You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "fvaleri (via GitHub)" <gi...@apache.org> on 2023/02/02 15:36:00 UTC
[GitHub] [kafka] fvaleri commented on a diff in pull request #13172: KAFKA-14590: Move DelegationTokenCommand to tools
fvaleri commented on code in PR #13172:
URL: https://github.com/apache/kafka/pull/13172#discussion_r1094601295
##########
tools/src/main/java/org/apache/kafka/tools/DelegationTokenCommand.java:
##########
@@ -0,0 +1,306 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kafka.tools;
+
+import java.io.IOException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Properties;
+import java.util.concurrent.ExecutionException;
+import joptsimple.AbstractOptionSpec;
+import joptsimple.ArgumentAcceptingOptionSpec;
+import joptsimple.OptionSpec;
+import org.apache.kafka.clients.admin.Admin;
+import org.apache.kafka.clients.admin.CreateDelegationTokenOptions;
+import org.apache.kafka.clients.admin.CreateDelegationTokenResult;
+import org.apache.kafka.clients.admin.DescribeDelegationTokenOptions;
+import org.apache.kafka.clients.admin.DescribeDelegationTokenResult;
+import org.apache.kafka.clients.admin.ExpireDelegationTokenOptions;
+import org.apache.kafka.clients.admin.ExpireDelegationTokenResult;
+import org.apache.kafka.clients.admin.RenewDelegationTokenOptions;
+import org.apache.kafka.clients.admin.RenewDelegationTokenResult;
+import org.apache.kafka.common.security.auth.KafkaPrincipal;
+import org.apache.kafka.common.security.token.delegation.DelegationToken;
+import org.apache.kafka.common.security.token.delegation.TokenInformation;
+import org.apache.kafka.common.utils.Exit;
+import org.apache.kafka.common.utils.SecurityUtils;
+import org.apache.kafka.common.utils.Utils;
+import org.apache.kafka.server.util.CommandDefaultOptions;
+import org.apache.kafka.server.util.CommandLineUtils;
+
+public class DelegationTokenCommand {
+ public static void main(String... args) {
+ Exit.exit(mainNoExit(args));
+ }
+
+ static int mainNoExit(String... args) {
+ try {
+ execute(args);
+ return 0;
+ } catch (TerseException e) {
+ System.err.println(e.getMessage());
+ return 1;
+ } catch (Throwable e) {
+ System.err.println("Error while executing delegation token command : " + e.getMessage());
Review Comment:
I think we should only print the error message, because we know which command we are executing and there is a stack trace which follows.
##########
tools/src/main/java/org/apache/kafka/tools/DelegationTokenCommand.java:
##########
@@ -0,0 +1,306 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kafka.tools;
+
+import java.io.IOException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Properties;
+import java.util.concurrent.ExecutionException;
+import joptsimple.AbstractOptionSpec;
+import joptsimple.ArgumentAcceptingOptionSpec;
+import joptsimple.OptionSpec;
+import org.apache.kafka.clients.admin.Admin;
+import org.apache.kafka.clients.admin.CreateDelegationTokenOptions;
+import org.apache.kafka.clients.admin.CreateDelegationTokenResult;
+import org.apache.kafka.clients.admin.DescribeDelegationTokenOptions;
+import org.apache.kafka.clients.admin.DescribeDelegationTokenResult;
+import org.apache.kafka.clients.admin.ExpireDelegationTokenOptions;
+import org.apache.kafka.clients.admin.ExpireDelegationTokenResult;
+import org.apache.kafka.clients.admin.RenewDelegationTokenOptions;
+import org.apache.kafka.clients.admin.RenewDelegationTokenResult;
+import org.apache.kafka.common.security.auth.KafkaPrincipal;
+import org.apache.kafka.common.security.token.delegation.DelegationToken;
+import org.apache.kafka.common.security.token.delegation.TokenInformation;
+import org.apache.kafka.common.utils.Exit;
+import org.apache.kafka.common.utils.SecurityUtils;
+import org.apache.kafka.common.utils.Utils;
+import org.apache.kafka.server.util.CommandDefaultOptions;
+import org.apache.kafka.server.util.CommandLineUtils;
+
+public class DelegationTokenCommand {
+ public static void main(String... args) {
+ Exit.exit(mainNoExit(args));
+ }
+
+ static int mainNoExit(String... args) {
+ try {
+ execute(args);
+ return 0;
+ } catch (TerseException e) {
+ System.err.println(e.getMessage());
+ return 1;
+ } catch (Throwable e) {
+ System.err.println("Error while executing delegation token command : " + e.getMessage());
+ System.err.println(Utils.stackTrace(e));
+ return 1;
+ }
+ }
+
+ static void execute(String... args) throws Exception {
+ Admin adminClient = null;
+ try {
+ DelegationTokenCommandOptions opts = new DelegationTokenCommandOptions(args);
+ CommandLineUtils.maybePrintHelpOrVersion(opts, "This tool helps to create, renew, expire, or describe delegation tokens.");
+
+ // should have exactly one action
+ int numberOfAction = 0;
Review Comment:
This block can be replaced by a one-liner and embedded in DelegationTokenCommandOptions.
```sh
int numberOfActions = Stream.of(opts.hasCreateOpt(), opts.hasRenewOpt(), opts.hasExpireOpt(), opts.hasDescribeOpt()).filter(b -> b).count();
```
##########
build.gradle:
##########
@@ -1763,6 +1763,7 @@ project(':tools') {
implementation libs.jacksonJDK8Datatypes
implementation libs.slf4jApi
implementation libs.log4j
+ implementation libs.joptSimple
Review Comment:
This change is already merged, so you can remove it and rebase.
