24.1 beta 23.3 23.2 23.1

rpk acl delete

Delete ACLs.

See the rpk acl help text for a full write up on ACLs. Delete flags work in a similar multiplying effect as creating ACLs, but delete is more advanced: deletion works on a filter basis. Any unspecified flag defaults to matching everything (all operations, or all allowed principals, etc). To ensure that you do not accidentally delete more than you intend, this command prints everything that matches your input filters and prompts for a confirmation before the delete request is issued. Anything matching more than 10 ACLs doubly confirms.

As mentioned, not specifying flags matches everything. If no resources are specified, all resources are matched. If no operations are specified, all operations are matched. You can also opt in to matching everything with "any": --operation any matches any operation.

The --resource-pattern-type, defaulting to "any", configures how to filter resource names:

  • "any" returns exact name matches of either prefixed or literal pattern type

  • "match" returns wildcard matches, prefix patterns that match your input, and literal matches

  • "prefix" returns prefix patterns that match your input (prefix "fo" matches "foo")

  • "literal" returns exact name matches

Usage

rpk acl delete [flags]

Flags

Value Type Description

--allow-host

strings

Allowed host ACLs to remove (repeatable).

--allow-principal

strings

Allowed principal ACLs to remove (repeatable).

--cluster

-

Whether to remove ACLs to the cluster.

--deny-host

strings

Denied host ACLs to remove (repeatable).

--deny-principal

strings

Denied principal ACLs to remove (repeatable).

-d, --dry

-

Dry run: validate what would be deleted.

--group

strings

Group to remove ACLs for (repeatable).

-h, --help

-

Help for delete.

--no-confirm

-

Disable confirmation prompt.

--operation

strings

Operation to remove (repeatable).

-f, --print-filters

-

Print the filters that were requested (failed filters are always printed).

--resource-pattern-type

string

Pattern to use when matching resource names (any, match, literal, or prefixed) (default "any").

--topic

strings

Topic to remove ACLs for (repeatable).

--transactional-id

strings

Transactional IDs to remove ACLs for (repeatable).

--admin-api-tls-cert

string

The certificate to be used for TLS authentication with the Admin API.

--admin-api-tls-enabled

-

Enable TLS for the Admin API (not necessary if specifying custom certs).

--admin-api-tls-key

string

The certificate key to be used for TLS authentication with the Admin API.

--admin-api-tls-truststore

string

The truststore to be used for TLS communication with the Admin API.

--brokers

strings

Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092'). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.

--config

string

Redpanda config file, if not set the file will be searched for in the default locations.

--password

string

SASL password to be used for authentication.

--sasl-mechanism

string

The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.

--tls-cert

string

The certificate to be used for TLS authentication with the broker.

--tls-enabled

-

Enable TLS for the Kafka API (not necessary if specifying custom certs).

--tls-key

string

The certificate key to be used for TLS authentication with the broker.

--tls-truststore

string

The truststore to be used for TLS communication with the broker.

--user

string

SASL user to be used for authentication.

-v, --verbose

-

Enable verbose logging (default: false).