use of org.apache.kafka.common.security.token.delegation.DelegationToken in project kafka by apache.
the class KafkaAdminClient method createDelegationToken.
@Override
public CreateDelegationTokenResult createDelegationToken(final CreateDelegationTokenOptions options) {
final KafkaFutureImpl<DelegationToken> delegationTokenFuture = new KafkaFutureImpl<>();
final long now = time.milliseconds();
List<CreatableRenewers> renewers = new ArrayList<>();
for (KafkaPrincipal principal : options.renewers()) {
renewers.add(new CreatableRenewers().setPrincipalName(principal.getName()).setPrincipalType(principal.getPrincipalType()));
}
runnable.call(new Call("createDelegationToken", calcDeadlineMs(now, options.timeoutMs()), new LeastLoadedNodeProvider()) {
@Override
CreateDelegationTokenRequest.Builder createRequest(int timeoutMs) {
return new CreateDelegationTokenRequest.Builder(new CreateDelegationTokenRequestData().setRenewers(renewers).setMaxLifetimeMs(options.maxlifeTimeMs()));
}
@Override
void handleResponse(AbstractResponse abstractResponse) {
CreateDelegationTokenResponse response = (CreateDelegationTokenResponse) abstractResponse;
if (response.hasError()) {
delegationTokenFuture.completeExceptionally(response.error().exception());
} else {
CreateDelegationTokenResponseData data = response.data();
TokenInformation tokenInfo = new TokenInformation(data.tokenId(), new KafkaPrincipal(data.principalType(), data.principalName()), options.renewers(), data.issueTimestampMs(), data.maxTimestampMs(), data.expiryTimestampMs());
DelegationToken token = new DelegationToken(tokenInfo, data.hmac());
delegationTokenFuture.complete(token);
}
}
@Override
void handleFailure(Throwable throwable) {
delegationTokenFuture.completeExceptionally(throwable);
}
}, now);
return new CreateDelegationTokenResult(delegationTokenFuture);
}
use of org.apache.kafka.common.security.token.delegation.DelegationToken in project kafka by apache.
the class RequestResponseTest method createDescribeTokenResponse.
private DescribeDelegationTokenResponse createDescribeTokenResponse() {
List<KafkaPrincipal> renewers = new ArrayList<>();
renewers.add(SecurityUtils.parseKafkaPrincipal("User:user1"));
renewers.add(SecurityUtils.parseKafkaPrincipal("User:user2"));
List<DelegationToken> tokenList = new LinkedList<>();
TokenInformation tokenInfo1 = new TokenInformation("1", SecurityUtils.parseKafkaPrincipal("User:owner"), renewers, System.currentTimeMillis(), System.currentTimeMillis(), System.currentTimeMillis());
TokenInformation tokenInfo2 = new TokenInformation("2", SecurityUtils.parseKafkaPrincipal("User:owner1"), renewers, System.currentTimeMillis(), System.currentTimeMillis(), System.currentTimeMillis());
tokenList.add(new DelegationToken(tokenInfo1, "test".getBytes()));
tokenList.add(new DelegationToken(tokenInfo2, "test".getBytes()));
return new DescribeDelegationTokenResponse(20, Errors.NONE, tokenList);
}
use of org.apache.kafka.common.security.token.delegation.DelegationToken in project hive by apache.
the class DagUtils method getKafkaDelegationTokenForBrokers.
private void getKafkaDelegationTokenForBrokers(DAG dag, JobConf conf, String kafkaBrokers) {
LOG.info("Getting kafka credentials for brokers: {}", kafkaBrokers);
String keytab = HiveConf.getVar(conf, HiveConf.ConfVars.HIVE_SERVER2_KERBEROS_KEYTAB);
String principal = HiveConf.getVar(conf, HiveConf.ConfVars.HIVE_SERVER2_KERBEROS_PRINCIPAL);
try {
principal = SecurityUtil.getServerPrincipal(principal, "0.0.0.0");
} catch (IOException e) {
throw new RuntimeException(e);
}
Properties config = new Properties();
config.put(AdminClientConfig.BOOTSTRAP_SERVERS_CONFIG, kafkaBrokers);
config.put(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, "SASL_PLAINTEXT");
String jaasConfig = String.format("%s %s %s %s serviceName=\"%s\" keyTab=\"%s\" principal=\"%s\";", "com.sun.security.auth.module.Krb5LoginModule required", "debug=true", "useKeyTab=true", "storeKey=true", "kafka", keytab, principal);
config.put(SaslConfigs.SASL_JAAS_CONFIG, jaasConfig);
LOG.debug("Jaas config for requesting kafka credentials: {}", jaasConfig);
AdminClient admin = AdminClient.create(config);
CreateDelegationTokenOptions createDelegationTokenOptions = new CreateDelegationTokenOptions();
CreateDelegationTokenResult createResult = admin.createDelegationToken(createDelegationTokenOptions);
DelegationToken token;
try {
token = createResult.delegationToken().get();
} catch (InterruptedException | ExecutionException e) {
throw new RuntimeException("Exception while getting kafka delegation tokens", e);
}
LOG.info("Got kafka delegation token: {}", token);
dag.getCredentials().addToken(KAFKA_DELEGATION_TOKEN_KEY, new Token<>(token.tokenInfo().tokenId().getBytes(), token.hmac(), null, new Text("kafka")));
}
use of org.apache.kafka.common.security.token.delegation.DelegationToken in project apache-kafka-on-k8s by banzaicloud.
