Confluent v2.10.0, Nov 20 24

Confluent v2.10.0 published on Wednesday, Nov 20, 2024 by Pulumi

confluentcloud.KafkaAcl

Explore with Pulumi AI

Confluent v2.10.0 published on Wednesday, Nov 20, 2024 by Pulumi

pulumi/pulumi-confluentcloud

Example Usage

Option #1: Manage multiple Kafka clusters in the same Pulumi Stack

import * as pulumi from "@pulumi/pulumi";
import * as confluentcloud from "@pulumi/confluentcloud";

const describe_basic_cluster = new confluentcloud.KafkaAcl("describe-basic-cluster", {
    kafkaCluster: {
        id: basic_cluster.id,
    },
    resourceType: "CLUSTER",
    resourceName: "kafka-cluster",
    patternType: "LITERAL",
    principal: "User:sa-xyz123",
    host: "*",
    operation: "DESCRIBE",
    permission: "ALLOW",
    restEndpoint: basic_cluster.restEndpoint,
    credentials: {
        key: app_manager_kafka_api_key.id,
        secret: app_manager_kafka_api_key.secret,
    },
});

import pulumi
import pulumi_confluentcloud as confluentcloud

describe_basic_cluster = confluentcloud.KafkaAcl("describe-basic-cluster",
    kafka_cluster={
        "id": basic_cluster["id"],
    },
    resource_type="CLUSTER",
    resource_name_="kafka-cluster",
    pattern_type="LITERAL",
    principal="User:sa-xyz123",
    host="*",
    operation="DESCRIBE",
    permission="ALLOW",
    rest_endpoint=basic_cluster["restEndpoint"],
    credentials={
        "key": app_manager_kafka_api_key["id"],
        "secret": app_manager_kafka_api_key["secret"],
    })

package main

import (
	"github.com/pulumi/pulumi-confluentcloud/sdk/v2/go/confluentcloud"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := confluentcloud.NewKafkaAcl(ctx, "describe-basic-cluster", &confluentcloud.KafkaAclArgs{
			KafkaCluster: &confluentcloud.KafkaAclKafkaClusterArgs{
				Id: pulumi.Any(basic_cluster.Id),
			},
			ResourceType: pulumi.String("CLUSTER"),
			ResourceName: pulumi.String("kafka-cluster"),
			PatternType:  pulumi.String("LITERAL"),
			Principal:    pulumi.String("User:sa-xyz123"),
			Host:         pulumi.String("*"),
			Operation:    pulumi.String("DESCRIBE"),
			Permission:   pulumi.String("ALLOW"),
			RestEndpoint: pulumi.Any(basic_cluster.RestEndpoint),
			Credentials: &confluentcloud.KafkaAclCredentialsArgs{
				Key:    pulumi.Any(app_manager_kafka_api_key.Id),
				Secret: pulumi.Any(app_manager_kafka_api_key.Secret),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using ConfluentCloud = Pulumi.ConfluentCloud;

return await Deployment.RunAsync(() => 
{
    var describe_basic_cluster = new ConfluentCloud.KafkaAcl("describe-basic-cluster", new()
    {
        KafkaCluster = new ConfluentCloud.Inputs.KafkaAclKafkaClusterArgs
        {
            Id = basic_cluster.Id,
        },
        ResourceType = "CLUSTER",
        ResourceName = "kafka-cluster",
        PatternType = "LITERAL",
        Principal = "User:sa-xyz123",
        Host = "*",
        Operation = "DESCRIBE",
        Permission = "ALLOW",
        RestEndpoint = basic_cluster.RestEndpoint,
        Credentials = new ConfluentCloud.Inputs.KafkaAclCredentialsArgs
        {
            Key = app_manager_kafka_api_key.Id,
            Secret = app_manager_kafka_api_key.Secret,
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.confluentcloud.KafkaAcl;
import com.pulumi.confluentcloud.KafkaAclArgs;
import com.pulumi.confluentcloud.inputs.KafkaAclKafkaClusterArgs;
import com.pulumi.confluentcloud.inputs.KafkaAclCredentialsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var describe_basic_cluster = new KafkaAcl("describe-basic-cluster", KafkaAclArgs.builder()
            .kafkaCluster(KafkaAclKafkaClusterArgs.builder()
                .id(basic_cluster.id())
                .build())
            .resourceType("CLUSTER")
            .resourceName("kafka-cluster")
            .patternType("LITERAL")
            .principal("User:sa-xyz123")
            .host("*")
            .operation("DESCRIBE")
            .permission("ALLOW")
            .restEndpoint(basic_cluster.restEndpoint())
            .credentials(KafkaAclCredentialsArgs.builder()
                .key(app_manager_kafka_api_key.id())
                .secret(app_manager_kafka_api_key.secret())
                .build())
            .build());