##########
tools/src/main/java/org/apache/kafka/tools/DelegationTokenCommand.java:
##########
@@ -0,0 +1,306 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kafka.tools;
+
+import java.io.IOException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Properties;
+import java.util.concurrent.ExecutionException;
+import joptsimple.AbstractOptionSpec;
+import joptsimple.ArgumentAcceptingOptionSpec;
+import joptsimple.OptionSpec;
+import org.apache.kafka.clients.admin.Admin;
+import org.apache.kafka.clients.admin.CreateDelegationTokenOptions;
+import org.apache.kafka.clients.admin.CreateDelegationTokenResult;
+import org.apache.kafka.clients.admin.DescribeDelegationTokenOptions;
+import org.apache.kafka.clients.admin.DescribeDelegationTokenResult;
+import org.apache.kafka.clients.admin.ExpireDelegationTokenOptions;
+import org.apache.kafka.clients.admin.ExpireDelegationTokenResult;
+import org.apache.kafka.clients.admin.RenewDelegationTokenOptions;
+import org.apache.kafka.clients.admin.RenewDelegationTokenResult;
+import org.apache.kafka.common.security.auth.KafkaPrincipal;
+import org.apache.kafka.common.security.token.delegation.DelegationToken;
+import org.apache.kafka.common.security.token.delegation.TokenInformation;
+import org.apache.kafka.common.utils.Exit;
+import org.apache.kafka.common.utils.SecurityUtils;
+import org.apache.kafka.common.utils.Utils;
+import org.apache.kafka.server.util.CommandDefaultOptions;
+import org.apache.kafka.server.util.CommandLineUtils;
+
+public class DelegationTokenCommand {
+ public static void main(String... args) {
+ Exit.exit(mainNoExit(args));
+ }
+
+ static int mainNoExit(String... args) {
+ try {
+ execute(args);
+ return 0;
+ } catch (TerseException e) {
+ System.err.println(e.getMessage());
+ return 1;
+ } catch (Throwable e) {
+ System.err.println("Error while executing delegation token command : " + e.getMessage());
+ System.err.println(Utils.stackTrace(e));
+ return 1;
+ }
+ }
+
+ static void execute(String... args) throws Exception {
+ Admin adminClient = null;
+ try {
+ DelegationTokenCommandOptions opts = new DelegationTokenCommandOptions(args);
+ CommandLineUtils.maybePrintHelpOrVersion(opts, "This tool helps to create, renew, expire, or describe delegation tokens.");
+
+ // should have exactly one action
+ int numberOfAction = 0;
+ for (Boolean opt : new Boolean[]{opts.hasCreateOpt(), opts.hasRenewOpt(), opts.hasExpireOpt(), opts.hasDescribeOpt()}) {
+ if (opt) {
+ numberOfAction++;
+ }
+ }
+ if (numberOfAction != 1) {
+ CommandLineUtils.printUsageAndExit(opts.parser, "Command must include exactly one action: --create, --renew, --expire or --describe");
+ }
+
+ opts.checkArgs();
+
+ adminClient = createAdminClient(opts);
Review Comment:
The Admin interface extends AutoClosable, so we can use try-with-resources.
##########
tools/src/main/java/org/apache/kafka/tools/DelegationTokenCommand.java:
##########
@@ -0,0 +1,306 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kafka.tools;
+
+import java.io.IOException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Properties;
+import java.util.concurrent.ExecutionException;
+import joptsimple.AbstractOptionSpec;
+import joptsimple.ArgumentAcceptingOptionSpec;
+import joptsimple.OptionSpec;
+import org.apache.kafka.clients.admin.Admin;
+import org.apache.kafka.clients.admin.CreateDelegationTokenOptions;
+import org.apache.kafka.clients.admin.CreateDelegationTokenResult;
+import org.apache.kafka.clients.admin.DescribeDelegationTokenOptions;
+import org.apache.kafka.clients.admin.DescribeDelegationTokenResult;
+import org.apache.kafka.clients.admin.ExpireDelegationTokenOptions;
+import org.apache.kafka.clients.admin.ExpireDelegationTokenResult;
+import org.apache.kafka.clients.admin.RenewDelegationTokenOptions;
+import org.apache.kafka.clients.admin.RenewDelegationTokenResult;
+import org.apache.kafka.common.security.auth.KafkaPrincipal;
+import org.apache.kafka.common.security.token.delegation.DelegationToken;
+import org.apache.kafka.common.security.token.delegation.TokenInformation;
+import org.apache.kafka.common.utils.Exit;
+import org.apache.kafka.common.utils.SecurityUtils;
+import org.apache.kafka.common.utils.Utils;
+import org.apache.kafka.server.util.CommandDefaultOptions;
+import org.apache.kafka.server.util.CommandLineUtils;
+
+public class DelegationTokenCommand {
+ public static void main(String... args) {
+ Exit.exit(mainNoExit(args));
+ }
+
+ static int mainNoExit(String... args) {
+ try {
+ execute(args);
+ return 0;
+ } catch (TerseException e) {
+ System.err.println(e.getMessage());
+ return 1;
+ } catch (Throwable e) {
+ System.err.println("Error while executing delegation token command : " + e.getMessage());
+ System.err.println(Utils.stackTrace(e));
+ return 1;
+ }
+ }
+
+ static void execute(String... args) throws Exception {
+ Admin adminClient = null;
+ try {
