REST Resource: projects.locations.clusters.acls

Resource: Acl

Represents the set of ACLs for a given Kafka Resource Pattern, which consists of resourceType, resourceName and patternType.

JSON representation 
{
  "name": string,
  "aclEntries": [
    {
      object (AclEntry)
    }
  ],
  "etag": string,
  "resourceType": string,
  "resourceName": string,
  "patternType": string
}
Fields
name

string

Identifier. The name for the acl. Represents a single Resource Pattern. Structured like: projects/{project}/locations/{location}/clusters/{cluster}/acls/{aclId}

The structure of aclId defines the Resource Pattern (resourceType, resourceName, patternType) of the acl. aclId is structured like one of the following:

For acls on the cluster: cluster

For acls on a single resource within the cluster: topic/{resourceName} consumerGroup/{resourceName} transactionalId/{resourceName}

For acls on all resources that match a prefix: topicPrefixed/{resourceName} consumerGroupPrefixed/{resourceName} transactionalIdPrefixed/{resourceName}

For acls on all resources of a given type (i.e. the wildcard literal "*"): allTopics (represents topic/*) allConsumerGroups (represents consumerGroup/*) allTransactionalIds (represents transactionalId/*)
aclEntries[]

object (AclEntry)

Required. The ACL entries that apply to the resource pattern. The maximum number of allowed entries 100.
etag

string

Optional. etag is used for concurrency control. An etag is returned in the response to acls.get and acls.create. Callers are required to put that etag in the request to acls.patch to ensure that their change will be applied to the same version of the acl that exists in the Kafka Cluster.

A terminal 'T' character in the etag indicates that the AclEntries were truncated; more entries for the Acl exist on the Kafka Cluster, but can't be returned in the Acl due to repeated field limits.
resourceType

string

Output only. The ACL resource type derived from the name. One of: CLUSTER, TOPIC, GROUP, TRANSACTIONAL_ID.
resourceName

string

Output only. The ACL resource name derived from the name. For cluster resourceType, this is always "kafka-cluster". Can be the wildcard literal "*".
patternType

string

Output only. The ACL pattern type derived from the name. One of: LITERAL, PREFIXED.

AclEntry

Represents the access granted for a given Resource Pattern in an ACL.

JSON representation 
{
  "principal": string,
  "permissionType": string,
  "operation": string,
  "host": string
}
Fields
principal

string

Required. The principal. Specified as Google Cloud account, with the Kafka StandardAuthorizer prefix "User:". For example: "User:test-kafka-client@test-project.iam.gserviceaccount.com". Can be the wildcard "User:*" to refer to all users.
permissionType

string

Required. The permission type. Accepted values are (case insensitive): ALLOW, DENY.
operation

string

Required. The operation type. Allowed values are (case insensitive): ALL, READ, WRITE, CREATE, DELETE, ALTER, DESCRIBE, CLUSTER_ACTION, DESCRIBE_CONFIGS, ALTER_CONFIGS, and IDEMPOTENT_WRITE. See https://kafka.apache.org/documentation/#operations_resources_and_protocols for valid combinations of resourceType and operation for different Kafka API requests.
host

string

Required. The host. Must be set to "*" for Managed Service for Apache Kafka.

Methods

addAclEntry

 Incremental update: Adds an acl entry to an acl.

create

 Creates a new acl in the given project, location, and cluster.

delete

 Deletes an acl.

get

 Returns the properties of a single acl.

list

 Lists the acls in a given cluster.

patch

 Updates the properties of a single acl.

removeAclEntry

 Incremental update: Removes an acl entry from an acl.