    }
}

resources:
  describe-basic-cluster:
    type: confluentcloud:KafkaAcl
    properties:
      kafkaCluster:
        id: ${["basic-cluster"].id}
      resourceType: CLUSTER
      resourceName: kafka-cluster
      patternType: LITERAL
      principal: User:sa-xyz123
      host: '*'
      operation: DESCRIBE
      permission: ALLOW
      restEndpoint: ${["basic-cluster"].restEndpoint}
      credentials:
        key: ${["app-manager-kafka-api-key"].id}
        secret: ${["app-manager-kafka-api-key"].secret}

Option #2: Manage a single Kafka cluster in the same Pulumi Stack

import * as pulumi from "@pulumi/pulumi";
import * as confluentcloud from "@pulumi/confluentcloud";

const describe_basic_cluster = new confluentcloud.KafkaAcl("describe-basic-cluster", {
    resourceType: "CLUSTER",
    resourceName: "kafka-cluster",
    patternType: "LITERAL",
    principal: "User:sa-xyz123",
    host: "*",
    operation: "DESCRIBE",
    permission: "ALLOW",
});

import pulumi
import pulumi_confluentcloud as confluentcloud

describe_basic_cluster = confluentcloud.KafkaAcl("describe-basic-cluster",
    resource_type="CLUSTER",
    resource_name_="kafka-cluster",
    pattern_type="LITERAL",
    principal="User:sa-xyz123",
    host="*",
    operation="DESCRIBE",
    permission="ALLOW")

package main

import (
	"github.com/pulumi/pulumi-confluentcloud/sdk/v2/go/confluentcloud"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := confluentcloud.NewKafkaAcl(ctx, "describe-basic-cluster", &confluentcloud.KafkaAclArgs{
			ResourceType: pulumi.String("CLUSTER"),
			ResourceName: pulumi.String("kafka-cluster"),
			PatternType:  pulumi.String("LITERAL"),
			Principal:    pulumi.String("User:sa-xyz123"),
			Host:         pulumi.String("*"),
			Operation:    pulumi.String("DESCRIBE"),
			Permission:   pulumi.String("ALLOW"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using ConfluentCloud = Pulumi.ConfluentCloud;

return await Deployment.RunAsync(() => 
{
    var describe_basic_cluster = new ConfluentCloud.KafkaAcl("describe-basic-cluster", new()
    {
        ResourceType = "CLUSTER",
        ResourceName = "kafka-cluster",
        PatternType = "LITERAL",
        Principal = "User:sa-xyz123",
        Host = "*",
        Operation = "DESCRIBE",
        Permission = "ALLOW",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.confluentcloud.KafkaAcl;
import com.pulumi.confluentcloud.KafkaAclArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var describe_basic_cluster = new KafkaAcl("describe-basic-cluster", KafkaAclArgs.builder()
            .resourceType("CLUSTER")
            .resourceName("kafka-cluster")
            .patternType("LITERAL")
            .principal("User:sa-xyz123")
            .host("*")
            .operation("DESCRIBE")
            .permission("ALLOW")
            .build());

    }
}

resources:
  describe-basic-cluster:
    type: confluentcloud:KafkaAcl
    properties:
      resourceType: CLUSTER
      resourceName: kafka-cluster
      patternType: LITERAL
      principal: User:sa-xyz123
      host: '*'
      operation: DESCRIBE
      permission: ALLOW

Getting Started

The following end-to-end examples might help to get started with confluentcloud.KafkaAcl resource:

basic-kafka-acls: Basic Kafka cluster with authorization using ACLs
basic-kafka-acls-with-alias: Basic Kafka cluster with authorization using ACLs
standard-kafka-acls: Standard Kafka cluster with authorization using ACLs
dedicated-public-kafka-acls: Dedicated Kafka cluster that is accessible over the public internet with authorization using ACLs
dedicated-privatelink-aws-kafka-acls: Dedicated Kafka cluster on AWS that is accessible via PrivateLink connections with authorization using ACLs
dedicated-privatelink-azure-kafka-acls: Dedicated Kafka cluster on Azure that is accessible via PrivateLink connections with authorization using ACLs
dedicated-private-service-connect-gcp-kafka-acls: Dedicated Kafka cluster on GCP that is accessible via Private Service Connect connections with authorization using ACLs
dedicated-private-service-connect-gcp-kafka-rbac: Dedicated Kafka cluster on GCP that is accessible via Private Service Connect connections with authorization using RBAC
dedicated-vnet-peering-azure-kafka-acls: Dedicated Kafka cluster on Azure that is accessible via VPC Peering connections with authorization using ACLs
dedicated-vpc-peering-aws-kafka-acls: Dedicated Kafka cluster on AWS that is accessible via VPC Peering connections with authorization using ACLs
dedicated-vpc-peering-gcp-kafka-acls: Dedicated Kafka cluster on GCP that is accessible via VPC Peering connections with authorization using ACLs
dedicated-transit-gateway-attachment-aws-kafka-acls: Dedicated Kafka cluster on AWS that is accessible via Transit Gateway Endpoint with authorization using ACLs
dedicated-transit-gateway-attachment-aws-kafka-rbac: Dedicated Kafka cluster on AWS that is accessible via Transit Gateway Endpoint with authorization using RBAC
enterprise-privatelinkattachment-aws-kafka-acls: Enterprise Kafka cluster on AWS that is accessible via PrivateLink connections with authorization using ACLs