+ DelegationTokenCommandOptions opts = new DelegationTokenCommandOptions(args);
+ CommandLineUtils.maybePrintHelpOrVersion(opts, "This tool helps to create, renew, expire, or describe delegation tokens.");
+
+ // should have exactly one action
+ int numberOfAction = 0;
+ for (Boolean opt : new Boolean[]{opts.hasCreateOpt(), opts.hasRenewOpt(), opts.hasExpireOpt(), opts.hasDescribeOpt()}) {
+ if (opt) {
+ numberOfAction++;
+ }
+ }
+ if (numberOfAction != 1) {
+ CommandLineUtils.printUsageAndExit(opts.parser, "Command must include exactly one action: --create, --renew, --expire or --describe");
+ }
+
+ opts.checkArgs();
+
+ adminClient = createAdminClient(opts);
+
+ if (opts.hasCreateOpt()) {
+ createToken(adminClient, opts);
+ } else if (opts.hasRenewOpt()) {
+ renewToken(adminClient, opts);
+ } else if (opts.hasExpireOpt()) {
+ expireToken(adminClient, opts);
+ } else if (opts.hasDescribeOpt()) {
+ describeToken(adminClient, opts);
+ }
+
+ } finally {
+ if (adminClient != null)
+ adminClient.close();
+ }
+ }
+
+ public static DelegationToken createToken(Admin adminClient, DelegationTokenCommandOptions opts) throws ExecutionException, InterruptedException {
+ List<KafkaPrincipal> renewerPrincipals = getPrincipals(opts, opts.renewPrincipalsOpt);
+ Long maxLifeTimeMs = opts.options.valueOf(opts.maxLifeTimeOpt);
Review Comment:
I would embed all `opts.options...` in DelegationTokenCommandOptions.
##########
tools/src/main/java/org/apache/kafka/tools/DelegationTokenCommand.java:
##########
@@ -0,0 +1,306 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kafka.tools;
+
+import java.io.IOException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Properties;
+import java.util.concurrent.ExecutionException;
+import joptsimple.AbstractOptionSpec;
+import joptsimple.ArgumentAcceptingOptionSpec;
+import joptsimple.OptionSpec;
+import org.apache.kafka.clients.admin.Admin;
+import org.apache.kafka.clients.admin.CreateDelegationTokenOptions;
+import org.apache.kafka.clients.admin.CreateDelegationTokenResult;
+import org.apache.kafka.clients.admin.DescribeDelegationTokenOptions;
+import org.apache.kafka.clients.admin.DescribeDelegationTokenResult;
+import org.apache.kafka.clients.admin.ExpireDelegationTokenOptions;
+import org.apache.kafka.clients.admin.ExpireDelegationTokenResult;
+import org.apache.kafka.clients.admin.RenewDelegationTokenOptions;
+import org.apache.kafka.clients.admin.RenewDelegationTokenResult;
+import org.apache.kafka.common.security.auth.KafkaPrincipal;
+import org.apache.kafka.common.security.token.delegation.DelegationToken;
+import org.apache.kafka.common.security.token.delegation.TokenInformation;
+import org.apache.kafka.common.utils.Exit;
+import org.apache.kafka.common.utils.SecurityUtils;
+import org.apache.kafka.common.utils.Utils;
+import org.apache.kafka.server.util.CommandDefaultOptions;
+import org.apache.kafka.server.util.CommandLineUtils;
+
+public class DelegationTokenCommand {
+ public static void main(String... args) {
+ Exit.exit(mainNoExit(args));
+ }
+
+ static int mainNoExit(String... args) {
+ try {
+ execute(args);
+ return 0;
+ } catch (TerseException e) {
+ System.err.println(e.getMessage());
+ return 1;
+ } catch (Throwable e) {
+ System.err.println("Error while executing delegation token command : " + e.getMessage());
+ System.err.println(Utils.stackTrace(e));
+ return 1;
+ }
+ }
+
+ static void execute(String... args) throws Exception {
+ Admin adminClient = null;
+ try {
+ DelegationTokenCommandOptions opts = new DelegationTokenCommandOptions(args);
+ CommandLineUtils.maybePrintHelpOrVersion(opts, "This tool helps to create, renew, expire, or describe delegation tokens.");
+
+ // should have exactly one action
+ int numberOfAction = 0;
+ for (Boolean opt : new Boolean[]{opts.hasCreateOpt(), opts.hasRenewOpt(), opts.hasExpireOpt(), opts.hasDescribeOpt()}) {
+ if (opt) {
+ numberOfAction++;
+ }
+ }
+ if (numberOfAction != 1) {
+ CommandLineUtils.printUsageAndExit(opts.parser, "Command must include exactly one action: --create, --renew, --expire or --describe");
+ }
+
+ opts.checkArgs();
+
+ adminClient = createAdminClient(opts);
+
+ if (opts.hasCreateOpt()) {
+ createToken(adminClient, opts);
+ } else if (opts.hasRenewOpt()) {
+ renewToken(adminClient, opts);
+ } else if (opts.hasExpireOpt()) {
+ expireToken(adminClient, opts);
+ } else if (opts.hasDescribeOpt()) {
+ describeToken(adminClient, opts);
+ }
+
+ } finally {
+ if (adminClient != null)
+ adminClient.close();
+ }
+ }
+
+ public static DelegationToken createToken(Admin adminClient, DelegationTokenCommandOptions opts) throws ExecutionException, InterruptedException {
+ List<KafkaPrincipal> renewerPrincipals = getPrincipals(opts, opts.renewPrincipalsOpt);
+ Long maxLifeTimeMs = opts.options.valueOf(opts.maxLifeTimeOpt);
+
+ System.out.println("Calling create token operation with renewers :" + renewerPrincipals + " , max-life-time-period :" + maxLifeTimeMs);
