[GitHub] [kafka] clolov commented on a diff in pull request #13172: KAFKA-14590: Move DelegationTokenCommand to tools
clolov commented on code in PR #13172: URL: https://github.com/apache/kafka/pull/13172#discussion_r1094788715 ## tools/src/main/java/org/apache/kafka/tools/DelegationTokenCommand.java: ## @@ -0,0 +1,306 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + *http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.kafka.tools; + +import java.io.IOException; +import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Base64; +import java.util.Collections; +import java.util.HashSet; +import java.util.List; +import java.util.Properties; +import java.util.concurrent.ExecutionException; +import joptsimple.AbstractOptionSpec; +import joptsimple.ArgumentAcceptingOptionSpec; +import joptsimple.OptionSpec; +import org.apache.kafka.clients.admin.Admin; +import org.apache.kafka.clients.admin.CreateDelegationTokenOptions; +import org.apache.kafka.clients.admin.CreateDelegationTokenResult; +import org.apache.kafka.clients.admin.DescribeDelegationTokenOptions; +import org.apache.kafka.clients.admin.DescribeDelegationTokenResult; +import org.apache.kafka.clients.admin.ExpireDelegationTokenOptions; +import org.apache.kafka.clients.admin.ExpireDelegationTokenResult; +import org.apache.kafka.clients.admin.RenewDelegationTokenOptions; +import org.apache.kafka.clients.admin.RenewDelegationTokenResult; +import org.apache.kafka.common.security.auth.KafkaPrincipal; +import org.apache.kafka.common.security.token.delegation.DelegationToken; +import org.apache.kafka.common.security.token.delegation.TokenInformation; +import org.apache.kafka.common.utils.Exit; +import org.apache.kafka.common.utils.SecurityUtils; +import org.apache.kafka.common.utils.Utils; +import org.apache.kafka.server.util.CommandDefaultOptions; +import org.apache.kafka.server.util.CommandLineUtils; + +public class DelegationTokenCommand { +public static void main(String... args) { +Exit.exit(mainNoExit(args)); +} + +static int mainNoExit(String... args) { +try { +execute(args); +return 0; +} catch (TerseException e) { +System.err.println(e.getMessage()); +return 1; +} catch (Throwable e) { +System.err.println("Error while executing delegation token command : " + e.getMessage()); +System.err.println(Utils.stackTrace(e)); +return 1; +} +} + +static void execute(String... args) throws Exception { +Admin adminClient = null; +try { +DelegationTokenCommandOptions opts = new DelegationTokenCommandOptions(args); +CommandLineUtils.maybePrintHelpOrVersion(opts, "This tool helps to create, renew, expire, or describe delegation tokens."); + +// should have exactly one action +int numberOfAction = 0; +for (Boolean opt : new Boolean[]{opts.hasCreateOpt(), opts.hasRenewOpt(), opts.hasExpireOpt(), opts.hasDescribeOpt()}) { +if (opt) { +numberOfAction++; +} +} +if (numberOfAction != 1) { +CommandLineUtils.printUsageAndExit(opts.parser, "Command must include exactly one action: --create, --renew, --expire or --describe"); +} + +opts.checkArgs(); + +adminClient = createAdminClient(opts); + +if (opts.hasCreateOpt()) { +createToken(adminClient, opts); +} else if (opts.hasRenewOpt()) { +renewToken(adminClient, opts); +} else if (opts.hasExpireOpt()) { +expireToken(adminClient, opts); +} else if (opts.hasDescribeOpt()) { +describeToken(adminClient, opts); +} + +} finally { +if (adminClient != null) +adminClient.close(); Review Comment: Since Admin implements AutoCloseable could you use https://docs.oracle.com/javase/tutorial/essential/exceptions/tryResourceClose.html? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For q
[GitHub] [kafka] clolov commented on a diff in pull request #13172: KAFKA-14590: Move DelegationTokenCommand to tools
clolov commented on code in PR #13172: URL: https://github.com/apache/kafka/pull/13172#discussion_r1094784273 ## clients/src/test/java/org/apache/kafka/clients/admin/MockAdminClient.java: ## @@ -94,6 +100,8 @@ public class MockAdminClient extends AdminClient { private Map mockMetrics = new HashMap<>(); +private final List alltokens = new ArrayList<>(); Review Comment: ```suggestion private final List allTokens = new ArrayList<>(); ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [kafka] clolov commented on a diff in pull request #13172: KAFKA-14590: Move DelegationTokenCommand to tools
clolov commented on code in PR #13172: URL: https://github.com/apache/kafka/pull/13172#discussion_r1094783958 ## clients/src/test/java/org/apache/kafka/clients/admin/MockAdminClient.java: ## @@ -596,22 +604,89 @@ synchronized public DeleteRecordsResult deleteRecords(Map future = new KafkaFutureImpl<>(); + +for (KafkaPrincipal renewer : options.renewers()) { +if (!renewer.getPrincipalType().equals(KafkaPrincipal.USER_TYPE)) { +future.completeExceptionally(new InvalidPrincipalTypeException("")); +return new CreateDelegationTokenResult(future); +} +} + +String tokenId = Uuid.randomUuid().toString(); +TokenInformation tokenInfo = new TokenInformation(tokenId,options.renewers().get(0), options.renewers(),System.currentTimeMillis(), options.maxlifeTimeMs(), -1); +DelegationToken token = new DelegationToken(tokenInfo,tokenId.getBytes()); Review Comment: ```suggestion DelegationToken token = new DelegationToken(tokenInfo, tokenId.getBytes()); ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [kafka] clolov commented on a diff in pull request #13172: KAFKA-14590: Move DelegationTokenCommand to tools