Other Example Usages

import * as pulumi from "@pulumi/pulumi";
import * as confluentcloud from "@pulumi/confluentcloud";

// https://github.com/confluentinc/terraform-provider-confluent/issues/241
const app_producer_write_on_topic = new confluentcloud.KafkaAcl("app-producer-write-on-topic", {
    resourceType: "TOPIC",
    resourceName: orders.topicName,
    patternType: "LITERAL",
    principal: `User:${_this.id}`,
    host: "*",
    operation: "WRITE",
    permission: "ALLOW",
});

import pulumi
import pulumi_confluentcloud as confluentcloud

# https://github.com/confluentinc/terraform-provider-confluent/issues/241
app_producer_write_on_topic = confluentcloud.KafkaAcl("app-producer-write-on-topic",
    resource_type="TOPIC",
    resource_name_=orders["topicName"],
    pattern_type="LITERAL",
    principal=f"User:{this['id']}",
    host="*",
    operation="WRITE",
    permission="ALLOW")

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-confluentcloud/sdk/v2/go/confluentcloud"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// https://github.com/confluentinc/terraform-provider-confluent/issues/241
		_, err := confluentcloud.NewKafkaAcl(ctx, "app-producer-write-on-topic", &confluentcloud.KafkaAclArgs{
			ResourceType: pulumi.String("TOPIC"),
			ResourceName: pulumi.Any(orders.TopicName),
			PatternType:  pulumi.String("LITERAL"),
			Principal:    pulumi.Sprintf("User:%v", this.Id),
			Host:         pulumi.String("*"),
			Operation:    pulumi.String("WRITE"),
			Permission:   pulumi.String("ALLOW"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using ConfluentCloud = Pulumi.ConfluentCloud;

return await Deployment.RunAsync(() => 
{
    // https://github.com/confluentinc/terraform-provider-confluent/issues/241
    var app_producer_write_on_topic = new ConfluentCloud.KafkaAcl("app-producer-write-on-topic", new()
    {
        ResourceType = "TOPIC",
        ResourceName = orders.TopicName,
        PatternType = "LITERAL",
        Principal = $"User:{@this.Id}",
        Host = "*",
        Operation = "WRITE",
        Permission = "ALLOW",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.confluentcloud.KafkaAcl;
import com.pulumi.confluentcloud.KafkaAclArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        // https://github.com/confluentinc/terraform-provider-confluent/issues/241
        var app_producer_write_on_topic = new KafkaAcl("app-producer-write-on-topic", KafkaAclArgs.builder()
            .resourceType("TOPIC")
            .resourceName(orders.topicName())
            .patternType("LITERAL")
            .principal(String.format("User:%s", this_.id()))
            .host("*")
            .operation("WRITE")
            .permission("ALLOW")
            .build());

    }
}

resources:
  # https://github.com/confluentinc/terraform-provider-confluent/issues/241
  app-producer-write-on-topic:
    type: confluentcloud:KafkaAcl
    properties:
      resourceType: TOPIC
      resourceName: ${orders.topicName}
      patternType: LITERAL
      principal: User:${this.id}
      host: '*'
      operation: WRITE
      permission: ALLOW

Create KafkaAcl Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new KafkaAcl(name: string, args: KafkaAclArgs, opts?: CustomResourceOptions);

@overload
def KafkaAcl(resource_name: str,
             args: KafkaAclArgs,
             opts: Optional[ResourceOptions] = None)