+ CreateDelegationTokenOptions createDelegationTokenOptions = new CreateDelegationTokenOptions().maxlifeTimeMs(maxLifeTimeMs).renewers(renewerPrincipals);
+
+ List<KafkaPrincipal> ownerPrincipals = getPrincipals(opts, opts.ownerPrincipalsOpt);
+ if (!ownerPrincipals.isEmpty()) {
+ createDelegationTokenOptions.owner(ownerPrincipals.get(0));
+ }
+
+ CreateDelegationTokenResult createResult = adminClient.createDelegationToken(createDelegationTokenOptions);
+ DelegationToken token = createResult.delegationToken().get();
+ System.out.println("Created delegation token with tokenId : " + token.tokenInfo().tokenId());
+ printToken(Collections.singletonList(token));
+
+ return token;
+ }
+
+ private static void printToken(List<DelegationToken> tokens) {
+ SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm");
+ System.out.printf("%n%-15s %-30s %-15s %-15s %-25s %-15s %-15s %-15s%n", "TOKENID", "HMAC", "OWNER", "REQUESTER", "RENEWERS", "ISSUEDATE", "EXPIRYDATE", "MAXDATE");
+
+ for (DelegationToken token : tokens) {
+ TokenInformation tokenInfo = token.tokenInfo();
+ System.out.printf("%n%-15s %-30s %-15s %-15s %-25s %-15s %-15s %-15s%n",
+ tokenInfo.tokenId(),
+ token.hmacAsBase64String(),
+ tokenInfo.owner(),
+ tokenInfo.tokenRequester(),
+ tokenInfo.renewersAsString(),
+ dateFormat.format(tokenInfo.issueTimestamp()),
+ dateFormat.format(tokenInfo.expiryTimestamp()),
+ dateFormat.format(tokenInfo.maxTimestamp()));
+ System.out.println();
+ }
+ }
+
+ private static List<KafkaPrincipal> getPrincipals(DelegationTokenCommandOptions opts, OptionSpec<String> principalOptionSpec) {
+ List<KafkaPrincipal> principals = new ArrayList<>();
+
+ if (opts.options.has(principalOptionSpec)) {
+ for (Object e : opts.options.valuesOf(principalOptionSpec))
+ principals.add(SecurityUtils.parseKafkaPrincipal(e.toString().trim()));
+ }
+ return principals;
+ }
+
+ public static Long renewToken(Admin adminClient, DelegationTokenCommandOptions opts) throws ExecutionException, InterruptedException {
+ String hmac = opts.options.valueOf(opts.hmacOpt);
+ Long renewTimePeriodMs = opts.options.valueOf(opts.renewTimePeriodOpt);
+
+ System.out.println("Calling renew token operation with hmac :" + hmac + " , renew-time-period :" + renewTimePeriodMs);
+ RenewDelegationTokenResult renewResult = adminClient.renewDelegationToken(Base64.getDecoder().decode(hmac), new RenewDelegationTokenOptions().renewTimePeriodMs(renewTimePeriodMs));
+ Long expiryTimeStamp = renewResult.expiryTimestamp().get();
+ SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm");
+ System.out.printf("Completed renew operation. New expiry date : %s", dateFormat.format(expiryTimeStamp));
+ return expiryTimeStamp;
+ }
+
+ public static void expireToken(Admin adminClient, DelegationTokenCommandOptions opts) throws ExecutionException, InterruptedException {
+ String hmac = opts.options.valueOf(opts.hmacOpt);
+ Long expiryTimePeriodMs = opts.options.valueOf(opts.expiryTimePeriodOpt);
+
+ System.out.println("Calling expire token operation with hmac :" + hmac + " , expire-time-period :" + expiryTimePeriodMs);
+ ExpireDelegationTokenResult renewResult = adminClient.expireDelegationToken(Base64.getDecoder().decode(hmac), new ExpireDelegationTokenOptions().expiryTimePeriodMs(expiryTimePeriodMs));
+ Long expiryTimeStamp = renewResult.expiryTimestamp().get();
+ SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm");
+ System.out.printf("Completed expire operation. New expiry date : %s", dateFormat.format(expiryTimeStamp));
+ }
+
+ public static List<DelegationToken> describeToken(Admin adminClient, DelegationTokenCommandOptions opts) throws ExecutionException, InterruptedException {
+ List<KafkaPrincipal> ownerPrincipals = getPrincipals(opts, opts.ownerPrincipalsOpt);
+
+ if (ownerPrincipals.isEmpty()) {
+ System.out.println("Calling describe token operation for current user.");
+ } else {
+ System.out.println("Calling describe token operation for owners :" + ownerPrincipals);
+ }
+
+ DescribeDelegationTokenResult describeResult = adminClient.describeDelegationToken(new DescribeDelegationTokenOptions().owners(ownerPrincipals));
+ List<DelegationToken> tokens = describeResult.delegationTokens().get();
+ System.out.printf("Total number of tokens : %d", tokens.size());
+ printToken(tokens);
+ return tokens;
+ }
+
+ private static Admin createAdminClient(DelegationTokenCommandOptions opts) throws IOException {
+ Properties props = Utils.loadProps(opts.options.valueOf(opts.commandConfigOpt));
+ props.put("bootstrap.servers", opts.options.valueOf(opts.bootstrapServerOpt));
+ return Admin.create(props);
+ }
+
+ static class DelegationTokenCommandOptions extends CommandDefaultOptions {
+ public final ArgumentAcceptingOptionSpec<String> bootstrapServerOpt;
Review Comment:
Unless required, I would suggest to always use OptionSpec interface.
