You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by Manikumar <ma...@gmail.com> on 2018/01/16 18:03:15 UTC
[DISCUSS] KIP-249: Add Delegation Token Operations to Kafka Admin Client
Hi all,
I have created a KIP to add delegation token operations to Java Admin
Client.
This KIP proposes new API additions to admin client. There are no new wire
protocol changes.
https://cwiki.apache.org/confluence/display/KAFKA/KIP-249%3A+Add+Delegation+Token+Operations+to+KafkaAdminClient
Feedback and suggestions are welcome.
Thanks
Manikumar
Re: [DISCUSS] KIP-249: Add Delegation Token Operations to Kafka Admin Client
Posted by Ted Yu <yu...@gmail.com>.
Looks like DelegationTokenOwnerMismatchException would be thrown if token
expiration is issued by non-owner.
On Tue, Jan 16, 2018 at 11:16 AM, Ted Yu <yu...@gmail.com> wrote:
> For createDelegationToken, what's the default value for maxLifeTimeMs ?
>
> For expireDelegationToken, what exception would be thrown if the
> operation is not permitted ?
>
> Thanks
>
> On Tue, Jan 16, 2018 at 10:03 AM, Manikumar <ma...@gmail.com>
> wrote:
>
>> Hi all,
>>
>> I have created a KIP to add delegation token operations to Java Admin
>> Client.
>> This KIP proposes new API additions to admin client. There are no new wire
>> protocol changes.
>>
>> https://cwiki.apache.org/confluence/display/KAFKA/KIP-249%
>> 3A+Add+Delegation+Token+Operations+to+KafkaAdminClient
>>
>>
>> Feedback and suggestions are welcome.
>>
>> Thanks
>> Manikumar
>>
>
>
Re: [DISCUSS] KIP-249: Add Delegation Token Operations to Kafka Admin Client
Posted by Ted Yu <yu...@gmail.com>.
For createDelegationToken, what's the default value for maxLifeTimeMs ?
For expireDelegationToken, what exception would be thrown if the operation
is not permitted ?
Thanks
On Tue, Jan 16, 2018 at 10:03 AM, Manikumar <ma...@gmail.com>
wrote:
> Hi all,
>
> I have created a KIP to add delegation token operations to Java Admin
> Client.
> This KIP proposes new API additions to admin client. There are no new wire
> protocol changes.
>
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-
> 249%3A+Add+Delegation+Token+Operations+to+KafkaAdminClient
>
>
> Feedback and suggestions are welcome.
>
> Thanks
> Manikumar
>
Re: [DISCUSS] KIP-249: Add Delegation Token Operations to Kafka Admin Client
Posted by Manikumar <ma...@gmail.com>.
Hi all,
We want to include this KIP in the upcoming 1.1.0 release.
Please let me know if there are any other comments.
If there are no more comments, I'd like to start vote on this KIP.
Thanks,
On Wed, Jan 17, 2018 at 8:20 AM, Manikumar <ma...@gmail.com>
wrote:
> Hi, Jun,
>
> Thanks for the review.
>
> 1. Yes, We can pass hmac as byte[]. Updated the KIP
> 2. Yes, describeDelegationToken() returns all the user owned tokens and
> tokens where user have Describe permission.
> Added a comment to KIP.
> 3. updated the KIP with possible exceptions.
>
>
> Thanks,
>
>
> On Wed, Jan 17, 2018 at 6:45 AM, Jun Rao <ju...@confluent.io> wrote:
>
>> Hi, Mani,
>>
>> Thanks for the KIP. Looks good to me overhead. Just a couple of minor
>> comments below.
>>
>> 1. Should hmac be of type ByteBuffer? We return hmac as byte[] in
>> DelegationToken.
>> So, it seems it's more consistent to pass in hmac as byte[] too.
>> 2. Does describeDelegationToken() return all tokens?
>> 3. As Ted mentioned, it would be useful to include the exceptions that can
>> be thrown in the new apis.
>>
>> Jun
>>
>> On Tue, Jan 16, 2018 at 10:03 AM, Manikumar <ma...@gmail.com>
>> wrote:
>>
>> > Hi all,
>> >
>> > I have created a KIP to add delegation token operations to Java Admin
>> > Client.
>> > This KIP proposes new API additions to admin client. There are no new
>> wire
>> > protocol changes.
>> >
>> > https://cwiki.apache.org/confluence/display/KAFKA/KIP-
>> > 249%3A+Add+Delegation+Token+Operations+to+KafkaAdminClient
>> >
>> >
>> > Feedback and suggestions are welcome.
