[GITHUB-58] Support Authorization logs

sansible · Sep 8, 2020 · 63000e7 · 63000e7
1 parent e76d511
commit 63000e7
Show file tree

Hide file tree

Showing 12 changed files with 81 additions and 49 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,6 @@
 ## IDEs, editors, ...
 .\#*
+.vscode
 .DS_Store
 .idea
 .project

diff --git a/.travis.yml b/.travis.yml
@@ -15,9 +15,9 @@ branches:
     - master
 
 env:
-  - ANSIBLE_INSTALL_VERSION=2.7.15
-  - ANSIBLE_INSTALL_VERSION=2.8.7
-  - ANSIBLE_INSTALL_VERSION=2.9.1
+  - ANSIBLE_INSTALL_VERSION=2.7.17
+  - ANSIBLE_INSTALL_VERSION=2.8.15
+  - ANSIBLE_INSTALL_VERSION=2.9.13
 
 services:
   - docker

diff --git a/.yamllint b/.yamllint
@@ -0,0 +1,35 @@
+---
+# Based on ansible-lint config
+extends: default
+ignore: .venv_ansible*
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  colons:
+    max-spaces-after: -1
+    level: error
+  commas:
+    max-spaces-after: -1
+    level: error
+  comments: disable
+  comments-indentation: disable
+  document-start: enable
+  empty-lines:
+    max: 3
+    level: error
+  hyphens:
+    level: error
+  indentation: enable
+  key-duplicates: enable
+  line-length:
+    max: 159
+  new-line-at-end-of-file: enable
+  new-lines:
+    type: unix
+  trailing-spaces: enable
+  truthy: disable
diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2018
+Copyright (c) 2020
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/Makefile b/Makefile
@@ -1,21 +1,21 @@
-ANSIBLE_INSTALL_VERSION ?= 2.9.1
+ANSIBLE_INSTALL_VERSION ?= 2.9.13
 PATH := $(PWD)/.venv_ansible$(ANSIBLE_INSTALL_VERSION)/bin:$(shell printenv PATH)
 SHELL := env PATH=$(PATH) /bin/bash
 
 ifeq ($(SCENARIO), all)
-SCENARIO_OPT = "--all"
+SCENARIO_OPT =
 else
-SCENARIO_OPT = "--scenario-name=$(SCENARIO)"
+SCENARIO_OPT = --scenario-name=$(SCENARIO)
 endif
 
 .DEFAULT_GOAL := help
 .PHONY: all clean destroy help test
 
 
-
 ## Make deps, test
 all: deps test
 
+
 ## Setup dependencies
 deps: .venv_ansible$(ANSIBLE_INSTALL_VERSION)
 

diff --git a/README.md b/README.md
@@ -120,3 +120,9 @@ same machine.
     - name: sansible.zookeeper
     - name: sansible.kafka
 ```
+
+Logging access denied. These access logs will be placed in `{{ sansible_kafka_log_dir }}/kafka-authorizer.log`.
+```YAML
+- role: sansible.kafka
+sansible_kafka_authorizer_log_level: INFO
+```
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,6 +1,7 @@
 ---
 
 sansible_kafka_apache_mirror: https://archive.apache.org/dist/
+sansible_kafka_authorizer_log_level: ERROR
 sansible_kafka_aws_cluster_assigned_id_enabled: no
 sansible_kafka_aws_cluster_assigned_id_tag_name: instanceindex
 sansible_kafka_conf_dir: /home/kafka/etc

diff --git a/molecule/default/playbook.yml → molecule/default/converge.yml b/molecule/default/playbook.yml → molecule/default/converge.yml
@@ -8,6 +8,9 @@
     sansible_kafka_environment_vars:
       - "NEWRELIC_OPTS=\"-javaagent:/home/{{ sansible_kafka_user }}/newrelic/newrelic.jar\""
       - "export TEST_KAFKA_OPTS=\"${KAFKA_OPTS} ${NEWRELIC_OPTS}\""
+    sansible_kafka_server_properties:
+      listeners: "PLAINTEXT://127.0.0.1:9092"
+      broker.id: 11
 
   roles:
     - role: sansible.zookeeper

diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
@@ -1,8 +1,12 @@
 ---
+# See https://molecule.readthedocs.io/en/latest/configuration.html# for details.
 
 driver:
   name: docker
 
+provisioner:
+  name: ansible
+
 platforms:
   - name: sansible_kafka-xenial
     image: solita/ubuntu-systemd:xenial
@@ -19,46 +23,19 @@ platforms:
     volumes:
       - /sys/fs/cgroup:/sys/fs/cgroup:ro
 
-provisioner:
-  name: ansible
-  config_options:
-    defaults:
-      # Fix for issue https://github.com/ansible/ansible/issues/43884
-      gather_timeout: 30
-  lint:
-    name: ansible-lint
-  inventory:
-    host_vars:
-      # currenlty there is no support for netplan, and no interfaces facts
-      sansible_kafka-xenial:
-        sansible_kafka_server_properties:
-          listeners: "PLAINTEXT://127.0.0.1:9092"
-          broker.id: 11
-      sansible_kafka-bionic:
-        sansible_kafka_server_properties:
-          listeners: "PLAINTEXT://127.0.0.1:9092"
-          broker.id: 11
-
-lint:
-  name: yamllint
-  options:
-    config-data:
-      extends: default
-      ignore: .venv_ansible*
-      rules:
-        line-length:
-          max: 300
-        truthy: disable
-
+lint: |
+  set -e
+  yamllint .
+  ansible-lint
+  flake8 molecule/
 dependency:
   name: galaxy
   options:
+    ignore-certs: True
     role-file: requirements.yml
 
 scenario:
   name: default
 
 verifier:
   name: testinfra
-  lint:
-    name: flake8
diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml
@@ -5,16 +5,12 @@
   gather_facts: false
 
   tasks:
-    - name: Install Python for Ansible
-      become: yes
-      raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal python-zipstream)
-      changed_when: no
-
-    - name: Install apt-transport-https, lsb-release, net-tools
+    - name: Install required packages
       become: yes
       apt:
         name:
           - apt-transport-https
+          - gnupg
           - lsb-release
           - net-tools
         update_cache: yes
diff --git a/requirements.txt b/requirements.txt
@@ -1,2 +1,5 @@
-docker-py==1.10.6
-molecule==2.22
+ansible-lint
+docker
+flake8
+molecule
+testinfra
diff --git a/templates/log4j.properties.j2 b/templates/log4j.properties.j2
@@ -28,6 +28,16 @@ log4j.appender.controllerAppender.File={{ sansible_kafka_log_dir }}/controller.l
 log4j.appender.controllerAppender.layout=org.apache.log4j.PatternLayout
 log4j.appender.controllerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
 
+# Authorization
+log4j.appender.authorizerAppender=org.apache.log4j.RollingFileAppender
+log4j.appender.stateChangeAppender.MaxFileSize=50MB
+log4j.appender.stateChangeAppender.MaxBackupIndex=4
+log4j.appender.authorizerAppender.File={{ sansible_kafka_log_dir }}/kafka-authorizer.log
+log4j.appender.authorizerAppender.layout=org.apache.log4j.PatternLayout
+log4j.appender.authorizerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
+log4j.logger.kafka.authorizer.logger={{ sansible_kafka_authorizer_log_level }}, authorizerAppender
+log4j.additivity.kafka.authorizer.logger=false
+
 # Turn on all our debugging info
 #log4j.logger.kafka.producer.async.DefaultEventHandler=DEBUG, kafkaAppender
 #log4j.logger.kafka.client.ClientUtils=DEBUG, kafkaAppender