Versions Compared

Old Version 4

changes.mady.by.user Ismael Juma

Saved on

compared with

New Version Current

changes.mady.by.user Parth

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

OptionDescriptionDefaultOption type
--addIndicates to the script that user is trying to add an acl. Action
--removeIndicates to the script that user is trying to remove an acl. Action
--listIndicates to the script that user is trying to list acls. Action
--authorizer

Fully qualified class name of the authorizer.

kafka.security.auth.SimpleAclAuthorizerConfiguration
--authorizer-properties

comma separated key=val pairs that will be passed to authorizer for initialization.

 Configuration
--clusterSpecifies cluster as resource. Resource
--topic <topic-name>Specifies the topic as resource. Resource
--consumer-group <consumer-group>Specifies the consumer-group as resource. Resource
--allow-principalsComma separated list of principals where principal principal

Principal is in PrincipalType:name format.

These principals will be used to generate an ACL with Allow permission.

Multiple principals can be specified in a single command by specifying this option multiple times, i.e.

--allow-principal User:test1@EXAMPLE.COM --allow-principal User:test2@EXAMPLE.COM

 Principal
--deny-principalsComma separated list of principals where principal principal

Principal is in PrincipalType:name format.

These principals will be used to generate an ACL with Deny permission.

Multiple principals can be specified in the same way as described in --allow-principal option.

 Principal
--allow-hosts

Comma separated list of hosts from which principals listed in --allow-principals will have access.

if --allow-principals is specified defaults to * which translates to "all hosts"Host
--deny-hostsComma separated list of hosts from which principals listed in --deny-principals will be denied access.if --deny-principals is specified defaults to * which translates to "all hosts"Host
--operations

Comma separated list of operations.

Valid values are : Read, Write, Create, Delete, Alter, Describe, ClusterAction, All

AllOperation
--producer

Convenience option to add/remove acls for producer role. This will generate acls that allows WRITE,
DESCRIBE on topic and CREATE on cluster.

 Convenience
--consumer

Convenience option to add/remove acls for consumer role. This will generate acls that allows READ,
DESCRIBE on topic and READ on consumer-group.

 Convenience

...

Code Block
languagebash
bin/kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principalsprincipal User:Bob, --allow-principal User:Alice --allow-hosts Host1,Host2 --operations Read,Write --topic Test-topic

...

Code Block
languagebash
bin/kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principalsprincipal User:* --allow-hosts * --deny-principalsprincipal User:BadBob --deny-hosts bad-host --operations Read--topic Test-topic

...

Code Block
languagebash
bin/kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer --authorizer-properties zookeeper.connect=localhost:2181 --remove --allow-principalsprincipal User:Bob, --allow-principal User:Alice --allow-hosts Host1,Host2 --operations Read,Write --topic Test-topic

...

Code Block
languagebash
bin/kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principalsprincipal User:Bob --producer --topic Test-topic

...

Code Block
languagebash
 bin/kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principalsprincipal User:Bob --consumer --topic test-topic --consumer-group Group-1

...