##########
tools/src/main/java/org/apache/kafka/tools/DelegationTokenCommand.java:
##########
@@ -0,0 +1,306 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kafka.tools;
+
+import java.io.IOException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Properties;
+import java.util.concurrent.ExecutionException;
+import joptsimple.AbstractOptionSpec;
+import joptsimple.ArgumentAcceptingOptionSpec;
+import joptsimple.OptionSpec;
+import org.apache.kafka.clients.admin.Admin;
+import org.apache.kafka.clients.admin.CreateDelegationTokenOptions;
+import org.apache.kafka.clients.admin.CreateDelegationTokenResult;
+import org.apache.kafka.clients.admin.DescribeDelegationTokenOptions;
+import org.apache.kafka.clients.admin.DescribeDelegationTokenResult;
+import org.apache.kafka.clients.admin.ExpireDelegationTokenOptions;
+import org.apache.kafka.clients.admin.ExpireDelegationTokenResult;
+import org.apache.kafka.clients.admin.RenewDelegationTokenOptions;
+import org.apache.kafka.clients.admin.RenewDelegationTokenResult;
+import org.apache.kafka.common.security.auth.KafkaPrincipal;
+import org.apache.kafka.common.security.token.delegation.DelegationToken;
+import org.apache.kafka.common.security.token.delegation.TokenInformation;
+import org.apache.kafka.common.utils.Exit;
+import org.apache.kafka.common.utils.SecurityUtils;
+import org.apache.kafka.common.utils.Utils;
+import org.apache.kafka.server.util.CommandDefaultOptions;
+import org.apache.kafka.server.util.CommandLineUtils;
+
+public class DelegationTokenCommand {
+ public static void main(String... args) {
+ Exit.exit(mainNoExit(args));
+ }
+
+ static int mainNoExit(String... args) {
+ try {
+ execute(args);
+ return 0;
+ } catch (TerseException e) {
+ System.err.println(e.getMessage());
+ return 1;
+ } catch (Throwable e) {
+ System.err.println("Error while executing delegation token command : " + e.getMessage());
+ System.err.println(Utils.stackTrace(e));
+ return 1;
+ }
+ }
+
+ static void execute(String... args) throws Exception {
+ Admin adminClient = null;
+ try {
+ DelegationTokenCommandOptions opts = new DelegationTokenCommandOptions(args);
+ CommandLineUtils.maybePrintHelpOrVersion(opts, "This tool helps to create, renew, expire, or describe delegation tokens.");
+
+ // should have exactly one action
+ int numberOfAction = 0;
+ for (Boolean opt : new Boolean[]{opts.hasCreateOpt(), opts.hasRenewOpt(), opts.hasExpireOpt(), opts.hasDescribeOpt()}) {
+ if (opt) {
+ numberOfAction++;
+ }
+ }
+ if (numberOfAction != 1) {
+ CommandLineUtils.printUsageAndExit(opts.parser, "Command must include exactly one action: --create, --renew, --expire or --describe");
+ }
+
+ opts.checkArgs();
+
+ adminClient = createAdminClient(opts);
+
+ if (opts.hasCreateOpt()) {
+ createToken(adminClient, opts);
+ } else if (opts.hasRenewOpt()) {
+ renewToken(adminClient, opts);
+ } else if (opts.hasExpireOpt()) {
+ expireToken(adminClient, opts);
+ } else if (opts.hasDescribeOpt()) {
+ describeToken(adminClient, opts);
+ }
+
+ } finally {
+ if (adminClient != null)
+ adminClient.close();
+ }
+ }
+
+ public static DelegationToken createToken(Admin adminClient, DelegationTokenCommandOptions opts) throws ExecutionException, InterruptedException {
+ List<KafkaPrincipal> renewerPrincipals = getPrincipals(opts, opts.renewPrincipalsOpt);
+ Long maxLifeTimeMs = opts.options.valueOf(opts.maxLifeTimeOpt);
+
+ System.out.println("Calling create token operation with renewers :" + renewerPrincipals + " , max-life-time-period :" + maxLifeTimeMs);
+ CreateDelegationTokenOptions createDelegationTokenOptions = new CreateDelegationTokenOptions().maxlifeTimeMs(maxLifeTimeMs).renewers(renewerPrincipals);
+
+ List<KafkaPrincipal> ownerPrincipals = getPrincipals(opts, opts.ownerPrincipalsOpt);
+ if (!ownerPrincipals.isEmpty()) {
+ createDelegationTokenOptions.owner(ownerPrincipals.get(0));
+ }
+
+ CreateDelegationTokenResult createResult = adminClient.createDelegationToken(createDelegationTokenOptions);
+ DelegationToken token = createResult.delegationToken().get();
+ System.out.println("Created delegation token with tokenId : " + token.tokenInfo().tokenId());
+ printToken(Collections.singletonList(token));
+
+ return token;
+ }
+
+ private static void printToken(List<DelegationToken> tokens) {
+ SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm");
+ System.out.printf("%n%-15s %-30s %-15s %-15s %-25s %-15s %-15s %-15s%n", "TOKENID", "HMAC", "OWNER", "REQUESTER", "RENEWERS", "ISSUEDATE", "EXPIRYDATE", "MAXDATE");
+
+ for (DelegationToken token : tokens) {
+ TokenInformation tokenInfo = token.tokenInfo();
+ System.out.printf("%n%-15s %-30s %-15s %-15s %-25s %-15s %-15s %-15s%n",
+ tokenInfo.tokenId(),
+ token.hmacAsBase64String(),
+ tokenInfo.owner(),
+ tokenInfo.tokenRequester(),
+ tokenInfo.renewersAsString(),
+ dateFormat.format(tokenInfo.issueTimestamp()),
+ dateFormat.format(tokenInfo.expiryTimestamp()),
+ dateFormat.format(tokenInfo.maxTimestamp()));
+ System.out.println();
Review Comment:
I think we don't need this one.