@overload
def KafkaAcl(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             host: Optional[str] = None,
             operation: Optional[str] = None,
             pattern_type: Optional[str] = None,
             permission: Optional[str] = None,
             principal: Optional[str] = None,
             resource_name_: Optional[str] = None,
             resource_type: Optional[str] = None,
             credentials: Optional[KafkaAclCredentialsArgs] = None,
             kafka_cluster: Optional[KafkaAclKafkaClusterArgs] = None,
             rest_endpoint: Optional[str] = None)

func NewKafkaAcl(ctx *Context, name string, args KafkaAclArgs, opts ...ResourceOption) (*KafkaAcl, error)

public KafkaAcl(string name, KafkaAclArgs args, CustomResourceOptions? opts = null)

public KafkaAcl(String name, KafkaAclArgs args)
public KafkaAcl(String name, KafkaAclArgs args, CustomResourceOptions options)

type: confluentcloud:KafkaAcl
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args KafkaAclArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args KafkaAclArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args KafkaAclArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args KafkaAclArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args KafkaAclArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var kafkaAclResource = new ConfluentCloud.KafkaAcl("kafkaAclResource", new()
{
    Host = "string",
    Operation = "string",
    PatternType = "string",
    Permission = "string",
    Principal = "string",
    ResourceName = "string",
    ResourceType = "string",
    Credentials = new ConfluentCloud.Inputs.KafkaAclCredentialsArgs
    {
        Key = "string",
        Secret = "string",
    },
    KafkaCluster = new ConfluentCloud.Inputs.KafkaAclKafkaClusterArgs
    {
        Id = "string",
    },
    RestEndpoint = "string",
});

example, err := confluentcloud.NewKafkaAcl(ctx, "kafkaAclResource", &confluentcloud.KafkaAclArgs{
	Host:         pulumi.String("string"),
	Operation:    pulumi.String("string"),
	PatternType:  pulumi.String("string"),
	Permission:   pulumi.String("string"),
	Principal:    pulumi.String("string"),
	ResourceName: pulumi.String("string"),
	ResourceType: pulumi.String("string"),
	Credentials: &confluentcloud.KafkaAclCredentialsArgs{
		Key:    pulumi.String("string"),
		Secret: pulumi.String("string"),
	},
	KafkaCluster: &confluentcloud.KafkaAclKafkaClusterArgs{
		Id: pulumi.String("string"),
	},
	RestEndpoint: pulumi.String("string"),
})

var kafkaAclResource = new KafkaAcl("kafkaAclResource", KafkaAclArgs.builder()
    .host("string")
    .operation("string")
    .patternType("string")
    .permission("string")
    .principal("string")
    .resourceName("string")
    .resourceType("string")
    .credentials(KafkaAclCredentialsArgs.builder()
        .key("string")
        .secret("string")
        .build())
    .kafkaCluster(KafkaAclKafkaClusterArgs.builder()
        .id("string")
        .build())
    .restEndpoint("string")
    .build());

kafka_acl_resource = confluentcloud.KafkaAcl("kafkaAclResource",
    host="string",
    operation="string",
    pattern_type="string",
    permission="string",
    principal="string",
    resource_name_="string",
    resource_type="string",
    credentials={
        "key": "string",
        "secret": "string",
    },
    kafka_cluster={
        "id": "string",
    },
    rest_endpoint="string")

const kafkaAclResource = new confluentcloud.KafkaAcl("kafkaAclResource", {
    host: "string",
    operation: "string",
    patternType: "string",
    permission: "string",
    principal: "string",
    resourceName: "string",
    resourceType: "string",
    credentials: {
        key: "string",
        secret: "string",
    },
    kafkaCluster: {
        id: "string",
    },
    restEndpoint: "string",
});

type: confluentcloud:KafkaAcl
properties:
    credentials:
        key: string
        secret: string
    host: string
    kafkaCluster:
        id: string
    operation: string
    patternType: string
    permission: string
    principal: string
    resourceName: string
    resourceType: string
    restEndpoint: string

KafkaAcl Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The KafkaAcl resource accepts the following input properties:

Host string: The host for the ACL.
Operation string: The operation type for the ACL. Accepted values are: ALL, READ, WRITE, CREATE, DELETE, ALTER, DESCRIBE, CLUSTER_ACTION, DESCRIBE_CONFIGS, ALTER_CONFIGS, and IDEMPOTENT_WRITE. See Authorization using ACLs to find mappings of (resource_type, operation) to one or more Kafka APIs or request types.
PatternType string: The pattern type for the ACL. Accepted values are: LITERAL and PREFIXED.
Permission string: The permission for the ACL. Accepted values are: DENY and ALLOW.
Principal string: The principal for the ACL.
ResourceName string: The resource name for the ACL. Must be kafka-cluster if resource_type equals to CLUSTER.
ResourceType string: The type of the resource. Accepted values are: TOPIC, GROUP, CLUSTER, TRANSACTIONAL_ID, DELEGATION_TOKEN. See Authorization using ACLs to find definitions of resource types and mappings of (resource_type, operation) to one or more Kafka APIs or request types.
Credentials Pulumi.ConfluentCloud.Inputs.KafkaAclCredentials: The Cluster API Credentials.
KafkaCluster Pulumi.ConfluentCloud.Inputs.KafkaAclKafkaCluster
RestEndpoint string: The REST endpoint of the Kafka cluster, for example, https://pkc-00000.us-central1.gcp.confluent.cloud:443.

