Kafka Authorization Command Line Interface
The Kafka Authorization CLI script, kafka-acls.sh
, resides in the
bin
directory.
The following table lists ACL actions supported by the CLI script:
Action Type | Description |
---|---|
--add | Add an ACL. |
--remove | Remove an ACL. |
--list | List ACLs. |
The following table lists additional options for the Authorization CLI:
Option | Description | Default | Option Type |
---|---|---|---|
--authorizer | The fully-qualified class name of the authorizer. | kafka.security.auth.SimpleAclAuthorizer | Configuration |
--authorizer-properties | A list of key=value pairs that will be passed to authorizer for initialization. Use this option multiple times to specify multiple properties. | Configuration | |
--cluster | Specifies the cluster as resource. | Resource | |
--topic <topic-name> | Specifies the topic as resource. | Resource | |
--consumer-group <consumer-group> | Specifies the consumer group as resource. | Resource | |
--allow-principal |
These principals will be used to generate an ACL with Specify principal in To specify more than one principal in a single command, specify this option multiple times. For example:
| Principal | |
--deny-principal |
These principals will be used to generate an ACL with Deny permission. Principal is in Multiple principals can be specified (see the | Principal | |
--allow-host | IP address of the host from which the principals listed in
--allow-principal will have access. To specify multiple hosts, specify
this option multiple times. | if --allow-principal is specified, this defaults to *, which
translates to "all hosts" | Host |
--deny-host |
IP address of the host from which the principals listed in
| if --deny-principal is specified, this defaults to *, which
translates to "all hosts" | Host |
--operation | An operation that will be allowed or denied based on principal options. Valid values: Read, Write, Create, Delete, Alter, Describe, ClusterAction, All | All | Operation |
--producer |
Convenience option to add or remove ACLs for the producer role. This will generate ACLs that allow WRITE, DESCRIBE on topic, and CREATE on cluster. | Convenience | |
--consumer |
Convenience option to add/remove ACLs for consumer role. This will generate ACLs that allows READ, DESCRIBE on topic, and READ on consumer-group. | Convenience |