1 # ============LICENSE_START===============================================
2 # Copyright (C) 2023 Nordix Foundation. All rights reserved.
3 # ========================================================================
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15 # ============LICENSE_END=================================================
27 zookeeper.connect=zookeeper-1:2181
28 zookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
31 # Kafka message logs configuration
36 # Listener configuration: SASL-9097
38 listener.name.sasl-9097.oauthbearer.sasl.server.callback.handler.class=io.strimzi.kafka.oauth.server.JaasServerOauthValidatorCallbackHandler
39 listener.name.sasl-9097.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required unsecuredLoginStringClaim_sub="thePrincipalName" oauth.valid.issuer.uri="https://keycloak:8443/realms/nonrtric-realm" oauth.jwks.endpoint.uri="http://keycloak:8080/realms/nonrtric-realm/protocol/openid-connect/certs" oauth.username.claim="preferred_username" oauth.config.id="SASL-9097";
40 listener.name.sasl-9097.plain.sasl.server.callback.handler.class=io.strimzi.kafka.oauth.server.plain.JaasServerOauthOverPlainValidatorCallbackHandler
41 listener.name.sasl-9097.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required oauth.valid.issuer.uri="https://keycloak:8443/realms/nonrtric-realm" oauth.jwks.endpoint.uri="http://keycloak:8080/realms/nonrtric-realm/protocol/openid-connect/certs" oauth.username.claim="preferred_username" oauth.config.id="SASL-9097";
42 listener.name.sasl-9097.sasl.enabled.mechanisms=OAUTHBEARER,PLAIN
43 listener.name.sasl-9097.connections.max.reauth.ms=300000
46 principal.builder.class=io.strimzi.kafka.oauth.server.OAuthKafkaPrincipalBuilder
49 # Common listener configuration
51 listener.security.protocol.map=PLAIN-9092:PLAINTEXT,SASL-9097:SASL_PLAINTEXT
52 listeners=PLAIN-9092://:9092,SASL-9097://:9097
53 advertised.listeners=PLAIN-9092://kafka-1:9092,SASL-9097://kafka-1:9097
54 inter.broker.listener.name=PLAIN-9092
55 sasl.enabled.mechanisms=
60 authorizer.class.name=org.openpolicyagent.kafka.OpaAuthorizer
61 opa.authorizer.url=http://opa-kafka:8181/v1/data/kafka/authz/allow
62 opa.authorizer.allow.on.error=false
63 opa.authorizer.metrics.enabled=false
64 opa.authorizer.cache.initial.capacity=5000
65 opa.authorizer.cache.maximum.size=50000
66 opa.authorizer.cache.expire.after.seconds=3600
69 # User provided configuration
71 default.replication.factor=1
72 inter.broker.protocol.version=3.3
74 offsets.topic.replication.factor=1
75 transaction.state.log.min.isr=1
76 transaction.state.log.replication.factor=1
77 log.message.format.version=3.3