##########
tools/src/main/java/org/apache/kafka/tools/DelegationTokenCommand.java:
##########
@@ -0,0 +1,306 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kafka.tools;
+
+import java.io.IOException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Properties;
+import java.util.concurrent.ExecutionException;
+import joptsimple.AbstractOptionSpec;
+import joptsimple.ArgumentAcceptingOptionSpec;
+import joptsimple.OptionSpec;
+import org.apache.kafka.clients.admin.Admin;
+import org.apache.kafka.clients.admin.CreateDelegationTokenOptions;
+import org.apache.kafka.clients.admin.CreateDelegationTokenResult;
+import org.apache.kafka.clients.admin.DescribeDelegationTokenOptions;
+import org.apache.kafka.clients.admin.DescribeDelegationTokenResult;
+import org.apache.kafka.clients.admin.ExpireDelegationTokenOptions;
+import org.apache.kafka.clients.admin.ExpireDelegationTokenResult;
+import org.apache.kafka.clients.admin.RenewDelegationTokenOptions;
+import org.apache.kafka.clients.admin.RenewDelegationTokenResult;
+import org.apache.kafka.common.security.auth.KafkaPrincipal;
+import org.apache.kafka.common.security.token.delegation.DelegationToken;
+import org.apache.kafka.common.security.token.delegation.TokenInformation;
+import org.apache.kafka.common.utils.Exit;
+import org.apache.kafka.common.utils.SecurityUtils;
+import org.apache.kafka.common.utils.Utils;
+import org.apache.kafka.server.util.CommandDefaultOptions;
+import org.apache.kafka.server.util.CommandLineUtils;
+
+public class DelegationTokenCommand {
+ public static void main(String... args) {
+ Exit.exit(mainNoExit(args));
+ }
+
+ static int mainNoExit(String... args) {
+ try {
+ execute(args);
+ return 0;
+ } catch (TerseException e) {
+ System.err.println(e.getMessage());
+ return 1;
+ } catch (Throwable e) {
+ System.err.println("Error while executing delegation token command : " + e.getMessage());
+ System.err.println(Utils.stackTrace(e));
+ return 1;
+ }
+ }
+
+ static void execute(String... args) throws Exception {
+ Admin adminClient = null;
+ try {
+ DelegationTokenCommandOptions opts = new DelegationTokenCommandOptions(args);
+ CommandLineUtils.maybePrintHelpOrVersion(opts, "This tool helps to create, renew, expire, or describe delegation tokens.");
+
+ // should have exactly one action
+ int numberOfAction = 0;
+ for (Boolean opt : new Boolean[]{opts.hasCreateOpt(), opts.hasRenewOpt(), opts.hasExpireOpt(), opts.hasDescribeOpt()}) {
+ if (opt) {
+ numberOfAction++;
+ }
+ }
+ if (numberOfAction != 1) {
+ CommandLineUtils.printUsageAndExit(opts.parser, "Command must include exactly one action: --create, --renew, --expire or --describe");
+ }
+
+ opts.checkArgs();
+
+ adminClient = createAdminClient(opts);
+
+ if (opts.hasCreateOpt()) {
+ createToken(adminClient, opts);
+ } else if (opts.hasRenewOpt()) {
+ renewToken(adminClient, opts);
+ } else if (opts.hasExpireOpt()) {
+ expireToken(adminClient, opts);
+ } else if (opts.hasDescribeOpt()) {
+ describeToken(adminClient, opts);
+ }
+
+ } finally {
+ if (adminClient != null)
+ adminClient.close();
+ }
+ }
+
+ public static DelegationToken createToken(Admin adminClient, DelegationTokenCommandOptions opts) throws ExecutionException, InterruptedException {
+ List<KafkaPrincipal> renewerPrincipals = getPrincipals(opts, opts.renewPrincipalsOpt);
+ Long maxLifeTimeMs = opts.options.valueOf(opts.maxLifeTimeOpt);
+
+ System.out.println("Calling create token operation with renewers :" + renewerPrincipals + " , max-life-time-period :" + maxLifeTimeMs);
+ CreateDelegationTokenOptions createDelegationTokenOptions = new CreateDelegationTokenOptions().maxlifeTimeMs(maxLifeTimeMs).renewers(renewerPrincipals);
+
+ List<KafkaPrincipal> ownerPrincipals = getPrincipals(opts, opts.ownerPrincipalsOpt);
+ if (!ownerPrincipals.isEmpty()) {
+ createDelegationTokenOptions.owner(ownerPrincipals.get(0));
+ }
+
+ CreateDelegationTokenResult createResult = adminClient.createDelegationToken(createDelegationTokenOptions);
+ DelegationToken token = createResult.delegationToken().get();
+ System.out.println("Created delegation token with tokenId : " + token.tokenInfo().tokenId());
+ printToken(Collections.singletonList(token));
+
+ return token;
+ }
+
+ private static void printToken(List<DelegationToken> tokens) {
+ SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm");