clolov commented on code in PR #13172: URL: https://github.com/apache/kafka/pull/13172#discussion_r1094783703 ## clients/src/test/java/org/apache/kafka/clients/admin/MockAdminClient.java: ## @@ -596,22 +604,89 @@ synchronized public DeleteRecordsResult deleteRecords(Map future = new KafkaFutureImpl<>(); + +for (KafkaPrincipal renewer : options.renewers()) { +if (!renewer.getPrincipalType().equals(KafkaPrincipal.USER_TYPE)) { +future.completeExceptionally(new InvalidPrincipalTypeException("")); +return new CreateDelegationTokenResult(future); +} +} + +String tokenId = Uuid.randomUuid().toString(); +TokenInformation tokenInfo = new TokenInformation(tokenId,options.renewers().get(0), options.renewers(),System.currentTimeMillis(), options.maxlifeTimeMs(), -1); Review Comment: ```suggestion TokenInformation tokenInfo = new TokenInformation(tokenId, options.renewers().get(0), options.renewers(), System.currentTimeMillis(), options.maxlifeTimeMs(), -1); ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [kafka] clolov commented on a diff in pull request #13172: KAFKA-14590: Move DelegationTokenCommand to tools
clolov commented on code in PR #13172: URL: https://github.com/apache/kafka/pull/13172#discussion_r1094781236 ## tools/src/main/java/org/apache/kafka/tools/DelegationTokenCommand.java: ## @@ -0,0 +1,306 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + *http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.kafka.tools; + +import java.io.IOException; +import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Base64; +import java.util.Collections; +import java.util.HashSet; +import java.util.List; +import java.util.Properties; +import java.util.concurrent.ExecutionException; +import joptsimple.AbstractOptionSpec; +import joptsimple.ArgumentAcceptingOptionSpec; +import joptsimple.OptionSpec; +import org.apache.kafka.clients.admin.Admin; +import org.apache.kafka.clients.admin.CreateDelegationTokenOptions; +import org.apache.kafka.clients.admin.CreateDelegationTokenResult; +import org.apache.kafka.clients.admin.DescribeDelegationTokenOptions; +import org.apache.kafka.clients.admin.DescribeDelegationTokenResult; +import org.apache.kafka.clients.admin.ExpireDelegationTokenOptions; +import org.apache.kafka.clients.admin.ExpireDelegationTokenResult; +import org.apache.kafka.clients.admin.RenewDelegationTokenOptions; +import org.apache.kafka.clients.admin.RenewDelegationTokenResult; +import org.apache.kafka.common.security.auth.KafkaPrincipal; +import org.apache.kafka.common.security.token.delegation.DelegationToken; +import org.apache.kafka.common.security.token.delegation.TokenInformation; +import org.apache.kafka.common.utils.Exit; +import org.apache.kafka.common.utils.SecurityUtils; +import org.apache.kafka.common.utils.Utils; +import org.apache.kafka.server.util.CommandDefaultOptions; +import org.apache.kafka.server.util.CommandLineUtils; + +public class DelegationTokenCommand { +public static void main(String... args) { +Exit.exit(mainNoExit(args)); +} + +static int mainNoExit(String... args) { +try { +execute(args); +return 0; +} catch (TerseException e) { +System.err.println(e.getMessage()); +return 1; +} catch (Throwable e) { +System.err.println("Error while executing delegation token command : " + e.getMessage()); +System.err.println(Utils.stackTrace(e)); +return 1; +} +} + +static void execute(String... args) throws Exception { +Admin adminClient = null; +try { +DelegationTokenCommandOptions opts = new DelegationTokenCommandOptions(args); +CommandLineUtils.maybePrintHelpOrVersion(opts, "This tool helps to create, renew, expire, or describe delegation tokens."); + +// should have exactly one action +int numberOfAction = 0; +for (Boolean opt : new Boolean[]{opts.hasCreateOpt(), opts.hasRenewOpt(), opts.hasExpireOpt(), opts.hasDescribeOpt()}) { +if (opt) { +numberOfAction++; +} +} +if (numberOfAction != 1) { +CommandLineUtils.printUsageAndExit(opts.parser, "Command must include exactly one action: --create, --renew, --expire or --describe"); +} + +opts.checkArgs(); + +adminClient = createAdminClient(opts); + +if (opts.hasCreateOpt()) { +createToken(adminClient, opts); +} else if (opts.hasRenewOpt()) { +renewToken(adminClient, opts); +} else if (opts.hasExpireOpt()) { +expireToken(adminClient, opts); +} else if (opts.hasDescribeOpt()) { +describeToken(adminClient, opts); +} + +} finally { +if (adminClient != null) +adminClient.close(); +} +} + +public static DelegationToken createToken(Admin adminClient, DelegationTokenCommandOptions opts) throws ExecutionException, InterruptedException { +List renewerPrincipals = getPrincipals(opts, opts.renewPrincipalsOpt); +Long maxLifeTimeMs = opts.options.valueOf(opts.maxLifeTimeOpt); + +System.out.println("Calling create token operation
[GitHub] [kafka] clolov commented on a diff in pull request #13172: KAFKA-14590: Move DelegationTokenCommand to tools
clolov commented on code in PR #13172: URL: https://github.com/apache/kafka/pull/13172#discussion_r1094781664 ## tools/src/main/java/org/apache/kafka/tools/DelegationTokenCommand.java: ## @@ -0,0 +1,306 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + *http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.kafka.tools; + +import java.io.IOException; +import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Base64; +import java.util.Collections; +import java.util.HashSet; +import java.util.List; +import java.util.Properties; +import java.util.concurrent.ExecutionException; +import joptsimple.AbstractOptionSpec; +import joptsimple.ArgumentAcceptingOptionSpec; +import joptsimple.OptionSpec; +import org.apache.kafka.clients.admin.Admin; +import org.apache.kafka.clients.admin.CreateDelegationTokenOptions; +import