...
Creating a role
Here we create a role role, test
.
Code Block |
---|
$ kafka-sentry -cr -r test $ kafka-sentry -lr test |
...
Here we assign the created role role, test,
to a group group, test-group
. All users in this group, will get any privilege we grant to the role role, test
.
Code Block |
---|
$ kafka-sentry -arg -r test -g test-group |
...
Here we grant some privileges to the role, test, so that users in
testGroup
can create a topic, testTopic
, and produce to it.
Allow users in test-group
to the role test.
create a new topic from localhost.
Code Block |
---|
$ kafka-sentry -gpr -r test -p "Host=127.0.0.1->Cluster=kafka-cluster->action=create" |
Allow users in test-group
to describe testTopic from localhost, which the user will create and use
.
Code Block |
---|
$ kafka-sentry -gpr -r test -p "Host=127.0.0.1->Topic=testTopic->action=describe" |
Allow users in test-group
to write to testTopic
from localhost, this will allow the users to produce to testTopic
.
Code Block |
---|
$ kafka-sentry -gpr -r test -p "Host=127.0.0.1->Topic=testTopic->action=write" |
Create testTopic
.
Code Block |
---|
$ kafka-topics.sh --create --zookeeper localhost:2181 --replication-factor 1 --partitions 1 --topic testTopic
$ kafka-topics.sh --list --zookeeper localhost:2181
testTopic |
Produce to testTopic
. Note that you will have to pass a config file, producer.properties, with information on jaas conf and other kerberos authentication related information. Here is more information.
Code Block |
---|
$ kafka-console-producer.sh --broker-list localhost:9092 --topic testTopic --producer.config producer.properties
This is a message
This is another message |
Allow users in test-group
to describe a consumer group, testconsumergroup
, that it will be starting or joining.
Code Block |
---|
$ kafka-sentry -gpr -r test -p "Host=127.0.0.1->Consumergroup=testconsumergroup->action=describe" |
Allow users in test-group
to read from a consumer group, testconsumergroup
, that it will be starting or joining.
Code Block |
---|
$ kafka-sentry -gpr -r test -p "Host=127.0.0.1->Topic=testTopic->action=read" |
Allow users in test-group
to read from testTopic
from localhost, this will allow the users to consumer from testTopic
.
Code Block |
---|
$ kafka-sentry -gpr -r test -p "Host=127.0.0.1->Topic=testTopic->action=ALL"read" |
Consume from testTopic
. Note that you will have to pass a config file, consumer.properties, with information on jaas conf and other kerberos authentication related information. The config file must also specify group.id
as testconsumergroup
. Here is more information.
Code Block |
---|
$ kafka-console-consumer.sh --zookeeper localhost:2181 --topic testTopic --from-beginning --consumer.config consumer.properties
This is a message
This is another message |