the class RequestResponseTest method createDescribeTokenResponse.
private DescribeDelegationTokenResponse createDescribeTokenResponse() {
List<KafkaPrincipal> renewers = new ArrayList<>();
renewers.add(SecurityUtils.parseKafkaPrincipal("User:user1"));
renewers.add(SecurityUtils.parseKafkaPrincipal("User:user2"));
List<DelegationToken> tokenList = new LinkedList<>();
TokenInformation tokenInfo1 = new TokenInformation("1", SecurityUtils.parseKafkaPrincipal("User:owner"), renewers, System.currentTimeMillis(), System.currentTimeMillis(), System.currentTimeMillis());
TokenInformation tokenInfo2 = new TokenInformation("2", SecurityUtils.parseKafkaPrincipal("User:owner1"), renewers, System.currentTimeMillis(), System.currentTimeMillis(), System.currentTimeMillis());
tokenList.add(new DelegationToken(tokenInfo1, "test".getBytes()));
tokenList.add(new DelegationToken(tokenInfo2, "test".getBytes()));
return new DescribeDelegationTokenResponse(20, Errors.NONE, tokenList);
}
use of org.apache.kafka.common.security.token.delegation.DelegationToken in project apache-kafka-on-k8s by banzaicloud.
the class DescribeDelegationTokenResponse method toStruct.
@Override
protected Struct toStruct(short version) {
Struct struct = new Struct(ApiKeys.DESCRIBE_DELEGATION_TOKEN.responseSchema(version));
List<Struct> tokenDetailsStructs = new ArrayList<>(tokens.size());
struct.set(ERROR_CODE, error.code());
for (DelegationToken token : tokens) {
TokenInformation tokenInfo = token.tokenInfo();
Struct singleRequestStruct = struct.instance(TOKEN_DETAILS_KEY_NAME);
Struct ownerStruct = singleRequestStruct.instance(OWNER_KEY_NAME);
ownerStruct.set(PRINCIPAL_TYPE, tokenInfo.owner().getPrincipalType());
ownerStruct.set(PRINCIPAL_NAME, tokenInfo.owner().getName());
singleRequestStruct.set(OWNER_KEY_NAME, ownerStruct);
singleRequestStruct.set(ISSUE_TIMESTAMP_KEY_NAME, tokenInfo.issueTimestamp());
singleRequestStruct.set(EXPIRY_TIMESTAMP_NAME, tokenInfo.expiryTimestamp());
singleRequestStruct.set(MAX_TIMESTAMP_NAME, tokenInfo.maxTimestamp());
singleRequestStruct.set(TOKEN_ID_KEY_NAME, tokenInfo.tokenId());
singleRequestStruct.set(HMAC_KEY_NAME, ByteBuffer.wrap(token.hmac()));
Object[] renewersArray = new Object[tokenInfo.renewers().size()];
int i = 0;
for (KafkaPrincipal principal : tokenInfo.renewers()) {
Struct renewerStruct = singleRequestStruct.instance(RENEWERS_KEY_NAME);
renewerStruct.set(PRINCIPAL_TYPE, principal.getPrincipalType());
renewerStruct.set(PRINCIPAL_NAME, principal.getName());
renewersArray[i++] = renewerStruct;
}
singleRequestStruct.set(RENEWERS_KEY_NAME, renewersArray);
tokenDetailsStructs.add(singleRequestStruct);
}
struct.set(TOKEN_DETAILS_KEY_NAME, tokenDetailsStructs.toArray());
struct.setIfExists(THROTTLE_TIME_MS, throttleTimeMs);
return struct;
}
Aggregations