Create ACL | Cloud Data Plane API documentation

Create ACL Run in API Explorer

POST /v1/acls

Auth0

Create a new ACL.

application/json

Body Required

host string Required

The host address to use for this ACL. To allow a principal access from multiple hosts, you must create an ACL for each host.
operation string Required

The operation that is allowed or denied (e.g. READ).

Values are OPERATION_ANY, OPERATION_ALL, OPERATION_READ, OPERATION_WRITE, OPERATION_CREATE, OPERATION_DELETE, OPERATION_ALTER, OPERATION_DESCRIBE, OPERATION_CLUSTER_ACTION, OPERATION_DESCRIBE_CONFIGS, OPERATION_ALTER_CONFIGS, OPERATION_IDEMPOTENT_WRITE, OPERATION_CREATE_TOKENS, or OPERATION_DESCRIBE_TOKENS.
permission_type string Required

Whether the operation should be allowed or denied.

Values are PERMISSION_TYPE_ANY, PERMISSION_TYPE_DENY, or PERMISSION_TYPE_ALLOW.
principal string Required

The user for whom this ACL applies. With the Kafka simple authorizer, you must include the prefix "User:" with the user name.
resource_name string

The name of the resource this ACL targets. For requests with resource_type CLUSTER, this will default to "kafka-cluster".
resource_pattern_type string Required

The pattern to use for matching the specified resource_name (any, exact match, literal, or prefixed).

Values are RESOURCE_PATTERN_TYPE_ANY, RESOURCE_PATTERN_TYPE_MATCH, RESOURCE_PATTERN_TYPE_LITERAL, or RESOURCE_PATTERN_TYPE_PREFIXED.
resource_type string Required

The type of resource (topic, consumer group, etc.) this ACL targets.

Values are RESOURCE_TYPE_ANY, RESOURCE_TYPE_TOPIC, RESOURCE_TYPE_GROUP, RESOURCE_TYPE_CLUSTER, RESOURCE_TYPE_TRANSACTIONAL_ID, RESOURCE_TYPE_DELEGATION_TOKEN, or RESOURCE_TYPE_USER.

Responses

201 application/json

Created
401 application/json

Unauthenticated.
Hide response attributes Show response attributes object
- code string(int32)
  
  RPC status code, as described here.
  
  Values are OK, CANCELLED, UNKNOWN, INVALID_ARGUMENT, DEADLINE_EXCEEDED, NOT_FOUND, ALREADY_EXISTS, PERMISSION_DENIED, UNAUTHENTICATED, RESOURCE_EXHAUSTED, FAILED_PRECONDITION, ABORTED, OUT_OF_RANGE, UNIMPLEMENTED, INTERNAL, UNAVAILABLE, or DATA_LOSS.
- details array[object]
  
  A list of messages that carries the error details.
  
  Details of the error.
  
  Details of the error.
  
  One of:
  BadRequest object ErrorInfo object QuotaFailure object Help object
  
  Describes violations in a client request. This error type focuses on the syntactic aspects of the request.
  
  Hide attributes Show attributes
  
  @type string
  
  Fully qualified protobuf type name of the underlying response, prefixed with type.googleapis.com/.
  
  Value is type.googleapis.com/google.rpc.BadRequest.
  
  field_violations array[object]
  
  Describes all violations in a client request.
  
  A message type used to describe a single bad request field.
  
  Hide field_violations attributes Show field_violations attributes object
  
  description string
  
  A description of why the request element is bad.
  
  field string
  
  A path that leads to a field in the request body. The value will be a sequence of dot-separated identifiers that identify a protocol buffer field.
  
  Consider the following:
  
  message CreateContactRequest { message EmailAddress { enum Type { TYPE_UNSPECIFIED = 0; HOME = 1; WORK = 2; }
  
  optional string email = 1; repeated EmailType type = 2; }
  
  string full_name = 1; repeated EmailAddress email_addresses = 2; }
  
  In this example, in proto field could take one of the following values:
  
  full_name for a violation in the full_name value
  
  email_addresses[1].email for a violation in the email field of the first email_addresses message
  
  email_addresses[3].type[2] for a violation in the second type value in the third email_addresses message.
  
