| { |
| "services": [ |
| { |
| "name": "KAFKA", |
| "identities": [ |
| { |
| "name": "/smokeuser" |
| } |
| ], |
| "configurations": [ |
| { |
| "kafka-broker": { |
| "authorizer.class.name": "kafka.security.auth.SimpleAclAuthorizer", |
| "principal.to.local.class":"kafka.security.auth.KerberosPrincipalToLocal", |
| "super.users": "user:${kafka-env/kafka_user}", |
| "security.inter.broker.protocol": "PLAINTEXTSASL", |
| "zookeeper.set.acl": "true" |
| } |
| }, |
| { |
| "ranger-kafka-audit": { |
| "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule", |
| "xasecure.audit.jaas.Client.loginModuleControlFlag": "required", |
| "xasecure.audit.jaas.Client.option.useKeyTab": "true", |
| "xasecure.audit.jaas.Client.option.storeKey": "false", |
| "xasecure.audit.jaas.Client.option.serviceName": "solr", |
| "xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true" |
| } |
| } |
| ], |
| "components": [ |
| { |
| "name": "KAFKA_BROKER", |
| "identities": [ |
| { |
| "name": "kafka_broker", |
| "principal": { |
| "value": "${kafka-env/kafka_user}/_HOST@${realm}", |
| "type": "service", |
| "configuration": "kafka-env/kafka_principal_name" |
| }, |
| "keytab": { |
| "file": "${keytab_dir}/kafka.service.keytab", |
| "owner": { |
| "name": "${kafka-env/kafka_user}", |
| "access": "r" |
| }, |
| "group": { |
| "name": "${cluster-env/user_group}", |
| "access": "" |
| }, |
| "configuration": "kafka-env/kafka_keytab" |
| } |
| }, |
| { |
| "name": "/KAFKA/KAFKA_BROKER/kafka_broker", |
| "principal": { |
| "configuration": "ranger-kafka-audit/xasecure.audit.jaas.Client.option.principal" |
| }, |
| "keytab": { |
| "configuration": "ranger-kafka-audit/xasecure.audit.jaas.Client.option.keyTab" |
| } |
| } |
| ] |
| } |
| ] |
| } |
| ] |
| } |