...
Creating a role
Here we create a role role, test.
| Code Block |
|---|
$ kafka-sentry -cr -r test $ kafka-sentry -lr test |
...
Here we assign the created role role, test, to a group group, test-group. All users in this group, will get any privilege we grant to the role role, test.
| Code Block |
|---|
$ kafka-sentry -arg -r test -g test-group |
...
Here we grant some privileges to the role, test, so that users in testGroup can create a topic, testTopic, and produce to it.
Allow users in test-group to the role test.create a new topic from localhost.
| Code Block |
|---|
$ kafka-sentry -gpr -r test -p "Host=127.0.0.1->Cluster=kafka-cluster->action=create" |
Allow users in test-group to describe testTopic from localhost, which the user will create and use.
| Code Block |
|---|
$ kafka-sentry -gpr -r test -p "Host=127.0.0.1->Topic=testTopic->action=describe" |
Allow users in test-group to write to testTopic from localhost, this will allow the users to produce to testTopic.
| Code Block |
|---|
$ kafka-sentry -gpr -r test -p "Host=127.0.0.1->Topic=testTopic->action=write" |
Create testTopic.
| Code Block |
|---|
$ kafka-topics.sh --create --zookeeper localhost:2181 --replication-factor 1 --partitions 1 --topic testTopic
$ kafka-topics.sh --list --zookeeper localhost:2181
testTopic |
Produce to testTopic. Note that you will have to pass a config file, producer.properties, with information on jaas conf and other kerberos authentication related information. Here is more information.
| Code Block |
|---|
$ kafka-console-producer.sh --broker-list localhost:9092 --topic testTopic --producer.config producer.properties
This is a message
This is another message |
Allow users in test-group to describe a consumer group, testconsumergroup, that it will be starting or joining.
| Code Block |
|---|
$ kafka-sentry -gpr -r test -p "Host=127.0.0.1->Consumergroup=testconsumergroup->action=describe" |
Allow users in test-group to read from a consumer group, testconsumergroup, that it will be starting or joining.
| Code Block |
|---|
$ kafka-sentry -gpr -r test -p "Host=127.0.0.1->Topic=testTopic->action=read" |
Allow users in test-group to read from testTopic from localhost, this will allow the users to consumer from testTopic.
| Code Block |
|---|
$ kafka-sentry -gpr -r test -p "Host=127.0.0.1->Topic=testTopic->action=ALL"read" |
Consume from testTopic. Note that you will have to pass a config file, consumer.properties, with information on jaas conf and other kerberos authentication related information. The config file must also specify group.id as testconsumergroup. Here is more information.
| Code Block |
|---|
$ kafka-console-consumer.sh --zookeeper localhost:2181 --topic testTopic --from-beginning --consumer.config consumer.properties
This is a message
This is another message |