org.apache.kafka.clients.admin.CreateDelegationTokenResult; +import org.apache.kafka.clients.admin.DescribeDelegationTokenOptions; +import org.apache.kafka.clients.admin.DescribeDelegationTokenResult; +import org.apache.kafka.clients.admin.ExpireDelegationTokenOptions; +import org.apache.kafka.clients.admin.ExpireDelegationTokenResult; +import org.apache.kafka.clients.admin.RenewDelegationTokenOptions; +import org.apache.kafka.clients.admin.RenewDelegationTokenResult; +import org.apache.kafka.common.security.auth.KafkaPrincipal; +import org.apache.kafka.common.security.token.delegation.DelegationToken; +import org.apache.kafka.common.security.token.delegation.TokenInformation; +import org.apache.kafka.common.utils.Exit; +import org.apache.kafka.common.utils.SecurityUtils; +import org.apache.kafka.common.utils.Utils; +import org.apache.kafka.server.util.CommandDefaultOptions; +import org.apache.kafka.server.util.CommandLineUtils; + +public class DelegationTokenCommand { +public static void main(String... args) { +Exit.exit(mainNoExit(args)); +} + +static int mainNoExit(String... args) { +try { +execute(args); +return 0; +} catch (TerseException e) { +System.err.println(e.getMessage()); +return 1; +} catch (Throwable e) { +System.err.println("Error while executing delegation token command : " + e.getMessage()); +System.err.println(Utils.stackTrace(e)); +return 1; +} +} + +static void execute(String... args) throws Exception { +Admin adminClient = null; +try { +DelegationTokenCommandOptions opts = new DelegationTokenCommandOptions(args); +CommandLineUtils.maybePrintHelpOrVersion(opts, "This tool helps to create, renew, expire, or describe delegation tokens."); + +// should have exactly one action +int numberOfAction = 0; +for (Boolean opt : new Boolean[]{opts.hasCreateOpt(), opts.hasRenewOpt(), opts.hasExpireOpt(), opts.hasDescribeOpt()}) { +if (opt) { +numberOfAction++; +} +} +if (numberOfAction != 1) { +CommandLineUtils.printUsageAndExit(opts.parser, "Command must include exactly one action: --create, --renew, --expire or --describe"); +} + +opts.checkArgs(); + +adminClient = createAdminClient(opts); + +if (opts.hasCreateOpt()) { +createToken(adminClient, opts); +} else if (opts.hasRenewOpt()) { +renewToken(adminClient, opts); +} else if (opts.hasExpireOpt()) { +expireToken(adminClient, opts); +} else if (opts.hasDescribeOpt()) { +describeToken(adminClient, opts); +} + +} finally { +if (adminClient != null) +adminClient.close(); +} +} + +public static DelegationToken createToken(Admin adminClient, DelegationTokenCommandOptions opts) throws ExecutionException, InterruptedException { +List renewerPrincipals = getPrincipals(opts, opts.renewPrincipalsOpt); +Long maxLifeTimeMs = opts.options.valueOf(opts.maxLifeTimeOpt); + +System.out.println("Calling create token operation
[GitHub] [kafka] clolov commented on a diff in pull request #13172: KAFKA-14590: Move DelegationTokenCommand to tools
clolov commented on code in PR #13172: URL: https://github.com/apache/kafka/pull/13172#discussion_r1094780253 ## tools/src/main/java/org/apache/kafka/tools/DelegationTokenCommand.java: ## @@ -0,0 +1,306 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + *http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.kafka.tools; + +import java.io.IOException; +import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Base64; +import java.util.Collections; +import java.util.HashSet; +import java.util.List; +import java.util.Properties; +import java.util.concurrent.ExecutionException; +import joptsimple.AbstractOptionSpec; +import joptsimple.ArgumentAcceptingOptionSpec; +import joptsimple.OptionSpec; +import org.apache.kafka.clients.admin.Admin; +import org.apache.kafka.clients.admin.CreateDelegationTokenOptions; +import org.apache.kafka.clients.admin.CreateDelegationTokenResult; +import org.apache.kafka.clients.admin.DescribeDelegationTokenOptions; +import org.apache.kafka.clients.admin.DescribeDelegationTokenResult; +import org.apache.kafka.clients.admin.ExpireDelegationTokenOptions; +import org.apache.kafka.clients.admin.ExpireDelegationTokenResult; +import org.apache.kafka.clients.admin.RenewDelegationTokenOptions; +import org.apache.kafka.clients.admin.RenewDelegationTokenResult; +import org.apache.kafka.common.security.auth.KafkaPrincipal; +import org.apache.kafka.common.security.token.delegation.DelegationToken; +import org.apache.kafka.common.security.token.delegation.TokenInformation; +import org.apache.kafka.common.utils.Exit; +import org.apache.kafka.common.utils.SecurityUtils; +import org.apache.kafka.common.utils.Utils; +import org.apache.kafka.server.util.CommandDefaultOptions; +import org.apache.kafka.server.util.CommandLineUtils; + +public class DelegationTokenCommand { +public static void main(String... args) { +Exit.exit(mainNoExit(args)); +} + +static int mainNoExit(String... args) { +try { +execute(args); +return 0; +} catch (TerseException e) { +System.err.println(e.getMessage()); +return 1; +} catch (Throwable e) { +System.err.println("Error while executing delegation token command : " + e.getMessage()); +System.err.println(Utils.stackTrace(e)); +return 1; +} +} + +static void execute(String... args) throws Exception { +Admin adminClient = null; +try { +DelegationTokenCommandOptions opts = new DelegationTokenCommandOptions(args); +CommandLineUtils.maybePrintHelpOrVersion(opts, "This tool helps to create, renew, expire, or describe delegation tokens."); + +// should have exactly one action +int numberOfAction = 0; +for (Boolean opt : new Boolean[]{opts.hasCreateOpt(), opts.hasRenewOpt(), opts.hasExpireOpt(), opts.hasDescribeOpt()}) { +if (opt) { +numberOfAction++; +} +} +if (numberOfAction != 1) { +CommandLineUtils.printUsageAndExit(opts.parser, "Command must include exactly one action: --create, --renew, --expire or --describe"); +} + +opts.checkArgs(); + +adminClient = createAdminClient(opts); + +if (opts.hasCreateOpt()) { +createToken(adminClient, opts); +} else if (opts.hasRenewOpt()) { +renewToken(adminClient, opts); +} else if (opts.hasExpireOpt()) { +expireToken(adminClient, opts); +} else if (opts.hasDescribeOpt()) { +describeToken(adminClient, opts); +} + +} finally { +if (adminClient != null) +adminClient.close(); +} +} + +public static DelegationToken createToken(Admin adminClient, DelegationTokenCommandOptions opts) throws ExecutionException, InterruptedException { +List renewerPrincipals = getPrincipals(opts, opts.renewPrincipalsOpt); +Long maxLifeTimeMs = opts.options.valueOf(opts.maxLifeTimeOpt); + +System.out.println("Calling create token operation
[GitHub] [kafka] clolov commented on a diff in pull request #13172: KAFKA-14590: Move DelegationTokenCommand to tools
clolov commented on code in PR #13172: URL: https://github.com/apache/kafka/pull/13172#discussion_r1094720518 ## tools/src/test/java/org/apache/kafka/tools/DelegationTokenCommandTest.java: ## @@ -0,0 +1,105 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + *http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.kafka.tools; + +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.concurrent.ExecutionException; +import org.apache.kafka.clients.admin.Admin; +import org.apache.kafka.clients.admin.MockAdminClient; +import org.apache.kafka.common.security.token.delegation.DelegationToken; +import org.junit.jupiter.api.Test; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertTrue; + +public class DelegationTokenCommandTest { + +@Test +public void testDelegationTokenRequests() throws ExecutionException, InterruptedException { +Admin adminClient = new MockAdminClient.Builder().build(); + +String renewer1 = "User:renewer1"; +String renewer2 = "User:renewer2"; + +// create token1 with renewer1 +DelegationToken tokenCreated = DelegationTokenCommand.createToken(adminClient, getCreateOpts(renewer1)); + +List tokens = DelegationTokenCommand.describeToken(adminClient, getDescribeOpts("")); +assertEquals(1, tokens.size()); +DelegationToken token1 = tokens.get(0); +assertEquals(token1, tokenCreated); + +// create token2 with renewer2 +DelegationToken token2 = DelegationTokenCommand.createToken(adminClient, getCreateOpts(renewer2)); + +tokens = DelegationTokenCommand.describeToken(adminClient, getDescribeOpts("")); +assertEquals(2, tokens.size()); +assertEquals(Arrays.asList(token1, token2), tokens); + +//get tokens for renewer2 +tokens = DelegationTokenCommand.describeToken(adminClient, getDescribeOpts(renewer2)); +assertEquals(1, tokens.size()); +assertEquals(Collections.singletonList(token2), tokens); + +//test renewing tokens +Long expiryTimestamp = DelegationTokenCommand.renewToken(adminClient, getRenewOpts(token1.hmacAsBase64String())); +DelegationToken renewedToken = DelegationTokenCommand.describeToken(adminClient, getDescribeOpts(renewer1)).get(0); +assertEquals(expiryTimestamp, renewedToken.tokenInfo().expiryTimestamp()); + +//test expire tokens +DelegationTokenCommand.expireToken(adminClient, getExpireOpts(token1.hmacAsBase64String())); +DelegationTokenCommand.expireToken(adminClient, getExpireOpts(token2.hmacAsBase64String())); + +tokens = DelegationTokenCommand.describeToken(adminClient, getDescribeOpts("")); +assertEquals(0, tokens.size()); + +//create token with invalid renewer principal type +assertThrows(ExecutionException.class, () -> DelegationTokenCommand.createToken(adminClient, getCreateOpts("Group:Renewer3"))); + +// try describing tokens for unknown owner +assertTrue(DelegationTokenCommand.describeToken(adminClient, getDescribeOpts("User:Unknown")).isEmpty()); + +} + +private DelegationTokenCommand.DelegationTokenCommandOptions getCreateOpts(String renewer) { +String[] args = {"--bootstrap-server", "localhost:9092", "--max-life-time-period", "-1", "--command-config", "testfile", "--create", "--renewer-principal", renewer}; +return new DelegationTokenCommand.DelegationTokenCommandOptions(args); +} + +private DelegationTokenCommand.DelegationTokenCommandOptions getDescribeOpts(String owner) { +String[] args; +if (!owner.equals("")) { +args = new String[] {"--bootstrap-server", "localhost:9092", "--command-config", "testfile", "--describe","--owner-principal", owner}; +} else { +args = new String[] {"--bootstrap-server", "localhost:9092", "--command-config", "testfile", "--describe"}; +} +return new DelegationTokenCommand.DelegationTokenCommandOptions(args); Review Comment: Maybe the following will save us a few repetitive st
[GitHub] [kafka] clolov commented on a diff in pull request #13172: KAFKA-14590: Move DelegationTokenCommand to tools
