THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
| Table of Contents |
|---|
This page is meant as a template for writing a KIP. To create a KIP choose Tools->Copy on this page and modify with your content and replace the heading with the next KIP number and a description of your issue. Replace anything in italics with your own description.
Status
Current state: [One of "Under Discussion", "Accepted", "Rejected"]
Discussion thread: here [Change the link from the KIP proposal email archive to your own email thread]
JIRA:here [Change the link from KAFKA-6447 1 to your own ticket]
Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).
Motivation
KIP-48 added support for delegation token based authentication mechanism. KIP-48/KAFKA-4541 implemented protocol request and response for delegation token operations.
This KIP is about adding these delegation token operations to the new Admin Client APIDescribe the problems you are trying to solve.
Public Interfaces
Briefly list any new interfaces that will be introduced as part of this proposal or any existing interfaces that will be removed or changed. The purpose of this section is to concisely call out the public contract that will come along with this feature.
A public interface is any change to the following:
Binary log format
The network protocol and api behavior
Any class in the public packages under clientsConfiguration, especially client configuration
org/apache/kafka/common/serialization
org/apache/kafka/common
org/apache/kafka/common/errors
org/apache/kafka/clients/producer
org/apache/kafka/clients/consumer (eventually, once stable)
Monitoring
Command line tools and arguments
- Anything else that will likely break existing users in some way when they upgrade
Proposed Changes
Describe the new thing you want to do in appropriate detail. This may be fairly extensive and have large subsections of its own. Or it may be a few sentences. Use judgement based on the scope of the change.
Compatibility, Deprecation, and Migration Plan
- What impact (if any) will there be on existing users?
- If we are changing behavior how will we phase out the older behavior?
- If we need special migration tools, describe them here.
- When will we remove the existing behavior?
Rejected Alternatives
The AdminClient API will have the following new methods added
| Code Block |
|---|
AdminClient {
//create delegation token with default options
public CreateDelegationTokenResult createDelegationToken()
//create delegation token with supplied options
public abstract CreateDelegationTokenResult createDelegationToken(CreateDelegationTokenOptions options)
//renew delegation token with default options
public RenewDelegationTokenResult renewDelegationToken(byte[] hmac)
//renew delegation token token with supplied options
public abstract RenewDelegationTokenResult renewDelegationToken(byte[] hmac, RenewDelegationTokenOptions options);
//expire delegation token immediately
public ExpireDelegationTokenResult expireDelegationToken(byte[] hmac)
//expire delegation token with supplied options
public abstract ExpireDelegationTokenResult expireDelegationToken(byte[] hmac, ExpireDelegationTokenOptions options);
//returns all the user owned tokens and other tokens where user have Describe permission
public DescribeDelegationTokenResult describeDelegationToken()
//returns all the tokens for the given options
public abstract DescribeDelegationTokenResult describeDelegationToken(DescribeDelegationTokenOptions options);
} |
CreateDelegationTokenResult's future objects can return the following exceptions:| Code Block |
|---|
DELEGATION_TOKEN_REQUEST_NOT_ALLOWED,
INVALID_PRINCIPAL_TYPE
DELEGATION_TOKEN_AUTH_DISABLED |
RenewDelegationTokenResult and ExpireDelegationTokenResult's future objects can the throw the follwoing exceptions:
| Code Block |
|---|
DELEGATION_TOKEN_REQUEST_NOT_ALLOWED,
DELEGATION_TOKEN_AUTH_DISABLED
DELEGATION_TOKEN_OWNER_MISMATCH
DELEGATION_TOKEN_EXPIRED
DELEGATION_TOKEN_NOT_FOUND |
DescribeDelegationTokenResult's future object can the throw the follwoing exceptions:
| Code Block |
|---|
DELEGATION_TOKEN_REQUEST_NOT_ALLOWED,
DELEGATION_TOKEN_AUTH_DISABLED |
Proposed Changes
The following classes will be added. CreateDelegationTokenResult, CreateDelegationTokenOptionsRenewDelegationTokenResult, RenewDelegationTokenOptionsExpireDelegationTokenResult, ExpireDelegationTokenOptionsDescribeDelegationTokenResult, DescribeDelegationTokenOptions
| Code Block |
|---|
public class CreateDelegationTokenResult {
private final KafkaFuture<DelegationToken> delegationToken;
CreateDelegationTokenResult(KafkaFuture<DelegationToken> delegationToken) {
this.delegationToken = delegationToken;
}
/**
* Returns a future which yields a delegation token
*/
public KafkaFuture<DelegationToken> delegationToken() {
return delegationToken;
}
}
public class CreateDelegationTokenOptions extends AbstractOptions<CreateDelegationTokenOptions> {
// default value is -1, This will default the token maxLifeTime to server side config value (delegation.token.max.lifetime.ms).