Host string: The host for the ACL.
Operation string: The operation type for the ACL. Accepted values are: ALL, READ, WRITE, CREATE, DELETE, ALTER, DESCRIBE, CLUSTER_ACTION, DESCRIBE_CONFIGS, ALTER_CONFIGS, and IDEMPOTENT_WRITE. See Authorization using ACLs to find mappings of (resource_type, operation) to one or more Kafka APIs or request types.
PatternType string: The pattern type for the ACL. Accepted values are: LITERAL and PREFIXED.
Permission string: The permission for the ACL. Accepted values are: DENY and ALLOW.
Principal string: The principal for the ACL.
ResourceName string: The resource name for the ACL. Must be kafka-cluster if resource_type equals to CLUSTER.
ResourceType string: The type of the resource. Accepted values are: TOPIC, GROUP, CLUSTER, TRANSACTIONAL_ID, DELEGATION_TOKEN. See Authorization using ACLs to find definitions of resource types and mappings of (resource_type, operation) to one or more Kafka APIs or request types.
Credentials KafkaAclCredentialsArgs: The Cluster API Credentials.
KafkaCluster KafkaAclKafkaClusterArgs
RestEndpoint string: The REST endpoint of the Kafka cluster, for example, https://pkc-00000.us-central1.gcp.confluent.cloud:443.

host String: The host for the ACL.
operation String: The operation type for the ACL. Accepted values are: ALL, READ, WRITE, CREATE, DELETE, ALTER, DESCRIBE, CLUSTER_ACTION, DESCRIBE_CONFIGS, ALTER_CONFIGS, and IDEMPOTENT_WRITE. See Authorization using ACLs to find mappings of (resource_type, operation) to one or more Kafka APIs or request types.
patternType String: The pattern type for the ACL. Accepted values are: LITERAL and PREFIXED.
permission String: The permission for the ACL. Accepted values are: DENY and ALLOW.
principal String: The principal for the ACL.
resourceName String: The resource name for the ACL. Must be kafka-cluster if resource_type equals to CLUSTER.
resourceType String: The type of the resource. Accepted values are: TOPIC, GROUP, CLUSTER, TRANSACTIONAL_ID, DELEGATION_TOKEN. See Authorization using ACLs to find definitions of resource types and mappings of (resource_type, operation) to one or more Kafka APIs or request types.
credentials KafkaAclCredentials: The Cluster API Credentials.
kafkaCluster KafkaAclKafkaCluster
restEndpoint String: The REST endpoint of the Kafka cluster, for example, https://pkc-00000.us-central1.gcp.confluent.cloud:443.

host string: The host for the ACL.
operation string: The operation type for the ACL. Accepted values are: ALL, READ, WRITE, CREATE, DELETE, ALTER, DESCRIBE, CLUSTER_ACTION, DESCRIBE_CONFIGS, ALTER_CONFIGS, and IDEMPOTENT_WRITE. See Authorization using ACLs to find mappings of (resource_type, operation) to one or more Kafka APIs or request types.
patternType string: The pattern type for the ACL. Accepted values are: LITERAL and PREFIXED.
permission string: The permission for the ACL. Accepted values are: DENY and ALLOW.
principal string: The principal for the ACL.
resourceName string: The resource name for the ACL. Must be kafka-cluster if resource_type equals to CLUSTER.
resourceType string: The type of the resource. Accepted values are: TOPIC, GROUP, CLUSTER, TRANSACTIONAL_ID, DELEGATION_TOKEN. See Authorization using ACLs to find definitions of resource types and mappings of (resource_type, operation) to one or more Kafka APIs or request types.
credentials KafkaAclCredentials: The Cluster API Credentials.
kafkaCluster KafkaAclKafkaCluster
restEndpoint string: The REST endpoint of the Kafka cluster, for example, https://pkc-00000.us-central1.gcp.confluent.cloud:443.

host str: The host for the ACL.
operation str: The operation type for the ACL. Accepted values are: ALL, READ, WRITE, CREATE, DELETE, ALTER, DESCRIBE, CLUSTER_ACTION, DESCRIBE_CONFIGS, ALTER_CONFIGS, and IDEMPOTENT_WRITE. See Authorization using ACLs to find mappings of (resource_type, operation) to one or more Kafka APIs or request types.
pattern_type str: The pattern type for the ACL. Accepted values are: LITERAL and PREFIXED.
permission str: The permission for the ACL. Accepted values are: DENY and ALLOW.
principal str: The principal for the ACL.
resource_name str: The resource name for the ACL. Must be kafka-cluster if resource_type equals to CLUSTER.
resource_type str: The type of the resource. Accepted values are: TOPIC, GROUP, CLUSTER, TRANSACTIONAL_ID, DELEGATION_TOKEN. See Authorization using ACLs to find definitions of resource types and mappings of (resource_type, operation) to one or more Kafka APIs or request types.
credentials KafkaAclCredentialsArgs: The Cluster API Credentials.
kafka_cluster KafkaAclKafkaClusterArgs
rest_endpoint str: The REST endpoint of the Kafka cluster, for example, https://pkc-00000.us-central1.gcp.confluent.cloud:443.

