Re: Review Request 49665: authorizer.class.name not being set on secure kafka clusters

Wed, 06 Jul 2016 05:41:38 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/49665/
-----------------------------------------------------------

(Updated July 6, 2016, 8:41 a.m.)


Review request for Ambari, Alejandro Fernandez, Srimanth Gunturi, Tim Thorpe, 
and Vitalyi Brodetskyi.


Bugs: AMBARI-17479
    https://issues.apache.org/jira/browse/AMBARI-17479


Repository: ambari


Description
-------

The `kafka-broker/authorizer.class.name` property is not being set properly 
when Kerberos is enabled.

The following logic should be followed:
```
if Kerberos is enabled
  if ranger-kafka-plugin-properties/ranger-kafka-plugin-enabled == yes
    set authorizer.class.name to 
"org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer"
  else
    set authorizer.class.name to "kafka.security.auth.SimpleAclAuthorizer"
else
  remove authorizer.class.name
```

This should be updated in the stack advisor code. 

While at it, configurations from Kafka's `kerberos.json` file should be moved 
to the stack advisor to help ensure properties are set in the the same place to 
help with code maintenance and consistency.


Diffs
-----

  ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py 
06f7cfe 
  ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py 
879008b 
  ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py 2944f6f 

Diff: https://reviews.apache.org/r/49665/diff/


Testing (updated)
-------

Manually tested

#Jenkins test results: 

```
{color:green}+1 overall{color}.  Here are the results of testing the latest 
attachment 
  
http://issues.apache.org/jira/secure/attachment/12816328/AMBARI-17479_trunk_01.patch
  against trunk revision .

    {color:green}+1 @author{color}.  The patch does not contain any @author 
tags.

    {color:green}+1 tests included{color}.  The patch appears to include 1 new 
or modified test files.

    {color:green}+1 javac{color}.  The applied patch does not increase the 
total number of javac compiler warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase 
the total number of release audit warnings.

    {color:green}+1 core tests{color}.  The patch passed unit tests in 
ambari-server.
```


Thanks,

Robert Levas

Reply via email to