>> >
>> > Thanks
>> > Manikumar
>> >
>>
>
>
Re: [DISCUSS] KIP-249: Add Delegation Token Operations to Kafka Admin Client
Posted by Manikumar <ma...@gmail.com>.
Hi, Jun,
Thanks for the review.
1. Yes, We can pass hmac as byte[]. Updated the KIP
2. Yes, describeDelegationToken() returns all the user owned tokens and
tokens where user have Describe permission.
Added a comment to KIP.
3. updated the KIP with possible exceptions.
Thanks,
On Wed, Jan 17, 2018 at 6:45 AM, Jun Rao <ju...@confluent.io> wrote:
> Hi, Mani,
>
> Thanks for the KIP. Looks good to me overhead. Just a couple of minor
> comments below.
>
> 1. Should hmac be of type ByteBuffer? We return hmac as byte[] in
> DelegationToken.
> So, it seems it's more consistent to pass in hmac as byte[] too.
> 2. Does describeDelegationToken() return all tokens?
> 3. As Ted mentioned, it would be useful to include the exceptions that can
> be thrown in the new apis.
>
> Jun
>
> On Tue, Jan 16, 2018 at 10:03 AM, Manikumar <ma...@gmail.com>
> wrote:
>
> > Hi all,
> >
> > I have created a KIP to add delegation token operations to Java Admin
> > Client.
> > This KIP proposes new API additions to admin client. There are no new
> wire
> > protocol changes.
> >
> > https://cwiki.apache.org/confluence/display/KAFKA/KIP-
> > 249%3A+Add+Delegation+Token+Operations+to+KafkaAdminClient
> >
> >
> > Feedback and suggestions are welcome.
> >
> > Thanks
> > Manikumar
> >
>
Re: [DISCUSS] KIP-249: Add Delegation Token Operations to Kafka Admin Client
Posted by Manikumar <ma...@gmail.com>.
Hi Ted,
Thanks for the review.
1. default value for maxLifeTimeMs is -1. with this, token MaxLifeTime
will default to a server side
config value (delegation.token.max.lifetime.ms). Added a comment to the
KIP.
2. Yes, DelegationTokenOwnerMismatchException will be thrown, updated the
KIP with possible exceptions.
Thanks
On Wed, Jan 17, 2018 at 6:45 AM, Jun Rao <ju...@confluent.io> wrote:
> Hi, Mani,
>
> Thanks for the KIP. Looks good to me overhead. Just a couple of minor
> comments below.
>
> 1. Should hmac be of type ByteBuffer? We return hmac as byte[] in
> DelegationToken.
> So, it seems it's more consistent to pass in hmac as byte[] too.
> 2. Does describeDelegationToken() return all tokens?
> 3. As Ted mentioned, it would be useful to include the exceptions that can
> be thrown in the new apis.
>
> Jun
>
> On Tue, Jan 16, 2018 at 10:03 AM, Manikumar <ma...@gmail.com>
> wrote:
>
> > Hi all,
> >
> > I have created a KIP to add delegation token operations to Java Admin
> > Client.
> > This KIP proposes new API additions to admin client. There are no new
> wire
> > protocol changes.
> >
> > https://cwiki.apache.org/confluence/display/KAFKA/KIP-
> > 249%3A+Add+Delegation+Token+Operations+to+KafkaAdminClient
> >
> >
> > Feedback and suggestions are welcome.
> >
> > Thanks
> > Manikumar
> >
>
Re: [DISCUSS] KIP-249: Add Delegation Token Operations to Kafka Admin Client
Posted by Jun Rao <ju...@confluent.io>.
Hi, Mani,
Thanks for the KIP. Looks good to me overhead. Just a couple of minor
comments below.
1. Should hmac be of type ByteBuffer? We return hmac as byte[] in
DelegationToken.
So, it seems it's more consistent to pass in hmac as byte[] too.
2. Does describeDelegationToken() return all tokens?
3. As Ted mentioned, it would be useful to include the exceptions that can
be thrown in the new apis.
Jun
On Tue, Jan 16, 2018 at 10:03 AM, Manikumar <ma...@gmail.com>
wrote:
> Hi all,
>
> I have created a KIP to add delegation token operations to Java Admin
> Client.
> This KIP proposes new API additions to admin client. There are no new wire
> protocol changes.
>
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-
> 249%3A+Add+Delegation+Token+Operations+to+KafkaAdminClient
>
>
> Feedback and suggestions are welcome.
>
> Thanks
> Manikumar
>