host String: The host for the ACL.
operation String: The operation type for the ACL. Accepted values are: ALL, READ, WRITE, CREATE, DELETE, ALTER, DESCRIBE, CLUSTER_ACTION, DESCRIBE_CONFIGS, ALTER_CONFIGS, and IDEMPOTENT_WRITE. See Authorization using ACLs to find mappings of (resource_type, operation) to one or more Kafka APIs or request types.
patternType String: The pattern type for the ACL. Accepted values are: LITERAL and PREFIXED.
permission String: The permission for the ACL. Accepted values are: DENY and ALLOW.
principal String: The principal for the ACL.
resourceName String: The resource name for the ACL. Must be kafka-cluster if resource_type equals to CLUSTER.
resourceType String: The type of the resource. Accepted values are: TOPIC, GROUP, CLUSTER, TRANSACTIONAL_ID, DELEGATION_TOKEN. See Authorization using ACLs to find definitions of resource types and mappings of (resource_type, operation) to one or more Kafka APIs or request types.
credentials Property Map: The Cluster API Credentials.
kafkaCluster Property Map
restEndpoint String: The REST endpoint of the Kafka cluster, for example, https://pkc-00000.us-central1.gcp.confluent.cloud:443.

Outputs

All input properties are implicitly available as output properties. Additionally, the KafkaAcl resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing KafkaAcl Resource

Get an existing KafkaAcl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: KafkaAclState, opts?: CustomResourceOptions): KafkaAcl

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        credentials: Optional[KafkaAclCredentialsArgs] = None,
        host: Optional[str] = None,
        kafka_cluster: Optional[KafkaAclKafkaClusterArgs] = None,
        operation: Optional[str] = None,
        pattern_type: Optional[str] = None,
        permission: Optional[str] = None,
        principal: Optional[str] = None,
        resource_name: Optional[str] = None,
        resource_type: Optional[str] = None,
        rest_endpoint: Optional[str] = None) -> KafkaAcl

func GetKafkaAcl(ctx *Context, name string, id IDInput, state *KafkaAclState, opts ...ResourceOption) (*KafkaAcl, error)

public static KafkaAcl Get(string name, Input<string> id, KafkaAclState? state, CustomResourceOptions? opts = null)

public static KafkaAcl get(String name, Output<String> id, KafkaAclState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Credentials Pulumi.ConfluentCloud.Inputs.KafkaAclCredentials: The Cluster API Credentials.
Host string: The host for the ACL.
KafkaCluster Pulumi.ConfluentCloud.Inputs.KafkaAclKafkaCluster
Operation string: The operation type for the ACL. Accepted values are: ALL, READ, WRITE, CREATE, DELETE, ALTER, DESCRIBE, CLUSTER_ACTION, DESCRIBE_CONFIGS, ALTER_CONFIGS, and IDEMPOTENT_WRITE. See Authorization using ACLs to find mappings of (resource_type, operation) to one or more Kafka APIs or request types.
PatternType string: The pattern type for the ACL. Accepted values are: LITERAL and PREFIXED.
Permission string: The permission for the ACL. Accepted values are: DENY and ALLOW.
Principal string: The principal for the ACL.
ResourceName string: The resource name for the ACL. Must be kafka-cluster if resource_type equals to CLUSTER.
ResourceType string: The type of the resource. Accepted values are: TOPIC, GROUP, CLUSTER, TRANSACTIONAL_ID, DELEGATION_TOKEN. See Authorization using ACLs to find definitions of resource types and mappings of (resource_type, operation) to one or more Kafka APIs or request types.
RestEndpoint string: The REST endpoint of the Kafka cluster, for example, https://pkc-00000.us-central1.gcp.confluent.cloud:443.