clolov commented on code in PR #13172: URL: https://github.com/apache/kafka/pull/13172#discussion_r1094714174 ## tools/src/test/java/org/apache/kafka/tools/DelegationTokenCommandTest.java: ## @@ -0,0 +1,105 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + *http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.kafka.tools; + +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.concurrent.ExecutionException; +import org.apache.kafka.clients.admin.Admin; +import org.apache.kafka.clients.admin.MockAdminClient; +import org.apache.kafka.common.security.token.delegation.DelegationToken; +import org.junit.jupiter.api.Test; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertTrue; + +public class DelegationTokenCommandTest { + +@Test +public void testDelegationTokenRequests() throws ExecutionException, InterruptedException { +Admin adminClient = new MockAdminClient.Builder().build(); + +String renewer1 = "User:renewer1"; +String renewer2 = "User:renewer2"; + +// create token1 with renewer1 +DelegationToken tokenCreated = DelegationTokenCommand.createToken(adminClient, getCreateOpts(renewer1)); + +List tokens = DelegationTokenCommand.describeToken(adminClient, getDescribeOpts("")); +assertEquals(1, tokens.size()); +DelegationToken token1 = tokens.get(0); +assertEquals(token1, tokenCreated); + +// create token2 with renewer2 +DelegationToken token2 = DelegationTokenCommand.createToken(adminClient, getCreateOpts(renewer2)); + +tokens = DelegationTokenCommand.describeToken(adminClient, getDescribeOpts("")); +assertEquals(2, tokens.size()); +assertEquals(Arrays.asList(token1, token2), tokens); + +//get tokens for renewer2 +tokens = DelegationTokenCommand.describeToken(adminClient, getDescribeOpts(renewer2)); +assertEquals(1, tokens.size()); +assertEquals(Collections.singletonList(token2), tokens); + +//test renewing tokens +Long expiryTimestamp = DelegationTokenCommand.renewToken(adminClient, getRenewOpts(token1.hmacAsBase64String())); +DelegationToken renewedToken = DelegationTokenCommand.describeToken(adminClient, getDescribeOpts(renewer1)).get(0); +assertEquals(expiryTimestamp, renewedToken.tokenInfo().expiryTimestamp()); + +//test expire tokens +DelegationTokenCommand.expireToken(adminClient, getExpireOpts(token1.hmacAsBase64String())); +DelegationTokenCommand.expireToken(adminClient, getExpireOpts(token2.hmacAsBase64String())); + +tokens = DelegationTokenCommand.describeToken(adminClient, getDescribeOpts("")); +assertEquals(0, tokens.size()); + +//create token with invalid renewer principal type +assertThrows(ExecutionException.class, () -> DelegationTokenCommand.createToken(adminClient, getCreateOpts("Group:Renewer3"))); + +// try describing tokens for unknown owner +assertTrue(DelegationTokenCommand.describeToken(adminClient, getDescribeOpts("User:Unknown")).isEmpty()); + +} + +private DelegationTokenCommand.DelegationTokenCommandOptions getCreateOpts(String renewer) { +String[] args = {"--bootstrap-server", "localhost:9092", "--max-life-time-period", "-1", "--command-config", "testfile", "--create", "--renewer-principal", renewer}; +return new DelegationTokenCommand.DelegationTokenCommandOptions(args); +} + +private DelegationTokenCommand.DelegationTokenCommandOptions getDescribeOpts(String owner) { +String[] args; +if (!owner.equals("")) { +args = new String[] {"--bootstrap-server", "localhost:9092", "--command-config", "testfile", "--describe","--owner-principal", owner}; Review Comment: ```suggestion args = new String[] {"--bootstrap-server", "localhost:9092", "--command-config", "testfile", "--describe", "--owner-principal", owner}; ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to G
[GitHub] [kafka] clolov commented on a diff in pull request #13172: KAFKA-14590: Move DelegationTokenCommand to tools
clolov commented on code in PR #13172: URL: https://github.com/apache/kafka/pull/13172#discussion_r1094686108 ## tools/src/main/java/org/apache/kafka/tools/DelegationTokenCommand.java: ## @@ -0,0 +1,306 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + *http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.kafka.tools; + +import java.io.IOException; +import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Base64; +import java.util.Collections; +import java.util.HashSet; +import java.util.List; +import java.util.Properties; +import java.util.concurrent.ExecutionException; +import joptsimple.AbstractOptionSpec; +import joptsimple.ArgumentAcceptingOptionSpec; +import joptsimple.OptionSpec; +import org.apache.kafka.clients.admin.Admin; +import org.apache.kafka.clients.admin.CreateDelegationTokenOptions; +import org.apache.kafka.clients.admin.CreateDelegationTokenResult; +import org.apache.kafka.clients.admin.DescribeDelegationTokenOptions; +import org.apache.kafka.clients.admin.DescribeDelegationTokenResult; +import org.apache.kafka.clients.admin.ExpireDelegationTokenOptions; +import org.apache.kafka.clients.admin.ExpireDelegationTokenResult; +import org.apache.kafka.clients.admin.RenewDelegationTokenOptions; +import org.apache.kafka.clients.admin.RenewDelegationTokenResult; +import org.apache.kafka.common.security.auth.KafkaPrincipal; +import org.apache.kafka.common.security.token.delegation.DelegationToken; +import org.apache.kafka.common.security.token.delegation.TokenInformation; +import org.apache.kafka.common.utils.Exit; +import org.apache.kafka.common.utils.SecurityUtils; +import org.apache.kafka.common.utils.Utils; +import org.apache.kafka.server.util.CommandDefaultOptions; +import org.apache.kafka.server.util.CommandLineUtils; + +public class DelegationTokenCommand { +public static void main(String... args) { +Exit.exit(mainNoExit(args)); +} + +static int mainNoExit(String... args) { +try { +execute(args); +return 0; +} catch (TerseException e) { +System.err.println(e.getMessage()); +return 1; +} catch (Throwable e) { +System.err.println("Error while executing delegation token command : " + e.getMessage()); +System.err.println(Utils.stackTrace(e)); +return 1; +} +} + +static void execute(String... args) throws Exception { +Admin adminClient = null; +try { +DelegationTokenCommandOptions opts = new DelegationTokenCommandOptions(args); +CommandLineUtils.maybePrintHelpOrVersion(opts, "This tool helps to create, renew, expire, or