Phase 5 b: Fix - AclAuthorizer lvm/zookeeper-kraft-migration--mit-sasl
authorKai Moritz <kai@juplo.de>
Mon, 26 May 2025 20:20:56 +0000 (22:20 +0200)
committerKai Moritz <kai@juplo.de>
Mon, 26 May 2025 20:21:01 +0000 (22:21 +0200)
--
TODO: Wahrscheinlich von Beginn an nicht nötig.
Grund: Auf die Controller wird nur von den Brokern zugegriffen und die agieren als Superuser!

docker-compose.yml

index 793d05b..eedadb3 100644 (file)
@@ -11,7 +11,6 @@ services:
       KAFKA_INTER_BROKER_LISTENER_NAME: BROKER
       KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: CONTROLLER:SASL_PLAINTEXT, BROKER:SASL_PLAINTEXT
       KAFKA_SUPER_USERS: User:controller;User:broker
-      KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer
       KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false"
       KAFKA_LISTENER_NAME_CONTROLLER_PLAIN_SASL_JAAS_CONFIG: >-
         org.apache.kafka.common.security.plain.PlainLoginModule required
@@ -43,7 +42,6 @@ services:
       KAFKA_INTER_BROKER_LISTENER_NAME: BROKER
       KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: CONTROLLER:SASL_PLAINTEXT, BROKER:SASL_PLAINTEXT
       KAFKA_SUPER_USERS: User:controller;User:broker
-      KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer
       KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false"
       KAFKA_LISTENER_NAME_CONTROLLER_PLAIN_SASL_JAAS_CONFIG: >-
         org.apache.kafka.common.security.plain.PlainLoginModule required
@@ -75,7 +73,6 @@ services:
       KAFKA_INTER_BROKER_LISTENER_NAME: BROKER
       KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: CONTROLLER:SASL_PLAINTEXT, BROKER:SASL_PLAINTEXT
       KAFKA_SUPER_USERS: User:controller;User:broker
-      KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer
       KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false"
       KAFKA_LISTENER_NAME_CONTROLLER_PLAIN_SASL_JAAS_CONFIG: >-
         org.apache.kafka.common.security.plain.PlainLoginModule required