Credentials KafkaAclCredentialsArgs: The Cluster API Credentials.
Host string: The host for the ACL.
KafkaCluster KafkaAclKafkaClusterArgs
Operation string: The operation type for the ACL. Accepted values are: ALL, READ, WRITE, CREATE, DELETE, ALTER, DESCRIBE, CLUSTER_ACTION, DESCRIBE_CONFIGS, ALTER_CONFIGS, and IDEMPOTENT_WRITE. See Authorization using ACLs to find mappings of (resource_type, operation) to one or more Kafka APIs or request types.
PatternType string: The pattern type for the ACL. Accepted values are: LITERAL and PREFIXED.
Permission string: The permission for the ACL. Accepted values are: DENY and ALLOW.
Principal string: The principal for the ACL.
ResourceName string: The resource name for the ACL. Must be kafka-cluster if resource_type equals to CLUSTER.
ResourceType string: The type of the resource. Accepted values are: TOPIC, GROUP, CLUSTER, TRANSACTIONAL_ID, DELEGATION_TOKEN. See Authorization using ACLs to find definitions of resource types and mappings of (resource_type, operation) to one or more Kafka APIs or request types.
RestEndpoint string: The REST endpoint of the Kafka cluster, for example, https://pkc-00000.us-central1.gcp.confluent.cloud:443.

credentials KafkaAclCredentials: The Cluster API Credentials.
host String: The host for the ACL.
kafkaCluster KafkaAclKafkaCluster
operation String: The operation type for the ACL. Accepted values are: ALL, READ, WRITE, CREATE, DELETE, ALTER, DESCRIBE, CLUSTER_ACTION, DESCRIBE_CONFIGS, ALTER_CONFIGS, and IDEMPOTENT_WRITE. See Authorization using ACLs to find mappings of (resource_type, operation) to one or more Kafka APIs or request types.
patternType String: The pattern type for the ACL. Accepted values are: LITERAL and PREFIXED.
permission String: The permission for the ACL. Accepted values are: DENY and ALLOW.
principal String: The principal for the ACL.
resourceName String: The resource name for the ACL. Must be kafka-cluster if resource_type equals to CLUSTER.
resourceType String: The type of the resource. Accepted values are: TOPIC, GROUP, CLUSTER, TRANSACTIONAL_ID, DELEGATION_TOKEN. See Authorization using ACLs to find definitions of resource types and mappings of (resource_type, operation) to one or more Kafka APIs or request types.
restEndpoint String: The REST endpoint of the Kafka cluster, for example, https://pkc-00000.us-central1.gcp.confluent.cloud:443.

credentials KafkaAclCredentials: The Cluster API Credentials.
host string: The host for the ACL.
kafkaCluster KafkaAclKafkaCluster
operation string: The operation type for the ACL. Accepted values are: ALL, READ, WRITE, CREATE, DELETE, ALTER, DESCRIBE, CLUSTER_ACTION, DESCRIBE_CONFIGS, ALTER_CONFIGS, and IDEMPOTENT_WRITE. See Authorization using ACLs to find mappings of (resource_type, operation) to one or more Kafka APIs or request types.
patternType string: The pattern type for the ACL. Accepted values are: LITERAL and PREFIXED.
permission string: The permission for the ACL. Accepted values are: DENY and ALLOW.
principal string: The principal for the ACL.
resourceName string: The resource name for the ACL. Must be kafka-cluster if resource_type equals to CLUSTER.
resourceType string: The type of the resource. Accepted values are: TOPIC, GROUP, CLUSTER, TRANSACTIONAL_ID, DELEGATION_TOKEN. See Authorization using ACLs to find definitions of resource types and mappings of (resource_type, operation) to one or more Kafka APIs or request types.
restEndpoint string: The REST endpoint of the Kafka cluster, for example, https://pkc-00000.us-central1.gcp.confluent.cloud:443.

credentials KafkaAclCredentialsArgs: The Cluster API Credentials.
host str: The host for the ACL.
kafka_cluster KafkaAclKafkaClusterArgs
operation str: The operation type for the ACL. Accepted values are: ALL, READ, WRITE, CREATE, DELETE, ALTER, DESCRIBE, CLUSTER_ACTION, DESCRIBE_CONFIGS, ALTER_CONFIGS, and IDEMPOTENT_WRITE. See Authorization using ACLs to find mappings of (resource_type, operation) to one or more Kafka APIs or request types.
pattern_type str: The pattern type for the ACL. Accepted values are: LITERAL and PREFIXED.
permission str: The permission for the ACL. Accepted values are: DENY and ALLOW.
principal str: The principal for the ACL.
resource_name str: The resource name for the ACL. Must be kafka-cluster if resource_type equals to CLUSTER.
resource_type str: The type of the resource. Accepted values are: TOPIC, GROUP, CLUSTER, TRANSACTIONAL_ID, DELEGATION_TOKEN. See Authorization using ACLs to find definitions of resource types and mappings of (resource_type, operation) to one or more Kafka APIs or request types.
rest_endpoint str: The REST endpoint of the Kafka cluster, for example, https://pkc-00000.us-central1.gcp.confluent.cloud:443.