describe delegation tokens."); + +// should have exactly one action +int numberOfAction = 0; +for (Boolean opt : new Boolean[]{opts.hasCreateOpt(), opts.hasRenewOpt(), opts.hasExpireOpt(), opts.hasDescribeOpt()}) { +if (opt) { +numberOfAction++; +} +} +if (numberOfAction != 1) { +CommandLineUtils.printUsageAndExit(opts.parser, "Command must include exactly one action: --create, --renew, --expire or --describe"); +} + +opts.checkArgs(); + +adminClient = createAdminClient(opts); + +if (opts.hasCreateOpt()) { +createToken(adminClient, opts); +} else if (opts.hasRenewOpt()) { +renewToken(adminClient, opts); +} else if (opts.hasExpireOpt()) { +expireToken(adminClient, opts); +} else if (opts.hasDescribeOpt()) { +describeToken(adminClient, opts); +} + +} finally { +if (adminClient != null) +adminClient.close(); +} +} + +public static DelegationToken createToken(Admin adminClient, DelegationTokenCommandOptions opts) throws ExecutionException, InterruptedException { +List renewerPrincipals = getPrincipals(opts, opts.renewPrincipalsOpt); +Long maxLifeTimeMs = opts.options.valueOf(opts.maxLifeTimeOpt); + +System.out.println("Calling create token operation
[GitHub] [kafka] clolov commented on a diff in pull request #13172: KAFKA-14590: Move DelegationTokenCommand to tools
clolov commented on code in PR #13172: URL: https://github.com/apache/kafka/pull/13172#discussion_r1094685504 ## tools/src/main/java/org/apache/kafka/tools/DelegationTokenCommand.java: ## @@ -0,0 +1,306 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + *http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.kafka.tools; + +import java.io.IOException; +import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Base64; +import java.util.Collections; +import java.util.HashSet; +import java.util.List; +import java.util.Properties; +import java.util.concurrent.ExecutionException; +import joptsimple.AbstractOptionSpec; +import joptsimple.ArgumentAcceptingOptionSpec; +import joptsimple.OptionSpec; +import org.apache.kafka.clients.admin.Admin; +import org.apache.kafka.clients.admin.CreateDelegationTokenOptions; +import org.apache.kafka.clients.admin.CreateDelegationTokenResult; +import org.apache.kafka.clients.admin.DescribeDelegationTokenOptions; +import org.apache.kafka.clients.admin.DescribeDelegationTokenResult; +import org.apache.kafka.clients.admin.ExpireDelegationTokenOptions; +import org.apache.kafka.clients.admin.ExpireDelegationTokenResult; +import org.apache.kafka.clients.admin.RenewDelegationTokenOptions; +import org.apache.kafka.clients.admin.RenewDelegationTokenResult; +import org.apache.kafka.common.security.auth.KafkaPrincipal; +import org.apache.kafka.common.security.token.delegation.DelegationToken; +import org.apache.kafka.common.security.token.delegation.TokenInformation; +import org.apache.kafka.common.utils.Exit; +import org.apache.kafka.common.utils.SecurityUtils; +import org.apache.kafka.common.utils.Utils; +import org.apache.kafka.server.util.CommandDefaultOptions; +import org.apache.kafka.server.util.CommandLineUtils; + +public class DelegationTokenCommand { +public static void main(String... args) { +Exit.exit(mainNoExit(args)); +} + +static int mainNoExit(String... args) { +try { +execute(args); +return 0; +} catch (TerseException e) { +System.err.println(e.getMessage()); +return 1; +} catch (Throwable e) { +System.err.println("Error while executing delegation token command : " + e.getMessage()); +System.err.println(Utils.stackTrace(e)); +return 1; +} +} + +static void execute(String... args) throws Exception { +Admin adminClient = null; +try { +DelegationTokenCommandOptions opts = new DelegationTokenCommandOptions(args); +CommandLineUtils.maybePrintHelpOrVersion(opts, "This tool helps to create, renew, expire, or describe delegation tokens."); + +// should have exactly one action +int numberOfAction = 0; +for (Boolean opt : new Boolean[]{opts.hasCreateOpt(), opts.hasRenewOpt(), opts.hasExpireOpt(), opts.hasDescribeOpt()}) { +if (opt) { +numberOfAction++; +} +} +if (numberOfAction != 1) { +CommandLineUtils.printUsageAndExit(opts.parser, "Command must include exactly one action: --create, --renew, --expire or --describe"); +} + +opts.checkArgs(); + +adminClient = createAdminClient(opts); + +if (opts.hasCreateOpt()) { +createToken(adminClient, opts); +} else if (opts.hasRenewOpt()) { +renewToken(adminClient, opts); +} else if (opts.hasExpireOpt()) { +expireToken(adminClient, opts); +} else if (opts.hasDescribeOpt()) { +describeToken(adminClient, opts); +} + +} finally { +if (adminClient != null) +adminClient.close(); +} +} + +public static DelegationToken createToken(Admin adminClient, DelegationTokenCommandOptions opts) throws ExecutionException, InterruptedException { +List renewerPrincipals = getPrincipals(opts, opts.renewPrincipalsOpt); +Long maxLifeTimeMs = opts.options.valueOf(opts.maxLifeTimeOpt); + +System.out.println("Calling create token operation
[GitHub] [kafka] clolov commented on a diff in pull request #13172: KAFKA-14590: Move DelegationTokenCommand to tools
