THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
| Option | Description | Default | Option type |
|---|---|---|---|
| --add | Indicates to the script that user is trying to add an acl. | Action | |
| --remove | Indicates to the script that user is trying to remove an acl. | Action | |
| --list | Indicates to the script that user is trying to list acls. | Action | |
| --authorizer | Fully qualified class name of the authorizer. | kafka.security.auth.SimpleAclAuthorizer | Configuration |
| --authorizer-properties | comma separated key=val pairs that will be passed to authorizer for initialization. | Configuration | |
| --cluster | Specifies cluster as resource. | Resource | |
| --topic <topic-name> | Specifies the topic as resource. | Resource | |
| --consumer-group <consumer-group> | Specifies the consumer-group as resource. | Resource | |
| --allow-principalsprincipal | Principal Comma separated list of principals where principal is in PrincipalType:name format. These principals will be used to generate an ACL with Allow permission. Multiple principals can be specified in a single command by specifying this option multiple times, i.e. --allow-principal User:test1@EXAMPLE.COM --allow-principal User:test2@EXAMPLE.COM | Principal | |
| --deny-principalsprincipal | Principal Comma separated list of principals where principal is in PrincipalType:name format. These principals will be used to generate an ACL with Deny permission. Multiple principals can be specified in the same way as described in --allow-principal option. | Principal | |
| --allow-hosts | Comma separated list of hosts from which principals listed in --allow-principals will have access. | if --allow-principals is specified defaults to * which translates to "all hosts" | Host |
| --deny-hosts | Comma separated list of hosts from which principals listed in --deny-principals will be denied access. | if --deny-principals is specified defaults to * which translates to "all hosts" | Host |
| --operations | Comma separated list of operations. Valid values are : Read, Write, Create, Delete, Alter, Describe, ClusterAction, All | All | Operation |
| --producer | Convenience option to add/remove acls for producer role. This will generate acls that allows WRITE, | Convenience | |
| --consumer | Convenience option to add/remove acls for consumer role. This will generate acls that allows READ, | Convenience |
...
| Code Block | ||
|---|---|---|
| ||
bin/kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principalsprincipal User:Bob, --allow-principal User:Alice --allow-hosts Host1,Host2 --operations Read,Write --topic Test-topic |
...
| Code Block | ||
|---|---|---|
| ||
bin/kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principalsprincipal User:* --allow-hosts * --deny-principalsprincipal User:BadBob --deny-hosts bad-host --operations Read--topic Test-topic |
...
| Code Block | ||
|---|---|---|
| ||
bin/kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer --authorizer-properties zookeeper.connect=localhost:2181 --remove --allow-principalsprincipal User:Bob, --allow-principal User:Alice --allow-hosts Host1,Host2 --operations Read,Write --topic Test-topic |
...
| Code Block | ||
|---|---|---|
| ||
bin/kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principalsprincipal User:Bob --producer --topic Test-topic |
...
| Code Block | ||
|---|---|---|
| ||
bin/kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principalsprincipal User:Bob --consumer --topic test-topic --consumer-group Group-1 |
...