--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+##########
+# Broker ID
+##########
+broker.id=0
+node.id=0
+
+##########
+# Zookeeper
+##########
+zookeeper.connect=zookeeper-1:2181
+zookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
+
+##########
+# Kafka message logs configuration
+##########
+log.dirs=/tmp/logs
+
+##########
+# Listener configuration: SASL-9097
+##########
+listener.name.sasl-9097.oauthbearer.sasl.server.callback.handler.class=io.strimzi.kafka.oauth.server.JaasServerOauthValidatorCallbackHandler
+listener.name.sasl-9097.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required unsecuredLoginStringClaim_sub="thePrincipalName" oauth.valid.issuer.uri="https://keycloak:8443/realms/nonrtric-realm" oauth.jwks.endpoint.uri="http://keycloak:8080/realms/nonrtric-realm/protocol/openid-connect/certs" oauth.username.claim="preferred_username" oauth.config.id="SASL-9097";
+listener.name.sasl-9097.plain.sasl.server.callback.handler.class=io.strimzi.kafka.oauth.server.plain.JaasServerOauthOverPlainValidatorCallbackHandler
+listener.name.sasl-9097.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required oauth.valid.issuer.uri="https://keycloak:8443/realms/nonrtric-realm" oauth.jwks.endpoint.uri="http://keycloak:8080/realms/nonrtric-realm/protocol/openid-connect/certs" oauth.username.claim="preferred_username" oauth.config.id="SASL-9097";
+listener.name.sasl-9097.sasl.enabled.mechanisms=OAUTHBEARER,PLAIN
+listener.name.sasl-9097.connections.max.reauth.ms=300000
+
+
+principal.builder.class=io.strimzi.kafka.oauth.server.OAuthKafkaPrincipalBuilder
+
+##########
+# Common listener configuration
+##########
+listener.security.protocol.map=PLAIN-9092:PLAINTEXT,SASL-9097:SASL_PLAINTEXT
+listeners=PLAIN-9092://:9092,SASL-9097://:9097
+advertised.listeners=PLAIN-9092://kafka-1:9092,SASL-9097://kafka-1:9097
+inter.broker.listener.name=PLAIN-9092
+sasl.enabled.mechanisms=
+
+##########
+# Authorization
+##########
+authorizer.class.name=org.openpolicyagent.kafka.OpaAuthorizer
+opa.authorizer.url=http://opa-kafka:8181/v1/data/kafka/authz/allow
+opa.authorizer.allow.on.error=false
+opa.authorizer.metrics.enabled=false
+opa.authorizer.cache.initial.capacity=5000
+opa.authorizer.cache.maximum.size=50000
+opa.authorizer.cache.expire.after.seconds=3600
+
+##########
+# User provided configuration
+##########
+default.replication.factor=1
+inter.broker.protocol.version=3.3
+min.insync.replicas=1
+offsets.topic.replication.factor=1
+transaction.state.log.min.isr=1
+transaction.state.log.replication.factor=1
+log.message.format.version=3.3
Code Review / nonrtric / plt / ranpm.git / blobdiff