kirktrue commented on a change in pull request #11284: URL: https://github.com/apache/kafka/pull/11284#discussion_r734095192
########## File path: clients/src/main/java/org/apache/kafka/common/config/SaslConfigs.java ########## @@ -75,30 +78,111 @@ public static final String SASL_LOGIN_REFRESH_WINDOW_FACTOR_DOC = "Login refresh thread will sleep until the specified window factor relative to the" + " credential's lifetime has been reached, at which time it will try to refresh the credential." + " Legal values are between 0.5 (50%) and 1.0 (100%) inclusive; a default value of 0.8 (80%) is used" - + " if no value is specified. Currently applies only to OAUTHBEARER."; + + " if no value is specified." + + OAUTHBEARER_NOTE; public static final double DEFAULT_LOGIN_REFRESH_WINDOW_FACTOR = 0.80; public static final String SASL_LOGIN_REFRESH_WINDOW_JITTER = "sasl.login.refresh.window.jitter"; public static final String SASL_LOGIN_REFRESH_WINDOW_JITTER_DOC = "The maximum amount of random jitter relative to the credential's lifetime" + " that is added to the login refresh thread's sleep time. Legal values are between 0 and 0.25 (25%) inclusive;" - + " a default value of 0.05 (5%) is used if no value is specified. Currently applies only to OAUTHBEARER."; + + " a default value of 0.05 (5%) is used if no value is specified." + + OAUTHBEARER_NOTE; public static final double DEFAULT_LOGIN_REFRESH_WINDOW_JITTER = 0.05; public static final String SASL_LOGIN_REFRESH_MIN_PERIOD_SECONDS = "sasl.login.refresh.min.period.seconds"; public static final String SASL_LOGIN_REFRESH_MIN_PERIOD_SECONDS_DOC = "The desired minimum time for the login refresh thread to wait before refreshing a credential," + " in seconds. Legal values are between 0 and 900 (15 minutes); a default value of 60 (1 minute) is used if no value is specified. This value and " + " sasl.login.refresh.buffer.seconds are both ignored if their sum exceeds the remaining lifetime of a credential." - + " Currently applies only to OAUTHBEARER."; + + OAUTHBEARER_NOTE; public static final short DEFAULT_LOGIN_REFRESH_MIN_PERIOD_SECONDS = 60; public static final String SASL_LOGIN_REFRESH_BUFFER_SECONDS = "sasl.login.refresh.buffer.seconds"; public static final String SASL_LOGIN_REFRESH_BUFFER_SECONDS_DOC = "The amount of buffer time before credential expiration to maintain when refreshing a credential," + " in seconds. If a refresh would otherwise occur closer to expiration than the number of buffer seconds then the refresh will be moved up to maintain" + " as much of the buffer time as possible. Legal values are between 0 and 3600 (1 hour); a default value of 300 (5 minutes) is used if no value is specified." + " This value and sasl.login.refresh.min.period.seconds are both ignored if their sum exceeds the remaining lifetime of a credential." - + " Currently applies only to OAUTHBEARER."; + + OAUTHBEARER_NOTE; public static final short DEFAULT_LOGIN_REFRESH_BUFFER_SECONDS = 300; + public static final String SASL_LOGIN_CONNECT_TIMEOUT_MS = "sasl.login.connect.timeout.ms"; + public static final String SASL_LOGIN_CONNECT_TIMEOUT_MS_DOC = "The (optional) value in milliseconds for the external authentication provider connection timeout." + + OAUTHBEARER_NOTE; + + public static final String SASL_LOGIN_READ_TIMEOUT_MS = "sasl.login.read.timeout.ms"; + public static final String SASL_LOGIN_READ_TIMEOUT_MS_DOC = "The (optional) value in milliseconds for the external authentication provider read timeout." + + OAUTHBEARER_NOTE; + + // These are only specified here outside their normal groupings so that they can be + // forward referencing. + public static final String SASL_LOGIN_RETRY_BACKOFF_MS = "sasl.login.retry.backoff.ms"; + public static final String SASL_LOGIN_RETRY_BACKOFF_MAX_MS = "sasl.login.retry.backoff.max.ms"; + + private static final String EXPONENTIAL_BACKOFF_NOTE = " Login uses an exponential backoff algorithm with an initial wait based on the" + + " " + SASL_LOGIN_RETRY_BACKOFF_MS + + " setting and will double in wait length between attempts up to a maximum wait length specified by the" + + " " + SASL_LOGIN_RETRY_BACKOFF_MAX_MS + + " setting."; + + public static final long DEFAULT_SASL_LOGIN_RETRY_BACKOFF_MAX_MS = 10000; + public static final String SASL_LOGIN_RETRY_BACKOFF_MAX_MS_DOC = "The (optional) value in milliseconds for the maximum wait between login attempts to the" + + " external authentication provider." + + EXPONENTIAL_BACKOFF_NOTE; + + public static final long DEFAULT_SASL_LOGIN_RETRY_BACKOFF_MS = 100; + public static final String SASL_LOGIN_RETRY_BACKOFF_MS_DOC = "The (optional) value in milliseconds for the initial wait between login attempts to the external" + + " authentication provider." + + EXPONENTIAL_BACKOFF_NOTE; + + public static final String SASL_OAUTHBEARER_SCOPE_CLAIM_NAME = "sasl.oauthbearer.scope.claim.name"; + public static final String DEFAULT_SASL_OAUTHBEARER_SCOPE_CLAIM_NAME = "scope"; + public static final String SASL_OAUTHBEARER_SCOPE_CLAIM_NAME_DOC = "The OAuth claim for the scope is often named \"" + DEFAULT_SASL_OAUTHBEARER_SCOPE_CLAIM_NAME + "\", but this (optional)" + + " setting can provide a different name to use for the scope included in the JWT payload's claims if the OAuth/OIDC provider uses a different" + + " name for that claim."; + + public static final String SASL_OAUTHBEARER_SUB_CLAIM_NAME = "sasl.oauthbearer.sub.claim.name"; + public static final String DEFAULT_SASL_OAUTHBEARER_SUB_CLAIM_NAME = "sub"; + public static final String SASL_OAUTHBEARER_SUB_CLAIM_NAME_DOC = "The OAuth claim for the subject is often named \"" + DEFAULT_SASL_OAUTHBEARER_SUB_CLAIM_NAME + "\", but this (optional)" + + " setting can provide a different name to use for the subject included in the JWT payload's claims if the OAuth/OIDC provider uses a different" + + " name for that claim."; + + public static final String SASL_OAUTHBEARER_TOKEN_ENDPOINT_URI = "sasl.oauthbearer.token.endpoint.uri"; + public static final String SASL_OAUTHBEARER_TOKEN_ENDPOINT_URI_DOC = "The URL for the OAuth/OIDC identity provider. If the URL is HTTP(S)-based, it is the issuer's token" + + " endpoint URI to which requests will be made to login based on the configuration in " + SASL_JAAS_CONFIG + ". If the URL is file-based, it" + + " specifies a file containing an access token (in JWT serialized form) issued by the OAuth/OIDC identity provider to use for authorization."; + + // These are only specified here outside their normal groupings so that they can be + // forward referencing. + public static final String SASL_OAUTHBEARER_JWKS_ENDPOINT_URI = "sasl.oauthbearer.jwks.endpoint.uri"; + public static final String SASL_OAUTHBEARER_JWKS_ENDPOINT_REFRESH_MS = "sasl.oauthbearer.jwks.endpoint.refresh.ms"; Review comment: I have rearranged the ordering to be consistent with the existing structure. This meant that I had to reference the name in a string literal vs. using a reference to the name, but 🤷 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org