KafkaNativeACL
Usage example¶
Prerequisites
Apply the resource with:
Verify the newly created KafkaNativeACL
:
The output is similar to the following:
Name Service Name Project Host Operation PatternType PermissionType
my-kafka-native-acl my-kafka my-aiven-project my-host Create LITERAL ALLOW
KafkaNativeACL¶
KafkaNativeACL Creates and manages Kafka-native access control lists (ACLs) for an Aiven for Apache Kafka® service. ACLs control access to Kafka topics, consumer groups, clusters, and Schema Registry. Kafka-native ACLs provide advanced resource-level access control with fine-grained permissions, including ALLOW and DENY rules. For simplified topic-level control, you can use KafkaACL.
Required
apiVersion
(string). Valueaiven.io/v1alpha1
.kind
(string). ValueKafkaNativeACL
.metadata
(object). Data that identifies the object, including aname
string and optionalnamespace
.spec
(object, Immutable). KafkaNativeACLSpec defines the desired state of KafkaNativeACL. See below for nested schema.
spec¶
Appears on KafkaNativeACL
.
KafkaNativeACLSpec defines the desired state of KafkaNativeACL.
Required
operation
(string, Enum:All
,Alter
,AlterConfigs
,ClusterAction
,Create
,CreateTokens
,Delete
,Describe
,DescribeConfigs
,DescribeTokens
,IdempotentWrite
,Read
,Write
). Kafka ACL operation represents an operation which an ACL grants or denies permission to perform.patternType
(string, Enum:LITERAL
,PREFIXED
). Kafka ACL pattern type of resource name.permissionType
(string, Enum:ALLOW
,DENY
). Kafka ACL permission type.principal
(string, MaxLength: 256). Principal is inPrincipalType:name
format.project
(string, Immutable, Pattern:^[a-zA-Z0-9_-]+$
, MaxLength: 63). Identifies the project this resource belongs to.resourceName
(string, MaxLength: 256). Resource pattern used to match specified resources.resourceType
(string, Enum:Cluster
,DelegationToken
,Group
,Topic
,TransactionalId
,User
). Kafka ACL resource type represents a type of resource which an ACL can be applied to.serviceName
(string, Immutable, Pattern:^[a-z][-a-z0-9]+$
, MaxLength: 63). Specifies the name of the service that this resource belongs to.
Optional
authSecretRef
(object). Authentication reference to Aiven token in a secret. See below for nested schema.host
(string, MaxLength: 256, Default value:*
). The host or*
for all hosts.
authSecretRef¶
Appears on spec
.
Authentication reference to Aiven token in a secret.
Required