1// CreateDelegationTokenRequest issues a request to create a delegation token.
2//
3// Creating delegation tokens allows for an (ideally) quicker and easier method
4// of enabling authorization for a wide array of clients. Rather than having to
5// manage many passwords external to Kafka, you only need to manage a few
6// accounts and use those to create delegation tokens per client.
7//
8// Note that delegation tokens inherit the same ACLs as the user creating the
9// token. Thus, if you want to properly scope ACLs, you should not create
10// delegation tokens with admin accounts.
11//
12// Delegation tokens live inside of Kafka and use SASL SCRAM-SHA-256 for
13// authorization.
14CreateDelegationTokenRequest => key 38, max version 3, flexible v2+
15 // The principal type of the owner of the token. If null, this defaults
16 // to the token request principal.
17 OwnerPrincipalType: nullable-string // v3+
18 // Principal name of the owner of the token. If null, this defaults to
19 // the token request principal.
20 OwnerPrincipalName: nullable-string // v3+
21 // Renewers is a list of who can renew this delegation token. If empty, the
22 // default is the principal (user) who created the token.
23 Renewers: [=>]
24 // PrincipalType is the "type" this principal is. This must be "User".
25 PrincipalType: string
26 // PrincipalName is the user name allowed to renew the returned token.
27 PrincipalName: string
28 // MaxLifetimeMillis is how long this delegation token will be valid for.
29 // If -1, the default will be the server's delegation.token.max.lifetime.ms.
30 MaxLifetimeMillis: int64
31
32// CreateDelegationTokenResponse is a response to a CreateDelegationTokenRequest.
33CreateDelegationTokenResponse =>
34 // ErrorCode is any error that caused the request to fail.
35 ErrorCode: int16
36 // PrincipalType is the type of principal that granted this delegation token.
37 // This will always be "User" with the simple authorizer.
38 PrincipalType: string
39 // PrincipalName is the name of the principal that granted this delegation
40 // token.
41 PrincipalName: string
42 // The principal type of the requester of the token.
43 TokenRequesterPrincipalType: string // v3+
44 // The principal name of the requester token.
45 TokenRequesterPrincipalName: string // v3+
46 // IssueTimestamp is the millisecond timestamp this delegation token was
47 // issued.
48 IssueTimestamp: int64
49 // ExpiryTimestamp is the millisecond timestamp this token will expire. The
50 // token can be renewed up to MaxTimestamp, past which point, it will be
51 // invalid. The Kafka default is 24h.
52 ExpiryTimestamp: int64
53 // MaxTimestamp is the millisecond timestamp past which this token cannot
54 // be renewed.
55 MaxTimestamp: int64
56 // TokenID is the ID of this token; this will be used as the username for
57 // scram authentication.
58 TokenID: string
59 // HMAC is the password of this token; this will be used as the password for
60 // scram authentication.
61 HMAC: bytes
62 ThrottleMillis(1)
View as plain text