...
getDelegationToken(request: DelegationTokenRequestCreateDelegationTokenRequest): CreateDelegationTokenResponse
class DelegationTokenRequestCreateDelegationTokenRequest(renewer: Set[KafkaPrincipal] = Set.empty, maxLifeTime: long = -1)
class DelegationTokenResponseCreateDelegationTokenResponse(expiryTimeMillisissueTimeMillis: long, renewer: Set[KafkaPrincipal], maxLifeTimeexpiryTimeMillis: long, maxLifeTime: long, tokenId: String, hmac: byte[])
renewDelegationToken(request: RenewDelegationTokenRequest): RenewRenewDelegationTokenResponse
class RenewDelegationTokenRequest(hmac: byte[], expiryTimeMillis: long)
expireToken(request: ExpireTokenRequestExpireDelegationTokenRequest): ExpireTokenResponseExpireDelegationTokenResponse
class ExpireTokenRequestExpireDelegationTokenRequest(hmac: byte[], expireAt: long = Systemtime.currentTimeMillis)
describeToken(request: DescribeTokenRequestDescribeDelegationTokenRequest): DescribeTokenRespopnseDescribeDelegationTokenResponse
class DescribeDescribeDelegationTokenRequest(owner: Set[KafkaPrincipal] )
...
DelegationTokenRequest
Code Block |
---|
DelegationTokenRequestCreateDelegationTokenRequest => [Renewer] MaxDateMs Renewer => string MaxDateMs => INT64 |
...
DelegationTokenResponse
Code Block |
---|
DelegationTokenResponseCreateDelegationTokenResponse => ErrorCode TokenDetails ErrorCode => INT16 TokenDetails => IssueDateMs ExpiryDateMs TokenId HMAC IssueDateMs => INT64 ExpiryDateMs => INT64 TokenId => String HMAC => bytes |
...
ExpireTokenRequest
Code Block |
---|
ExpireTokenRequestExpireDelegationTokenRequest => HMAC expiryDateMs HMAC => bytes ExpiryDateMs => INT64 |
...
ExpireTokenResponse
Code Block |
---|
ExpireTokenResponseExpireDelegationTokenResponse => ErrorCode ErroCode => INT32 ExpiryDateMs => INT64 |
...
DescribeTokenRequest
Code Block |
---|
DescribeTokenRequestDescribeDelegationTokenRequest => [Owner] Owner => String |
Field | Description |
---|---|
ErrorCode | |
Owner | Kakfa Principal which requested the delegation token. If the Owner list is null (i.e., length is -1), the response contains all the allowed tokens from all owners. If Owner list is empty, the response is empty list. |
DescribeTokenResponse
Code Block |
---|
DescribeTokenResponseDescribeDelegationTokenResponse => ErrorCode [TokenDetails] ErrorCode => INT16 TokenDetails => Owner IssueDateMs ExpiryDateMs TokenId HMAC [Renewer] Owner => String IssueDateMs => INT64 ExpiryDateMs => INT64 TokenId => String HMAC => bytes Renewer => String |
...
TokenDetails:
- Owner ID -- Username that this token will authenticate as
- Renewers ID -- designated renewers list
- Issue date -- timestamp (in msec) when this token was generated
- Expiry date -- timestamp (in msec) at which this token expires
- TokenID -- Sequence number to – UUID to ensure uniqueness
TokenAuthenticator(HMAC) := HMAC_SHA1(master key, TokenID)
Authentication Token := (TokenDetails, TokenAuthenticator(HMAC))
...