Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
Description
if ranger_plugin_enabled:
- If ranger-kafka-plugin-properties/ranger-kafka-plugin-enabled,
- determine if the Ranger/Kafka plug-in enabled enabled or not
if 'ranger-kafka-plugin-properties' in configurations and \
'ranger-kafka-plugin-enabled' in configurations['ranger-kafka-plugin-properties']['properties']:
ranger_plugin_enabled = configurations['ranger-kafka-plugin-properties']['properties']['ranger-kafka-plugin-enabled'].lower() == 'yes' - If ranger-kafka-plugin-properties/ranger-kafka-plugin-enabled was not changed,
- determine if the Ranger/Kafka plug-in enabled enabled or not
elif 'ranger-kafka-plugin-properties' in services['configurations'] and \
'ranger-kafka-plugin-enabled' in services['configurations']['ranger-kafka-plugin-properties']['properties']:
ranger_plugin_enabled = services['configurations']['ranger-kafka-plugin-properties']['properties']['ranger-kafka-plugin-enabled'].lower() == 'yes'
- Determine the value for kafka-broker/authorizer.class.name
if ranger_plugin_enabled: - If the Ranger plugin for Kafka is enabled, set authorizer.class.name to
- "org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer" whether Kerberos is
- enabled or not.
putKafkaBrokerProperty("authorizer.class.name", 'org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer')
elif security_enabled:
putKafkaBrokerProperty("authorizer.class.name", 'kafka.security.auth.SimpleAclAuthorizer')
else:
putKafkaBrokerAttributes('authorizer.class.name', 'delete', 'true')
In the above code after ranger_plugin_enabled is true and inside conditions don't match then also we set authorizer.class.name to RangerKafakAuthorizer. So, to avoid this after checking ranger_plugin_enabled set to false and then continue with code checking
Attachments
Attachments
Issue Links
- links to