def write_krb5_config_file( task: str, filename: str, krb5: sdk_auth.KerberosEnvironment, ) -> str: """ Generate a Kerberos config file. """ output_file = filename log.info("Generating %s", output_file) krb5_file_contents = [ "[libdefaults]", "default_realm = {}".format(krb5.get_realm()), "", "[realms]", " {realm} = {{".format(realm=krb5.get_realm()), " kdc = {}".format(krb5.get_kdc_address()), " }", ] log.info("%s", krb5_file_contents) output = sdk_cmd.create_task_text_file(task, output_file, krb5_file_contents) log.info(output) return output_file
def _get_service_options( allow_access_if_no_acl: bool, kerberos: sdk_auth.KerberosEnvironment, zookeeper_dns: typing.List[str], ) -> typing.Dict: service_options = { "service": { "name": config.SERVICE_NAME, "security": { "kerberos": { "enabled": True, "enabled_for_zookeeper": True, "kdc": { "hostname": kerberos.get_host(), "port": int(kerberos.get_port()) }, "realm": kerberos.get_realm(), "keytab_secret": kerberos.get_keytab_path(), }, "authorization": { "enabled": True, "super_users": "User:{}".format("super"), "allow_everyone_if_no_acl_found": allow_access_if_no_acl, }, }, }, "kafka": { "kafka_zookeeper_uri": ",".join(zookeeper_dns) }, } return service_options
def test_forward_kerberos_on_tls_off_plaintext_off( kerberized_kafka_client: client.KafkaClient, kerberos: sdk_auth.KerberosEnvironment ): update_options = { "service": { "security": { "kerberos": { "enabled": True, "kdc": {"hostname": kerberos.get_host(), "port": int(kerberos.get_port())}, "realm": kerberos.get_realm(), "keytab_secret": kerberos.get_keytab_path(), } } } } update_service(config.PACKAGE_NAME, config.SERVICE_NAME, update_options) assert kerberized_kafka_client.connect(config.DEFAULT_BROKER_COUNT) kerberized_kafka_client.check_users_can_read_and_write([TLS_USER], TOPIC_NAME)
def _get_kerberos_options(kerberos: sdk_auth.KerberosEnvironment) -> dict: options = { "container": { "volumes": [ { "containerPath": "/tmp/kafkaconfig/kafka-client.keytab", "secret": "kafka_keytab", } ] }, "secrets": {"kafka_keytab": {"source": kerberos.get_keytab_path()}}, } return options