def _get_service_options(
allow_access_if_no_acl: bool,
kerberos: sdk_auth.KerberosEnvironment,
zookeeper_dns: typing.List[str],
) -> typing.Dict:
service_options = {
"service": {
"name": config.SERVICE_NAME,
"security": {
"kerberos": {
"enabled": True,
"enabled_for_zookeeper": True,
"kdc": {
"hostname": kerberos.get_host(),
"port": int(kerberos.get_port())
},
"realm": kerberos.get_realm(),
"keytab_secret": kerberos.get_keytab_path(),
},
"authorization": {
"enabled": True,
"super_users": "User:{}".format("super"),
"allow_everyone_if_no_acl_found": allow_access_if_no_acl,
},
},
},
"kafka": {
"kafka_zookeeper_uri": ",".join(zookeeper_dns)
},
}
return service_options
def test_forward_kerberos_on_tls_off_plaintext_off(
kerberized_kafka_client: client.KafkaClient, kerberos: sdk_auth.KerberosEnvironment
):
update_options = {
"service": {
"security": {
"kerberos": {
"enabled": True,
"kdc": {"hostname": kerberos.get_host(), "port": int(kerberos.get_port())},
"realm": kerberos.get_realm(),
"keytab_secret": kerberos.get_keytab_path(),
}
}
}
}
update_service(config.PACKAGE_NAME, config.SERVICE_NAME, update_options)
assert kerberized_kafka_client.connect(config.DEFAULT_BROKER_COUNT)
kerberized_kafka_client.check_users_can_read_and_write([TLS_USER], TOPIC_NAME)