credentials Property Map: The Cluster API Credentials.
host String: The host for the ACL.
kafkaCluster Property Map
operation String: The operation type for the ACL. Accepted values are: ALL, READ, WRITE, CREATE, DELETE, ALTER, DESCRIBE, CLUSTER_ACTION, DESCRIBE_CONFIGS, ALTER_CONFIGS, and IDEMPOTENT_WRITE. See Authorization using ACLs to find mappings of (resource_type, operation) to one or more Kafka APIs or request types.
patternType String: The pattern type for the ACL. Accepted values are: LITERAL and PREFIXED.
permission String: The permission for the ACL. Accepted values are: DENY and ALLOW.
principal String: The principal for the ACL.
resourceName String: The resource name for the ACL. Must be kafka-cluster if resource_type equals to CLUSTER.
resourceType String: The type of the resource. Accepted values are: TOPIC, GROUP, CLUSTER, TRANSACTIONAL_ID, DELEGATION_TOKEN. See Authorization using ACLs to find definitions of resource types and mappings of (resource_type, operation) to one or more Kafka APIs or request types.
restEndpoint String: The REST endpoint of the Kafka cluster, for example, https://pkc-00000.us-central1.gcp.confluent.cloud:443.

Supporting Types

KafkaAclCredentials, KafkaAclCredentialsArgs

Key string: The Kafka API Key.
Secret string: The Kafka API Secret.

Key string: The Kafka API Key.
Secret string: The Kafka API Secret.

key String: The Kafka API Key.
secret String: The Kafka API Secret.

key string: The Kafka API Key.
secret string: The Kafka API Secret.

key str: The Kafka API Key.
secret str: The Kafka API Secret.

key String: The Kafka API Key.
secret String: The Kafka API Secret.

KafkaAclKafkaCluster, KafkaAclKafkaClusterArgs

Id string: The ID of the Kafka cluster, for example, lkc-abc123.

Id string: The ID of the Kafka cluster, for example, lkc-abc123.

id String: The ID of the Kafka cluster, for example, lkc-abc123.

id string: The ID of the Kafka cluster, for example, lkc-abc123.

id str: The ID of the Kafka cluster, for example, lkc-abc123.

id String: The ID of the Kafka cluster, for example, lkc-abc123.

Import

You can import Kafka ACLs by using the Kafka cluster ID and attributes of confluent_kafka_acl resource in the format <Kafka cluster ID>/<Kafka ACL resource type>#<Kafka ACL resource name>#<Kafka ACL pattern type>#<Kafka ACL principal>#<Kafka ACL host>#<Kafka ACL operation>#<Kafka ACL permission>, for example:

Option #1: Manage multiple Kafka clusters in the same Pulumi Stack

$ export IMPORT_KAFKA_API_KEY="<kafka_api_key>"

$ export IMPORT_KAFKA_API_SECRET="<kafka_api_secret>"

$ export IMPORT_KAFKA_REST_ENDPOINT="<kafka_rest_endpoint>"

$ pulumi import confluentcloud:index/kafkaAcl:KafkaAcl describe-cluster "lkc-12345/CLUSTER#kafka-cluster#LITERAL#User:sa-xyz123#*#DESCRIBE#ALLOW"

Option #2: Manage a single Kafka cluster in the same Pulumi Stack

$ export CONFLUENT_CLOUD_API_KEY="<cloud_api_key>"

$ export CONFLUENT_CLOUD_API_SECRET="<cloud_api_secret>"

$ pulumi import confluentcloud:index/kafkaAcl:KafkaAcl describe-cluster "lkc-12345/CLUSTER#kafka-cluster#LITERAL#User:sa-xyz123#*#DESCRIBE#ALLOW"

!> Warning: Do not forget to delete terminal command history afterwards for security purposes.

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Confluent Cloud pulumi/pulumi-confluentcloud
License: Apache-2.0
Notes: This Pulumi package is based on the confluent Terraform Provider.

Confluent v2.10.0 published on Wednesday, Nov 20, 2024 by Pulumi

pulumi/pulumi-confluentcloud

confluentcloud.KafkaAcl

On this page

On this page

Example Usage

Option #1: Manage multiple Kafka clusters in the same Pulumi Stack

Option #2: Manage a single Kafka cluster in the same Pulumi Stack

Getting Started

Other Example Usages

Create KafkaAcl Resource

Constructor syntax

Parameters

Constructor example

KafkaAcl Resource Properties

Inputs

Outputs

Look up Existing KafkaAcl Resource

Supporting Types

KafkaAclCredentials, KafkaAclCredentialsArgs

KafkaAclKafkaCluster, KafkaAclKafkaClusterArgs

Import

Package Details

On this page

On this page