Skip to main content

acls

Creates, updates, deletes, gets or lists an acls resource.

Overview

Nameacls
TypeResource
Idconfluent.kafka.acls

Fields

The following fields are returned by SELECT queries:

The list of ACLs.

NameDatatypeDescription
dataarray
kindstring
metadataobject

Methods

The following methods are available for this resource:

NameAccessible byRequired ParamsOptional ParamsDescription
get_kafka_aclsselectcluster_id, kafka_endpoint_id, region, cloud_providerresource_type, resource_name, pattern_type, principal, host, operation, permission- When calling /acls without the principal parameter, service
accounts are returned in numeric ID format (e.g., User:12345).
- To retrieve service accounts in the sa-xxx format, use
/acls?principal=UserV2:*.
- The principal parameter supports both legacy User: format and
new UserV2: format for service accounts.
Return a list of ACLs that match the search criteria.
create_kafka_aclsinsertcluster_id, kafka_endpoint_id, region, cloud_provider, resource_type, resource_name, pattern_type, principal, host, operation, permissionCreate an ACL.
delete_kafka_aclsdeleteresource_type, pattern_type, operation, permission, cluster_id, kafka_endpoint_id, region, cloud_providerresource_name, principal, hostDelete the ACLs that match the search criteria.
batch_create_kafka_aclsexeccluster_id, kafka_endpoint_id, region, cloud_provider, dataCreate ACLs.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

NameDatatypeDescription
cloud_providerstringCloud provider, lowercase: aws, gcp, or azure (from the cluster spec.cloud). (default: cloud)
cluster_idstringThe Kafka cluster ID. (example: cluster-1)
kafka_endpoint_idstringPer-cluster Kafka REST endpoint ID (the pkc-* host prefix from the Confluent UI Cluster -> Overview -> REST endpoint, or extract from confluent.managed_kafka_clusters.clusters spec.http_endpoint). (default: pkc-00000)
operationstringThe ACL operation.
pattern_typestringThe ACL pattern type.
permissionstringThe ACL permission.
regionstringCloud region the cluster runs in, e.g. ap-southeast-2 (from the cluster spec.region). (default: region)
resource_typestringThe ACL resource type.
hoststringThe ACL host.
operationstringThe ACL operation.
pattern_typestringThe ACL pattern type.
permissionstringThe ACL permission.
principalstringThe ACL principal. This is the Service Account name or user name. Supports both legacy User: format (numeric IDs) and new UserV2: format (sa-xxx format) for service accounts. Use UserV2:* to retrieve service accounts in the new format.
resource_namestringThe ACL resource name.
resource_typestringThe ACL resource type.

SELECT examples

  • When calling /acls without the principal parameter, service
    accounts are returned in numeric ID format (e.g., User:12345).
    - To retrieve service accounts in the sa-xxx format, use
    /acls?principal=UserV2:*.
    - The principal parameter supports both legacy User: format and
    new UserV2: format for service accounts.
    Return a list of ACLs that match the search criteria.
SELECT
data,
kind,
metadata
FROM confluent.kafka.acls
WHERE cluster_id = '{{ cluster_id }}' -- required
AND kafka_endpoint_id = '{{ kafka_endpoint_id }}' -- required
AND region = '{{ region }}' -- required
AND cloud_provider = '{{ cloud_provider }}' -- required
AND resource_type = '{{ resource_type }}'
AND resource_name = '{{ resource_name }}'
AND pattern_type = '{{ pattern_type }}'
AND principal = '{{ principal }}'
AND host = '{{ host }}'
AND operation = '{{ operation }}'
AND permission = '{{ permission }}'
;

INSERT examples

Create an ACL.

INSERT INTO confluent.kafka.acls (
resource_type,
resource_name,
pattern_type,
principal,
host,
operation,
permission,
cluster_id,
kafka_endpoint_id,
region,
cloud_provider
)
SELECT 
'{{ resource_type }}' /* required */,
'{{ resource_name }}' /* required */,
'{{ pattern_type }}' /* required */,
'{{ principal }}' /* required */,
'{{ host }}' /* required */,
'{{ operation }}' /* required */,
'{{ permission }}' /* required */,
'{{ cluster_id }}',
'{{ kafka_endpoint_id }}',
'{{ region }}',
'{{ cloud_provider }}'
;

DELETE examples

Delete the ACLs that match the search criteria.

DELETE FROM confluent.kafka.acls
WHERE resource_type = '{{ resource_type }}' --required
AND pattern_type = '{{ pattern_type }}' --required
AND operation = '{{ operation }}' --required
AND permission = '{{ permission }}' --required
AND cluster_id = '{{ cluster_id }}' --required
AND kafka_endpoint_id = '{{ kafka_endpoint_id }}' --required
AND region = '{{ region }}' --required
AND cloud_provider = '{{ cloud_provider }}' --required
AND resource_name = '{{ resource_name }}'
AND principal = '{{ principal }}'
AND host = '{{ host }}'
;

Lifecycle Methods

Create ACLs.

EXEC confluent.kafka.acls.batch_create_kafka_acls 
@cluster_id='{{ cluster_id }}' --required, 
@kafka_endpoint_id='{{ kafka_endpoint_id }}' --required, 
@region='{{ region }}' --required, 
@cloud_provider='{{ cloud_provider }}' --required 
@@json=
'{
"data": "{{ data }}"
}'
;