private long maxLifeTimeMs = -1;
private List<KafkaPrincipal> renewers = new LinkedList<>();
public CreateDelegationTokenOptions renewers(List<KafkaPrincipal> renewers) {
this.renewers = renewers;
return this;
}
public List<KafkaPrincipal> renewers() {
return renewers;
}
public CreateDelegationTokenOptions maxlifeTimeMs(long maxLifeTimeMs) {
this.maxLifeTimeMs = maxLifeTimeMs;
return this;
}
public long maxlifeTimeMs() {
return maxLifeTimeMs;
}
}
public class RenewDelegationTokenResult {
private final KafkaFuture<Long> expiryTimestamp;
RenewDelegationTokenResult(KafkaFuture<Long> expiryTimestamp) {
this.expiryTimestamp = expiryTimestamp;
}
/**
* Returns a future which yields expiry timestamp
*/
public KafkaFuture<Long> expiryTimestamp() {
return expiryTimestamp;
}
}
public class RenewDelegationTokenOptions extends AbstractOptions<RenewDelegationTokenOptions> {
// default value is -1. This will default the Renew Time period to a server side config value (delegation.token.expiry.time.ms).
private long renewTimePeriodMs = -1;
public RenewDelegationTokenOptions renewTimePeriodMs(long renewTimePeriodMs) {
this.renewTimePeriodMs = renewTimePeriodMs;
return this;
}
public long renewTimePeriodMs() {
return renewTimePeriodMs;
}
}
public class ExpireDelegationTokenResult {
private final KafkaFuture<Long> expiryTimestamp;
ExpireDelegationTokenResult(KafkaFuture<Long> expiryTimestamp) {
this.expiryTimestamp = expiryTimestamp;
}
/**
* Returns a future which yields expiry timestamp
*/
public KafkaFuture<Long> expiryTimestamp() {
return expiryTimestamp;
}
}
public class ExpireDelegationTokenOptions extends AbstractOptions<ExpireDelegationTokenOptions> {
//default value is -1. This token will get invalidated immediately
private long expiryTimePeriodMs = -1;
public ExpireDelegationTokenOptions expiryTimePeriodMs(long expiryTimePeriodMs) {
this.expiryTimePeriodMs = expiryTimePeriodMs;
return this;
}
public long expiryTimePeriodMs() {
return expiryTimePeriodMs;
}
}
public class DescribeDelegationTokenResult {
private final KafkaFuture<List<DelegationToken>> delegationTokens;
DescribeDelegationTokenResult(KafkaFuture<List<DelegationToken>> delegationTokens) {
this.delegationTokens = delegationTokens;
}
/**
* Returns a future which yields list of delegation tokens
*/
public KafkaFuture<List<DelegationToken>> delegationTokens() {
return delegationTokens;
}
}
public class DescribeDelegationTokenOptions extends AbstractOptions<DescribeDelegationTokenOptions> {
//default null vaule indicates to return all the allowed tokens
private List<KafkaPrincipal> owners;
public DescribeDelegationTokenOptions owners(List<KafkaPrincipal> owners) {
this.owners = owners;
return this;
}
public List<KafkaPrincipal> owners() {
return owners;
}
|
Compatibility, Deprecation, and Migration Plan
This is a new API and won't affect existing users.
Rejected Alternatives
If there are alternative ways of accomplishing the same thing, what were they? The purpose of this section is to motivate why the design is the way it is and not some other way.