> RANGER_KAFKA_POLICIES    

  This module will allow you to manage Kafka policy in Apache Ranger. Please refer to Apache Ranger documentation for
  authorization policy concept and usage.

Options (= is mandatory):

= admin_password
        The password associated with the admin_username
        [Default: None]
= admin_url
        The Ranger base URL to access Ranger API. Same host:port as the Ranger Admin GUI. Typically
        http://myranger.server.com:6080 or https://myranger.server.com:6182
        [Default: None]
= admin_username
        The user name to log on the Ranger Admin. Must have enough rights to manage policies.
        [Default: None]
- ca_bundle_file
        Useful if Ranger Admin connection is using SSL. Allow to specify a CA_BUNDLE file, a file that contains root and
        intermediate certificates to validate the Ranger Admin certificate.
        In its simplest case, it could be a file containing the server certificate in .pem format.
        This file will be looked up on the remote system, on which this module will be executed.
        [Default: None]
= policies
        The list of policies you want to be defined by this operation.
        [Default: None]
- policies[0..n].audit
        Whether this policy is audited
        [Default: True]
- policies[0..n].enabled
        Whether this policy is enabled.
        [Default: True]
= policies[0..n].name
        The name of the policy. Must be unique across the system.
        [Default: None]
= policies[0..n].permissions
        A list of permissions associated to this policy
        [Default: None]
= policies[0..n].permissions[0..n].accesses
        A list of access right granted by this permission.
        [Default: None]
- policies[0..n].permissions[0..n].delegate_admin
        When a policy is assigned to a user or a group of users those users become the delegated admin. The delegated admin can
        update, delete the policies.
        [Default: False]
- policies[0..n].permissions[0..n].groups
        A list of groups this permission will apply on.
        [Default: None]
- policies[0..n].permissions[0..n].ip_addresses
        A list of source IP addresses to be bound to this permission
        [Default: None]
- policies[0..n].permissions[0..n].users
        A list of users this permission will apply on.
        [Default: None]
= policies[0..n].topics
        A list of Kafka topics this policy will apply on. Accept wildcard characters '*' and '?'
        [Default: None]
- service_name
        In most cases, you should not need to set this parameter. It define the Ranger Admin Kafka service, typically
        <yourClusterName>_kafka.
        It must be set if there are several such services defined in your Ranger Admin configuration, to select the one you
        intend to use.
        [Default: None]
- state
        Whether to install (present) or remove (absent) these policies
        (Choices: present, absent)[Default: present]
- validate_certs
        Useful if Ranger Admin connection is using SSL. If no, SSL certificates will not be validated. This should only be used
        on personally controlled sites using self-signed certificates.
        [Default: True]
EXAMPLES:

# Allow user 'app1' to publish to Kafka topic 'topic1'. And allow user 'app2' and all users belonging to groups 'grp1 and grp2 to consume.

- hosts: edge_node1
  roles:
  - ranger_modules
  tasks:
  - ranger_kafka_policies:
      state: present
      admin_url: https://ranger.mycompany.com:6182
      admin_username: admin
      admin_password: admin
      validate_certs: no
      policies: 
      - name: "kpolicy1"
        topics: 
        - "topic1"
        permissions:
        - users:
          - app1 
          accesses:
          - Publish
        - users:
          - app2
          groups:
          - grp1
          - grp2
          accesses:
          - consume
          


# Same result, expressed in a different way
- hosts: en1
  vars:
    policy1:
      { name: kpolicy1, topics: [ topic1 ], permissions: [ { users: [ app1 ], accesses: [ publish ] }, { users: [ app2 ], groups: [ grp1, grp2 ], accesses: [ consume ] } ] }
  roles:
  - ranger_modules
  tasks:
  - ranger_kafka_policies:
      state: present
      admin_url: https://nn1.hdp13.bsa.broadsoftware.com:6182
      admin_username: admin
      admin_password: admin
      validate_certs: no
      policies: 
      - "{{ policy1 }}"
          
          
          


MAINTAINERS: Serge ALEXANDRE

METADATA:
	Status: ['preview']
	Supported_by: community
