...
Current state: ["DISCUSSION"].
Discussion thread: here
JIRA: KAFKA-1696
Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).
...
Field | Description |
---|---|
Renewer | Renewer is an Kafka Principal, which is allowed to renew this token before the max lifetime expires. If Renewer list is empty, then Renewer will default to the owner (Principal which requested this token). |
MaxLifeTime | Max lifetime for token in milli seconds. if value is -1, then MaxLifeTime will default to a server side config value.MaxLifeTimeStamp = Token Issue TimeStamp + MaxLifeTime |
DelegationTokenResponse
Code Block |
---|
DelegationTokenResponse => ErrorCode TokenDetails ErrorCode => INT16 TokenDetails => Owner ExpiryTimeStamp MaxLifeTimeStamp TokenId HMAC [Renewer] Owner => String ExpiryTimeStamp => INT64 MaxLifeTimeStamp => INT64 TokenId => String HMAC => bytes Renewer => String |
...
Possible Error Codes
* AuthorizationException
Code Block |
---|
RenewDelegationTokenRequest => HMAC ExpiryTime HMAC => bytes ExpiryTime => INT64 |
Field | Description |
---|---|
HMAC | HMAC of the delegation token to be renewed |
ExpiryTime | Token Expiry time in milli seconds to future date. |
Code Block |
---|
RenewDelegationTokenResponse => ErrorCode ErrorCode => INT32 |
Possible Error Codes
* AuthorizationException
* TokenExpiredException
* TokenRenewerMismatchException
* TokenNotFoundException
ExpireTokenRequest
Code Block |
---|
ExpireTokenRequest => HMAC HMAC => bytes |
ExpireTokenResponse
ExpireTokenResponse
Code Block |
---|
ExpireTokenResponse => ErrorCode ErroCode => INT32 |
Possible Error Codes
* AuthorizationException
Configuration options
The following options will be added to KafkaConfig.java
and can be configured as properties for Kafka server:
delegation.token.max.lifetime.sec : The token has a maximum lifetime beyond which it cannot be renewed any more. Default value 7 days.
delegation.token.expiry.time.sec : The token validity time in seconds before the token needs to be renewed. Default value 1 day.
delegation.token.master.key : Secret/masterKey to generate and verify delegation tokens. This masterKey needs to be configured with all the brokers.
...