+ System.out.printf("%n%-15s %-30s %-15s %-15s %-25s %-15s %-15s %-15s%n", "TOKENID", "HMAC", "OWNER", "REQUESTER", "RENEWERS", "ISSUEDATE", "EXPIRYDATE", "MAXDATE");
+
+ for (DelegationToken token : tokens) {
+ TokenInformation tokenInfo = token.tokenInfo();
+ System.out.printf("%n%-15s %-30s %-15s %-15s %-25s %-15s %-15s %-15s%n",
+ tokenInfo.tokenId(),
+ token.hmacAsBase64String(),
+ tokenInfo.owner(),
+ tokenInfo.tokenRequester(),
+ tokenInfo.renewersAsString(),
+ dateFormat.format(tokenInfo.issueTimestamp()),
+ dateFormat.format(tokenInfo.expiryTimestamp()),
+ dateFormat.format(tokenInfo.maxTimestamp()));
+ System.out.println();
+ }
+ }
+
+ private static List<KafkaPrincipal> getPrincipals(DelegationTokenCommandOptions opts, OptionSpec<String> principalOptionSpec) {
+ List<KafkaPrincipal> principals = new ArrayList<>();
+
+ if (opts.options.has(principalOptionSpec)) {
+ for (Object e : opts.options.valuesOf(principalOptionSpec))
+ principals.add(SecurityUtils.parseKafkaPrincipal(e.toString().trim()));
+ }
+ return principals;
+ }
+
+ public static Long renewToken(Admin adminClient, DelegationTokenCommandOptions opts) throws ExecutionException, InterruptedException {
+ String hmac = opts.options.valueOf(opts.hmacOpt);
+ Long renewTimePeriodMs = opts.options.valueOf(opts.renewTimePeriodOpt);
+
+ System.out.println("Calling renew token operation with hmac :" + hmac + " , renew-time-period :" + renewTimePeriodMs);
+ RenewDelegationTokenResult renewResult = adminClient.renewDelegationToken(Base64.getDecoder().decode(hmac), new RenewDelegationTokenOptions().renewTimePeriodMs(renewTimePeriodMs));
+ Long expiryTimeStamp = renewResult.expiryTimestamp().get();
+ SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm");
+ System.out.printf("Completed renew operation. New expiry date : %s", dateFormat.format(expiryTimeStamp));
+ return expiryTimeStamp;
+ }
+
+ public static void expireToken(Admin adminClient, DelegationTokenCommandOptions opts) throws ExecutionException, InterruptedException {
+ String hmac = opts.options.valueOf(opts.hmacOpt);
+ Long expiryTimePeriodMs = opts.options.valueOf(opts.expiryTimePeriodOpt);
+
+ System.out.println("Calling expire token operation with hmac :" + hmac + " , expire-time-period :" + expiryTimePeriodMs);
+ ExpireDelegationTokenResult renewResult = adminClient.expireDelegationToken(Base64.getDecoder().decode(hmac), new ExpireDelegationTokenOptions().expiryTimePeriodMs(expiryTimePeriodMs));
+ Long expiryTimeStamp = renewResult.expiryTimestamp().get();
+ SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm");
+ System.out.printf("Completed expire operation. New expiry date : %s", dateFormat.format(expiryTimeStamp));
+ }
+
+ public static List<DelegationToken> describeToken(Admin adminClient, DelegationTokenCommandOptions opts) throws ExecutionException, InterruptedException {
+ List<KafkaPrincipal> ownerPrincipals = getPrincipals(opts, opts.ownerPrincipalsOpt);
+
+ if (ownerPrincipals.isEmpty()) {
+ System.out.println("Calling describe token operation for current user.");
+ } else {
+ System.out.println("Calling describe token operation for owners :" + ownerPrincipals);
Review Comment:
```suggestion
System.out.printf("Calling describe token operation for owners: %s%n", ownerPrincipals);
```
##########
tools/src/main/java/org/apache/kafka/tools/DelegationTokenCommand.java:
##########
@@ -0,0 +1,306 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kafka.tools;
+
+import java.io.IOException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Properties;
+import java.util.concurrent.ExecutionException;
+import joptsimple.AbstractOptionSpec;
+import joptsimple.ArgumentAcceptingOptionSpec;
+import joptsimple.OptionSpec;
+import org.apache.kafka.clients.admin.Admin;
+import org.apache.kafka.clients.admin.CreateDelegationTokenOptions;
+import org.apache.kafka.clients.admin.CreateDelegationTokenResult;
+import org.apache.kafka.clients.admin.DescribeDelegationTokenOptions;
+import org.apache.kafka.clients.admin.DescribeDelegationTokenResult;
+import org.apache.kafka.clients.admin.ExpireDelegationTokenOptions;
+import org.apache.kafka.clients.admin.ExpireDelegationTokenResult;
+import org.apache.kafka.clients.admin.RenewDelegationTokenOptions;
+import org.apache.kafka.clients.admin.RenewDelegationTokenResult;
+import org.apache.kafka.common.security.auth.KafkaPrincipal;
