THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Current state: ["DISCUSSION"].
Discussion thread: here
JIRA: KAFKA-1696
Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).
...
In case of a password compromise scenario all the tokens can be deleted from zookeeper and this will result in all the tokens to be invalidated. We can provide a simple CLI tool for this.
Secret rotation
The current approach requires a deployment when the secret needs to be rotated. If we want to make it automated and more frequent we can offload the responsibility of secret generation to controller.
Command line tool
We will provide a CLI to acquire delegation tokens, renew tokens and to invalidate/expire tokens.
...
- Let each broker generate a Random secret on each acquisition request and use this secret to generate the hmac. Broker will store the hmac in zookeeper. However as zkClient does not support SSL the hmac will be on wire unencrypted which is not safe.
- Use controller instead of zookeeper as the central location where tokens are generated,renewed and distributed from. You can review the discussion and pro/con here.
- Use controller to generate and rotate secret and distribute it to all brokers. Brokers will generate hmac based on *current* secret. The advantage is secret rotation can be more frequent and automated. The disadvantage is added complexity as new controller level APIs need to be created and brokers needs to keep a list of valid secrets till max( max life time of all tokens).