clolov commented on code in PR #13172: URL: https://github.com/apache/kafka/pull/13172#discussion_r1094680573 ## tools/src/main/java/org/apache/kafka/tools/DelegationTokenCommand.java: ## @@ -0,0 +1,306 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + *http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.kafka.tools; + +import java.io.IOException; +import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Base64; +import java.util.Collections; +import java.util.HashSet; +import java.util.List; +import java.util.Properties; +import java.util.concurrent.ExecutionException; +import joptsimple.AbstractOptionSpec; +import joptsimple.ArgumentAcceptingOptionSpec; +import joptsimple.OptionSpec; +import org.apache.kafka.clients.admin.Admin; +import org.apache.kafka.clients.admin.CreateDelegationTokenOptions; +import org.apache.kafka.clients.admin.CreateDelegationTokenResult; +import org.apache.kafka.clients.admin.DescribeDelegationTokenOptions; +import org.apache.kafka.clients.admin.DescribeDelegationTokenResult; +import org.apache.kafka.clients.admin.ExpireDelegationTokenOptions; +import org.apache.kafka.clients.admin.ExpireDelegationTokenResult; +import org.apache.kafka.clients.admin.RenewDelegationTokenOptions; +import org.apache.kafka.clients.admin.RenewDelegationTokenResult; +import org.apache.kafka.common.security.auth.KafkaPrincipal; +import org.apache.kafka.common.security.token.delegation.DelegationToken; +import org.apache.kafka.common.security.token.delegation.TokenInformation; +import org.apache.kafka.common.utils.Exit; +import org.apache.kafka.common.utils.SecurityUtils; +import org.apache.kafka.common.utils.Utils; +import org.apache.kafka.server.util.CommandDefaultOptions; +import org.apache.kafka.server.util.CommandLineUtils; + +public class DelegationTokenCommand { +public static void main(String... args) { +Exit.exit(mainNoExit(args)); +} + +static int mainNoExit(String... args) { +try { +execute(args); +return 0; +} catch (TerseException e) { +System.err.println(e.getMessage()); +return 1; +} catch (Throwable e) { +System.err.println("Error while executing delegation token command : " + e.getMessage()); +System.err.println(Utils.stackTrace(e)); +return 1; +} +} + +static void execute(String... args) throws Exception { +Admin adminClient = null; +try { +DelegationTokenCommandOptions opts = new DelegationTokenCommandOptions(args); +CommandLineUtils.maybePrintHelpOrVersion(opts, "This tool helps to create, renew, expire, or describe delegation tokens."); + +// should have exactly one action +int numberOfAction = 0; +for (Boolean opt : new Boolean[]{opts.hasCreateOpt(), opts.hasRenewOpt(), opts.hasExpireOpt(), opts.hasDescribeOpt()}) { +if (opt) { +numberOfAction++; +} +} +if (numberOfAction != 1) { +CommandLineUtils.printUsageAndExit(opts.parser, "Command must include exactly one action: --create, --renew, --expire or --describe"); +} + +opts.checkArgs(); + +adminClient = createAdminClient(opts); + +if (opts.hasCreateOpt()) { +createToken(adminClient, opts); +} else if (opts.hasRenewOpt()) { +renewToken(adminClient, opts); +} else if (opts.hasExpireOpt()) { +expireToken(adminClient, opts); +} else if (opts.hasDescribeOpt()) { +describeToken(adminClient, opts); +} + +} finally { +if (adminClient != null) +adminClient.close(); +} +} + +public static DelegationToken createToken(Admin adminClient, DelegationTokenCommandOptions opts) throws ExecutionException, InterruptedException { +List renewerPrincipals = getPrincipals(opts, opts.renewPrincipalsOpt); +Long maxLifeTimeMs = opts.options.valueOf(opts.maxLifeTimeOpt); + +System.out.println("Calling create token operation
[GitHub] [kafka] clolov commented on a diff in pull request #13172: KAFKA-14590: Move DelegationTokenCommand to tools
clolov commented on code in PR #13172: URL: https://github.com/apache/kafka/pull/13172#discussion_r1094680573 ## tools/src/main/java/org/apache/kafka/tools/DelegationTokenCommand.java: ## @@ -0,0 +1,306 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + *http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.kafka.tools; + +import java.io.IOException; +import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Base64; +import java.util.Collections; +import java.util.HashSet; +import java.util.List; +import java.util.Properties; +import java.util.concurrent.ExecutionException; +import joptsimple.AbstractOptionSpec; +import joptsimple.ArgumentAcceptingOptionSpec; +import joptsimple.OptionSpec; +import org.apache.kafka.clients.admin.Admin; +import org.apache.kafka.clients.admin.CreateDelegationTokenOptions; +import org.apache.kafka.clients.admin.CreateDelegationTokenResult; +import org.apache.kafka.clients.admin.DescribeDelegationTokenOptions; +import org.apache.kafka.clients.admin.DescribeDelegationTokenResult; +import org.apache.kafka.clients.admin.ExpireDelegationTokenOptions; +import org.apache.kafka.clients.admin.ExpireDelegationTokenResult; +import org.apache.kafka.clients.admin.RenewDelegationTokenOptions; +import org.apache.kafka.clients.admin.RenewDelegationTokenResult; +import org.apache.kafka.common.security.auth.KafkaPrincipal; +import org.apache.kafka.common.security.token.delegation.DelegationToken; +import org.apache.kafka.common.security.token.delegation.TokenInformation; +import org.apache.kafka.common.utils.Exit; +import org.apache.kafka.common.utils.SecurityUtils; +import org.apache.kafka.common.utils.Utils; +import org.apache.kafka.server.util.CommandDefaultOptions; +import org.apache.kafka.server.util.CommandLineUtils; + +public class DelegationTokenCommand { +public static void main(String... args) { +Exit.exit(mainNoExit(args)); +} + +static int mainNoExit(String... args) { +try { +execute(args); +return 0; +} catch (TerseException e) { +System.err.println(e.getMessage()); +return 1; +} catch (Throwable e) { +System.err.println("Error while executing delegation token command : " + e.getMessage()); +System.err.println(Utils.stackTrace(e)); +return 1; +} +} + +static void execute(String... args) throws Exception { +Admin adminClient = null; +try { +DelegationTokenCommandOptions opts = new