDelegationTokenRequest => HMAC  RenewPeriodMs
  HMAC => bytes

  RenewPeriodMs => INT64

Field

Description

HMAC

HMAC of the delegation token to be renewed

RenewPeriodMs
Renew Time period in milli seconds
 
RenewDelegationTokenResponse
Code Block
RenewDelegationTokenResponse => ErrorCode TokenDetails
   ErrorCode => INT32 
   TokenDetails => Owner IssueDateIssueDateMs ExpiryDateExpiryDateMs TokenId HMAC [Renewer]
     Owner => String
     IssueDateIssueDateMs  => INT64
   	 ExpiryDateExpiryDateMs => INT64
     TokenId => String 
   	 HMAC => bytes
     Renewer => String
Possible Error Codes
* AuthorizationExceptionDelegationTokenDisabledException
 
* TokenRenewerMismatchException

...

Code Block
ExpireTokenRequest => HMAC expiryDateexpiryDateMs
  HMAC => bytes
  expiryDateexpiryDateMs => INT64

Field

Description

HMAC

HMAC of the delegation token to be renewed

expiryDateexpiryDateMs
Token expiry timestamp. Unit is milliseconds since beginning of the epoch (midnight Jan 1, 1970 (UTC))

...

Code Block
ExpireTokenResponse => ErrorCode
  ErroCode => INT32
Possible Error Codes
* AuthorizationException
InvalidateTokenRequest
Code Block
InvalidateTokenRequest => HMAC 
  HMAC => bytes

...

DelegationTokenDisabledException
* TokenRenewerMismatchException
* TokenNotFoundException 
Code Block
InvalidateTokenResponse => ErrorCode
  ErroCode => INT32
Possible Error Codes
* AuthorizationException
Configuration options

The following options will be added to KafkaConfig.java and can be configured as properties for Kafka server:

...