gcloud alpha managed-kafka acls update

NAME
gcloud alpha managed-kafka acls update - update a Managed Service for Apache Kafka acl
SYNOPSIS
gcloud alpha managed-kafka acls update (ACL : --cluster=CLUSTER --location=LOCATION) (--acl-entry=[host=HOST],[operation=OPERATION],[permission-type=PERMISSION-TYPE],[principal=PRINCIPAL] --etag=ETAG) [GCLOUD_WIDE_FLAG]
DESCRIPTION
(ALPHA) Update a Managed Service for Apache Kafka acl.

NOTE: update performs a FULL REPLACEMENT of acl entries. For incremental updates, use add-acl-entry and remove-acl-entry commands.

EXAMPLES
To update an acl for the Kafka cluster resource pattern, with etag W/XYZ123 returned from a previous create or describe command, in a cluster named mycluster located in us-central1, run the following: 
gcloud alpha managed-kafka acls update cluster --cluster=mycluster --location=us-central1 --acl-entry=principal='User:admin@project.iam.gserviceaccount.com',operation=ALL,permission-type=ALLOW,host='*' --etag=W/XYZ123
POSITIONAL ARGUMENTS
Acl resource - Identifies the name of the acl that this command updates. The arguments in this group can be used to specify the attributes of this resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways.

To set the project attribute:

  • provide the argument acl on the command line with a fully specified name;
  • provide the argument --project on the command line;
  • set the property core/project.

This must be specified.

ACL
ID of the acl or fully qualified identifier for the acl.

To set the acl attribute:

  • provide the argument acl on the command line.

This positional argument must be specified if any of the other arguments in this group are specified.

--cluster=CLUSTER
The cluster name. To set the cluster attribute:
  • provide the argument acl on the command line with a fully specified name;
  • provide the argument --cluster on the command line.
--location=LOCATION
ID of the location of the Managed Service for Apache Kafka resource. See https://cloud.google.com/managed-service-for-apache-kafka/docs/locations for a list of supported locations. To set the location attribute:
  • provide the argument acl on the command line with a fully specified name;
  • provide the argument --location on the command line.
REQUIRED FLAGS
At least one of these must be specified:
--acl-entry=[host=HOST],[operation=OPERATION],[permission-type=PERMISSION-TYPE],[principal=PRINCIPAL]
An acl entry that configures access for a principal, for a specific operation on the acl's resource pattern. This flag can be repeated.

PRINCIPAL is the principal. Specified as Google Cloud account, with the Kafka StandardAuthorizer prefix "User:". For example: "User:admin@project.iam.gserviceaccount.com". Can be the wildcard "User:*" to refer to all users.

OPERATION is the operation type. Allowed values are: ALL, READ, WRITE, CREATE, DELETE, ALTER, DESCRIBE, CLUSTER_ACTION, DESCRIBE_CONFIGS, ALTER_CONFIGS, IDEMPOTENT_WRITE.

PERMISSION-TYPE is the permission type. Allowed values are: ALLOW, DENY.

HOST is the host. Must be set to "*" for Managed Service for Apache Kafka.

Example acl-entry: "principal=User:admin@project.iam.gserviceaccount.com,operation=ALL,permission-type=ALLOW,host=*"

--etag=ETAG
etag returned in the response to a previous create or describe command. The etag is used for concurrency control, to ensure that the client and server agree on the current set of acl entries in the Kafka cluster, before full replacement in the update command.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

API REFERENCE
This command uses the managedkafka/v1 API. The full documentation for this API can be found at: https://cloud.google.com/managed-service-for-apache-kafka/docs
NOTES
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist.