// CreateDelegationTokenRequest issues a request to create a delegation token.
//
// Creating delegation tokens allows for an (ideally) quicker and easier method
// of enabling authorization for a wide array of clients. Rather than having to
// manage many passwords external to Kafka, you only need to manage a few
// accounts and use those to create delegation tokens per client.
//
// Note that delegation tokens inherit the same ACLs as the user creating the
// token. Thus, if you want to properly scope ACLs, you should not create
// delegation tokens with admin accounts.
//
// Delegation tokens live inside of Kafka and use SASL SCRAM-SHA-256 for
// authorization.
CreateDelegationTokenRequest => key 38, max version 3, flexible v2+
  // The principal type of the owner of the token. If null, this defaults
  // to the token request principal.
  OwnerPrincipalType: nullable-string // v3+
  // Principal name of the owner of the token. If null, this defaults to
  // the token request principal.
  OwnerPrincipalName: nullable-string // v3+
  // Renewers is a list of who can renew this delegation token. If empty, the
  // default is the principal (user) who created the token.
  Renewers: [=>]
    // PrincipalType is the "type" this principal is. This must be "User".
    PrincipalType: string
    // PrincipalName is the user name allowed to renew the returned token.
    PrincipalName: string
  // MaxLifetimeMillis is how long this delegation token will be valid for.
  // If -1, the default will be the server's delegation.token.max.lifetime.ms.
  MaxLifetimeMillis: int64

// CreateDelegationTokenResponse is a response to a CreateDelegationTokenRequest.
CreateDelegationTokenResponse =>
  // ErrorCode is any error that caused the request to fail.
  ErrorCode: int16
  // PrincipalType is the type of principal that granted this delegation token.
  // This will always be "User" with the simple authorizer.
  PrincipalType: string
  // PrincipalName is the name of the principal that granted this delegation
  // token.
  PrincipalName: string
  // The principal type of the requester of the token.
  TokenRequesterPrincipalType: string // v3+
  // The principal name of the requester token.
  TokenRequesterPrincipalName: string // v3+
  // IssueTimestamp is the millisecond timestamp this delegation token was
  // issued.
  IssueTimestamp: int64
  // ExpiryTimestamp is the millisecond timestamp this token will expire. The
  // token can be renewed up to MaxTimestamp, past which point, it will be
  // invalid. The Kafka default is 24h.
  ExpiryTimestamp: int64
  // MaxTimestamp is the millisecond timestamp past which this token cannot
  // be renewed.
  MaxTimestamp: int64
  // TokenID is the ID of this token; this will be used as the username for
  // scram authentication.
  TokenID: string
  // HMAC is the password of this token; this will be used as the password for
  // scram authentication.
  HMAC: bytes
  ThrottleMillis(1)
