Re: Review Request 72529: RANGER-2832 KafkaAuditProvider - support for the "new" kafka producer and ssl configuration

[Tristan Stevens via Review Board]

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72529/#review222269
-----------------------------------------------------------



I'd suggest we also add an ability to specify any generic Kafka properties, for 
example:
```
xasecure.audit.kafka.mycustomproperty=value
```
would then get put into the `kafkaProps` hashmap.
This means we don't need to update Ranger everytime we find a new Kafka 
property that we don't yet have a config setting for.

- Tristan Stevens


On May 20, 2020, 7:40 a.m., Krzysztof Zmij wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72529/
> -----------------------------------------------------------
> 
> (Updated May 20, 2020, 7:40 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Update KafkaAuditProvider to work with kafka producer version 0.8.2 and above 
> (configiraton parameters name have been changed) + add ssl
> 
> 
> Diffs
> -----
> 
>   
> agents-audit/src/main/java/org/apache/ranger/audit/provider/kafka/KafkaAuditProvider.java
>  a0c25427a 
> 
> 
> Diff: https://reviews.apache.org/r/72529/diff/1/
> 
> 
> Testing
> -------
> 
> Audit to kafka (version 0.8.2 and above):
> ranger-<sink-type>-audit.xml
> 
> ```xml
> <?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
> <configuration xmlns:xi="http://www.w3.org/2001/XInclude";>
>   <property>
>     <name>xasecure.audit.is.enabled</name>
>     <value>true</value>
>   </property>
>   <!-- Kafka audit provider configuration -->
>   <property>
>     <name>xasecure.audit.kafka.is.enabled</name>
>     <value>true</value>
>   </property>
> 
>   <property>
>     <name>xasecure.audit.kafka.async.max.queue.size</name>
>     <value>1</value>
>   </property>
> 
>   <property>
>     <name>xasecure.audit.kafka.async.max.flush.interval.ms</name>
>     <value>1000</value>
>   </property>
> 
>   <property>
>     <name>xasecure.audit.kafka.broker_list</name>
>     <value>localhost:9092</value>
>   </property>
> ```
> 
> with ssl https://kafka.apache.org/documentation/#security:
> 
> ```xml
> <?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
> <configuration xmlns:xi="http://www.w3.org/2001/XInclude";>
>   <property>
>     <name>xasecure.audit.is.enabled</name>
>     <value>true</value>
>   </property>
>   <!-- Kafka audit provider configuration -->
>   <property>
>     <name>xasecure.audit.kafka.is.enabled</name>
>     <value>true</value>
>   </property>
> 
>   <property>
>     <name>xasecure.audit.kafka.async.max.queue.size</name>
>     <value>1</value>
>   </property>
> 
>   <property>
>     <name>xasecure.audit.kafka.async.max.flush.interval.ms</name>
>     <value>1000</value>
>   </property>
> 
>   <property>
>     <name>xasecure.audit.kafka.broker_list</name>
>     <value>localhost:9092</value>
>   </property>
> 
>   <property>
>     <name>xasecure.audit.kafka.topic_name</name>
>     <value>ranger_audits</value>
>   </property>
> 
>   <property>
>     <name>xasecure.audit.kafka.security.protocol</name>
>     <value>SSL</value>
>   </property>
> 
>   <property>
>     <name>xasecure.audit.kafka.ssl.keystore.location</name>
>     <value>server.keystore.jks</value>
>   </property>
> 
>   <property>
>     <name>xasecure.audit.kafka.ssl.keystore.password</name>
>     <value>....</value>
>   </property>
> 
>   <property>
>     <name>xasecure.audit.kafka.ssl.key.password</name>
>     <value>....</value>
>   </property>
> 
>   <property>
>     <name>xasecure.audit.kafka.ssl.truststore.location</name>
>     <value>server.truststore.jks</value>
>   </property>
> 
>   <property>
>     <name>xasecure.audit.kafka.ssl.truststore.password</name>
>     <value>....</value>
>   </property>
> 
> </configuration>
> ```
> 
> 
> Thanks,
> 
> Krzysztof Zmij
> 
>