DelegationTokenCommandOptions(args); +CommandLineUtils.maybePrintHelpOrVersion(opts, "This tool helps to create, renew, expire, or describe delegation tokens."); + +// should have exactly one action +int numberOfAction = 0; +for (Boolean opt : new Boolean[]{opts.hasCreateOpt(), opts.hasRenewOpt(), opts.hasExpireOpt(), opts.hasDescribeOpt()}) { +if (opt) { +numberOfAction++; +} +} +if (numberOfAction != 1) { +CommandLineUtils.printUsageAndExit(opts.parser, "Command must include exactly one action: --create, --renew, --expire or --describe"); +} + +opts.checkArgs(); + +adminClient = createAdminClient(opts); + +if (opts.hasCreateOpt()) { +createToken(adminClient, opts); +} else if (opts.hasRenewOpt()) { +renewToken(adminClient, opts); +} else if (opts.hasExpireOpt()) { +expireToken(adminClient, opts); +} else if (opts.hasDescribeOpt()) { +describeToken(adminClient, opts); +} + +} finally { +if (adminClient != null) +adminClient.close(); +} +} + +public static DelegationToken createToken(Admin adminClient, DelegationTokenCommandOptions opts) throws ExecutionException, InterruptedException { +List renewerPrincipals = getPrincipals(opts, opts.renewPrincipalsOpt); +Long maxLifeTimeMs = opts.options.valueOf(opts.maxLifeTimeOpt); + +System.out.println("Calling create token operation
[GitHub] [kafka] clolov commented on a diff in pull request #13172: KAFKA-14590: Move DelegationTokenCommand to tools
clolov commented on code in PR #13172: URL: https://github.com/apache/kafka/pull/13172#discussion_r1094680573 ## tools/src/main/java/org/apache/kafka/tools/DelegationTokenCommand.java: ## @@ -0,0 +1,306 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + *http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.kafka.tools; + +import java.io.IOException; +import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Base64; +import java.util.Collections; +import java.util.HashSet; +import java.util.List; +import java.util.Properties; +import java.util.concurrent.ExecutionException; +import joptsimple.AbstractOptionSpec; +import joptsimple.ArgumentAcceptingOptionSpec; +import joptsimple.OptionSpec; +import org.apache.kafka.clients.admin.Admin; +import org.apache.kafka.clients.admin.CreateDelegationTokenOptions; +import org.apache.kafka.clients.admin.CreateDelegationTokenResult; +import org.apache.kafka.clients.admin.DescribeDelegationTokenOptions; +import org.apache.kafka.clients.admin.DescribeDelegationTokenResult; +import org.apache.kafka.clients.admin.ExpireDelegationTokenOptions; +import org.apache.kafka.clients.admin.ExpireDelegationTokenResult; +import org.apache.kafka.clients.admin.RenewDelegationTokenOptions; +import org.apache.kafka.clients.admin.RenewDelegationTokenResult; +import org.apache.kafka.common.security.auth.KafkaPrincipal; +import org.apache.kafka.common.security.token.delegation.DelegationToken; +import org.apache.kafka.common.security.token.delegation.TokenInformation; +import org.apache.kafka.common.utils.Exit; +import org.apache.kafka.common.utils.SecurityUtils; +import org.apache.kafka.common.utils.Utils; +import org.apache.kafka.server.util.CommandDefaultOptions; +import org.apache.kafka.server.util.CommandLineUtils; + +public class DelegationTokenCommand { +public static void main(String... args) { +Exit.exit(mainNoExit(args)); +} + +static int mainNoExit(String... args) { +try { +execute(args); +return 0; +} catch (TerseException e) { +System.err.println(e.getMessage()); +return 1; +} catch (Throwable e) { +System.err.println("Error while executing delegation token command : " + e.getMessage()); +System.err.println(Utils.stackTrace(e)); +return 1; +} +} + +static void execute(String... args) throws Exception { +Admin adminClient = null; +try { +DelegationTokenCommandOptions opts = new DelegationTokenCommandOptions(args); +CommandLineUtils.maybePrintHelpOrVersion(opts, "This tool helps to create, renew, expire, or describe delegation tokens."); + +// should have exactly one action +int numberOfAction = 0; +for (Boolean opt : new Boolean[]{opts.hasCreateOpt(), opts.hasRenewOpt(), opts.hasExpireOpt(), opts.hasDescribeOpt()}) { +if (opt) { +numberOfAction++; +} +} +if (numberOfAction != 1) { +CommandLineUtils.printUsageAndExit(opts.parser, "Command must include exactly one action: --create, --renew, --expire or --describe"); +} + +opts.checkArgs(); + +adminClient = createAdminClient(opts); + +if (opts.hasCreateOpt()) { +createToken(adminClient, opts); +} else if (opts.hasRenewOpt()) { +renewToken(adminClient, opts); +} else if (opts.hasExpireOpt()) { +expireToken(adminClient, opts); +} else if (opts.hasDescribeOpt()) { +describeToken(adminClient, opts); +} + +} finally { +if (adminClient != null) +adminClient.close(); +} +} + +public static DelegationToken createToken(Admin adminClient, DelegationTokenCommandOptions opts) throws ExecutionException, InterruptedException { +List renewerPrincipals = getPrincipals(opts, opts.renewPrincipalsOpt); +Long maxLifeTimeMs = opts.options.valueOf(opts.maxLifeTimeOpt); + +System.out.println("Calling create token operation
[GitHub] [kafka] clolov commented on a diff in pull request #13172: KAFKA-14590: Move DelegationTokenCommand to tools
clolov commented on code in PR #13172: URL: https://github.com/apache/kafka/pull/13172#discussion_r1094656127 ## build.gradle: ## @@ -1763,6 +1763,7 @@ project(':tools') { implementation libs.jacksonJDK8Datatypes implementation libs.slf4jApi implementation libs.log4j +implementation libs.joptSimple Review Comment: If you rebase on trunk there won't be a need for this anymore 😊 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org