+import org.apache.kafka.common.security.token.delegation.DelegationToken;
+import org.apache.kafka.common.security.token.delegation.TokenInformation;
+import org.apache.kafka.common.utils.Exit;
+import org.apache.kafka.common.utils.SecurityUtils;
+import org.apache.kafka.common.utils.Utils;
+import org.apache.kafka.server.util.CommandDefaultOptions;
+import org.apache.kafka.server.util.CommandLineUtils;
+
+public class DelegationTokenCommand {
+ public static void main(String... args) {
+ Exit.exit(mainNoExit(args));
+ }
+
+ static int mainNoExit(String... args) {
+ try {
+ execute(args);
+ return 0;
+ } catch (TerseException e) {
+ System.err.println(e.getMessage());
+ return 1;
+ } catch (Throwable e) {
+ System.err.println("Error while executing delegation token command : " + e.getMessage());
+ System.err.println(Utils.stackTrace(e));
+ return 1;
+ }
+ }
+
+ static void execute(String... args) throws Exception {
+ Admin adminClient = null;
+ try {
+ DelegationTokenCommandOptions opts = new DelegationTokenCommandOptions(args);
+ CommandLineUtils.maybePrintHelpOrVersion(opts, "This tool helps to create, renew, expire, or describe delegation tokens.");
+
+ // should have exactly one action
+ int numberOfAction = 0;
+ for (Boolean opt : new Boolean[]{opts.hasCreateOpt(), opts.hasRenewOpt(), opts.hasExpireOpt(), opts.hasDescribeOpt()}) {
+ if (opt) {
+ numberOfAction++;
+ }
+ }
+ if (numberOfAction != 1) {
+ CommandLineUtils.printUsageAndExit(opts.parser, "Command must include exactly one action: --create, --renew, --expire or --describe");
+ }
+
+ opts.checkArgs();
+
+ adminClient = createAdminClient(opts);
+
+ if (opts.hasCreateOpt()) {
+ createToken(adminClient, opts);
+ } else if (opts.hasRenewOpt()) {
+ renewToken(adminClient, opts);
+ } else if (opts.hasExpireOpt()) {
+ expireToken(adminClient, opts);
+ } else if (opts.hasDescribeOpt()) {
+ describeToken(adminClient, opts);
+ }
+
+ } finally {
+ if (adminClient != null)
+ adminClient.close();
+ }
+ }
+
+ public static DelegationToken createToken(Admin adminClient, DelegationTokenCommandOptions opts) throws ExecutionException, InterruptedException {
+ List<KafkaPrincipal> renewerPrincipals = getPrincipals(opts, opts.renewPrincipalsOpt);
+ Long maxLifeTimeMs = opts.options.valueOf(opts.maxLifeTimeOpt);
+
+ System.out.println("Calling create token operation with renewers :" + renewerPrincipals + " , max-life-time-period :" + maxLifeTimeMs);
+ CreateDelegationTokenOptions createDelegationTokenOptions = new CreateDelegationTokenOptions().maxlifeTimeMs(maxLifeTimeMs).renewers(renewerPrincipals);
+
+ List<KafkaPrincipal> ownerPrincipals = getPrincipals(opts, opts.ownerPrincipalsOpt);
+ if (!ownerPrincipals.isEmpty()) {
+ createDelegationTokenOptions.owner(ownerPrincipals.get(0));
+ }
+
+ CreateDelegationTokenResult createResult = adminClient.createDelegationToken(createDelegationTokenOptions);
+ DelegationToken token = createResult.delegationToken().get();
+ System.out.println("Created delegation token with tokenId : " + token.tokenInfo().tokenId());
+ printToken(Collections.singletonList(token));
+
+ return token;
+ }
+
+ private static void printToken(List<DelegationToken> tokens) {
+ SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm");
+ System.out.printf("%n%-15s %-30s %-15s %-15s %-25s %-15s %-15s %-15s%n", "TOKENID", "HMAC", "OWNER", "REQUESTER", "RENEWERS", "ISSUEDATE", "EXPIRYDATE", "MAXDATE");
+
+ for (DelegationToken token : tokens) {
+ TokenInformation tokenInfo = token.tokenInfo();
+ System.out.printf("%n%-15s %-30s %-15s %-15s %-25s %-15s %-15s %-15s%n",
+ tokenInfo.tokenId(),
+ token.hmacAsBase64String(),
+ tokenInfo.owner(),
+ tokenInfo.tokenRequester(),
+ tokenInfo.renewersAsString(),
+ dateFormat.format(tokenInfo.issueTimestamp()),
+ dateFormat.format(tokenInfo.expiryTimestamp()),
+ dateFormat.format(tokenInfo.maxTimestamp()));
+ System.out.println();
+ }
+ }
+
+ private static List<KafkaPrincipal> getPrincipals(DelegationTokenCommandOptions opts, OptionSpec<String> principalOptionSpec) {
+ List<KafkaPrincipal> principals = new ArrayList<>();
+
+ if (opts.options.has(principalOptionSpec)) {
+ for (Object e : opts.options.valuesOf(principalOptionSpec))
Review Comment:
Why are you using Object instead of String here?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org