...
The "operation" is the particular operation which the ACL controls. In the wire protocol, we represented resource_type as an INT8. The mappings are:
-2: unknown
-1: none
0: read
1: write
2: create
3: alter
4: describe
5: clusterAction
6: all
The "permission_type" is whether the ACL allows access or forbids it. In the wire protocol, we represented resource_type as an INT8. The mappings are:
-2: unknown
-1: none
0:deny
1: allow
Representing Resource Components on the Wire
...
The "resource_type" is the type of resource the ACL applies to. In the wire protocol, we represented resource_type as an INT8. The mappings are:
-2: unknown
-1: noneany
0: topic
1: group
2: cluster
...
Note that an argument of "noneany" or null is different than a wildcard argument. That is, ListAclsRequest(principal=nonenull) will return all ACLs, but ListAclsRequest(principal=*) will return only ACLs that have their principal set to wildcard.
...