  In JSON, the same values are represented as:
  
  fullName for a violation in the fullName value
  
  emailAddresses[1].email for a violation in the email field of the first emailAddresses message
  
  emailAddresses[3].type[2] for a violation in the second type value in the third emailAddresses message.
  
  Describes the cause of the error with structured details.
  
  Example of an error when contacting the "pubsub.googleapis.com" API when it is not enabled:
  
  { "reason": "API_DISABLED" "domain": "googleapis.com" "metadata": { "resource": "projects/123", "service": "pubsub.googleapis.com" } }
  
  This response indicates that the pubsub.googleapis.com API is not enabled.
  
  Example of an error that is returned when attempting to create a Spanner instance in a region that is out of stock:
  
  { "reason": "STOCKOUT" "domain": "spanner.googleapis.com", "metadata": { "availableRegions": "us-central1,us-east2" } }
  
  Hide attributes Show attributes
  
  @type string
  
  Fully qualified protobuf type name of the underlying response, prefixed with type.googleapis.com/.
  
  Value is type.googleapis.com/google.rpc.ErrorInfo.
  
  domain string
  
  The logical grouping to which the "reason" belongs. The error domain is typically the registered service name of the tool or product that generates the error. Example: "pubsub.googleapis.com". If the error is generated by some common infrastructure, the error domain must be a globally unique value that identifies the infrastructure. For Google API infrastructure, the error domain is "googleapis.com".
  
  metadata object
  
  Additional structured details about this error.
  
  Keys should match /[a-zA-Z0-9-_]/ and be limited to 64 characters in length. When identifying the current value of an exceeded limit, the units should be contained in the key, not the value. For example, rather than {"instanceLimit": "100/request"}, should be returned as, {"instanceLimitPerRequest": "100"}, if the client exceeds the number of instances that can be created in a single (batch) request.
  
  Hide metadata attribute Show metadata attribute object
  
  * string Additional properties
  
  reason string
  
  The reason of the error. This is a constant value that identifies the proximate cause of the error. Error reasons are unique within a particular domain of errors. This should be at most 63 characters and match a regular expression of [A-Z][A-Z0-9_]+[A-Z0-9], which represents UPPER_SNAKE_CASE.
  
  Describes how a quota check failed.
  
  For example if a daily limit was exceeded for the calling project, a service could respond with a QuotaFailure detail containing the project id and the description of the quota limit that was exceeded. If the calling project hasn't enabled the service in the developer console, then a service could respond with the project id and set service_disabled to true.
  
  Also see RetryInfo and Help types for other details about handling a quota failure.
  
  Hide attributes Show attributes
  
  @type string
  
  Fully qualified protobuf type name of the underlying response, prefixed with type.googleapis.com/.
  
  Value is type.googleapis.com/google.rpc.QuotaFailure.
  
  violations array[object]
  
  Describes all quota violations.
  
  A message type used to describe a single quota violation. For example, a daily quota or a custom quota that was exceeded.
  
  Hide violations attributes Show violations attributes object
  
  description string
  
  A description of how the quota check failed. Clients can use this description to find more about the quota configuration in the service's public documentation, or find the relevant quota limit to adjust through developer console.
  
  For example: "Service disabled" or "Daily Limit for read operations exceeded".
  
  subject string
  
  The subject on which the quota check failed. For example, "clientip:" or "project:".
  
  Provides links to documentation or for performing an out of band action.
  
  For example, if a quota check failed with an error indicating the calling project hasn't enabled the accessed service, this can contain a URL pointing directly to the right place in the developer console to flip the bit.
  
  Hide attributes Show attributes
  
  @type string
  
  Fully qualified protobuf type name of the underlying response, prefixed with type.googleapis.com/.
  
  Value is type.googleapis.com/google.rpc.Help.
  
  links array[object]
  
  URL(s) pointing to additional information on handling the current error.
  
  Describes a URL link.
  
  Hide links attributes Show links attributes object
  
  description string
  
  Describes what the link offers.
  
  url string
  
  The URL of the link.
- message string
  
  Detailed error message. No compatibility guarantees are given for the text contained in this message.
500 application/json

Internal Server Error. Reach out to support.
Hide response attributes Show response attributes object
- code string(int32)
  
  RPC status code, as described here.
  
  Values are OK, CANCELLED, UNKNOWN, INVALID_ARGUMENT, DEADLINE_EXCEEDED, NOT_FOUND, ALREADY_EXISTS, PERMISSION_DENIED, UNAUTHENTICATED, RESOURCE_EXHAUSTED, FAILED_PRECONDITION, ABORTED, OUT_OF_RANGE, UNIMPLEMENTED, INTERNAL, UNAVAILABLE, or DATA_LOSS.
- details array[object]
  
  A list of messages that carries the error details.
  
  Details of the error.
  
  Details of the error.
  
  One of:
  BadRequest object ErrorInfo object QuotaFailure object Help object
  
  Describes violations in a client request. This error type focuses on the syntactic aspects of the request.
  
  Hide attributes Show attributes
  
  @type string
  
  Fully qualified protobuf type name of the underlying response, prefixed with type.googleapis.com/.
  
  Value is type.googleapis.com/google.rpc.BadRequest.
  
  field_violations array[object]
  
  Describes all violations in a client request.
  
  A message type used to describe a single bad request field.
  
  Hide field_violations attributes Show field_violations attributes object
  
  description string
  
  A description of why the request element is bad.
  
  field string
  
  A path that leads to a field in the request body. The value will be a sequence of dot-separated identifiers that identify a protocol buffer field.
  
  Consider the following:
  
  message CreateContactRequest { message EmailAddress { enum Type { TYPE_UNSPECIFIED = 0; HOME = 1; WORK = 2; }
  
  optional string email = 1; repeated EmailType type = 2; }
  
  string full_name = 1; repeated EmailAddress email_addresses = 2; }
  
  In this example, in proto field could take one of the following values:
  
  full_name for a violation in the full_name value
  
  email_addresses[1].email for a violation in the email field of the first email_addresses message
  
  email_addresses[3].type[2] for a violation in the second type value in the third email_addresses message.
  
  In JSON, the same values are represented as:
  
  fullName for a violation in the fullName value
  
  emailAddresses[1].email for a violation in the email field of the first emailAddresses message
  
  emailAddresses[3].type[2] for a violation in the second type value in the third emailAddresses message.
  
  Describes the cause of the error with structured details.
  
  Example of an error when contacting the "pubsub.googleapis.com" API when it is not enabled:
  
  { "reason": "API_DISABLED" "domain": "googleapis.com" "metadata": { "resource": "projects/123", "service": "pubsub.googleapis.com" } }
  
  This response indicates that the pubsub.googleapis.com API is not enabled.
  
  Example of an error that is returned when attempting to create a Spanner instance in a region that is out of stock:
  
  { "reason": "STOCKOUT" "domain": "spanner.googleapis.com", "metadata": { "availableRegions": "us-central1,us-east2" } }
  
  Hide attributes Show attributes
  
  @type string
  
  Fully qualified protobuf type name of the underlying response, prefixed with type.googleapis.com/.
  
  Value is type.googleapis.com/google.rpc.ErrorInfo.
  
  domain string
  
  The logical grouping to which the "reason" belongs. The error domain is typically the registered service name of the tool or product that generates the error. Example: "pubsub.googleapis.com". If the error is generated by some common infrastructure, the error domain must be a globally unique value that identifies the infrastructure. For Google API infrastructure, the error domain is "googleapis.com".
  
  metadata object
  
  Additional structured details about this error.
  
  Keys should match /[a-zA-Z0-9-_]/ and be limited to 64 characters in length. When identifying the current value of an exceeded limit, the units should be contained in the key, not the value. For example, rather than {"instanceLimit": "100/request"}, should be returned as, {"instanceLimitPerRequest": "100"}, if the client exceeds the number of instances that can be created in a single (batch) request.
  
  Hide metadata attribute Show metadata attribute object
  
  * string Additional properties
  
  reason string
  
  The reason of the error. This is a constant value that identifies the proximate cause of the error. Error reasons are unique within a particular domain of errors. This should be at most 63 characters and match a regular expression of [A-Z][A-Z0-9_]+[A-Z0-9], which represents UPPER_SNAKE_CASE.
  
  Describes how a quota check failed.
  
  For example if a daily limit was exceeded for the calling project, a service could respond with a QuotaFailure detail containing the project id and the description of the quota limit that was exceeded. If the calling project hasn't enabled the service in the developer console, then a service could respond with the project id and set service_disabled to true.
  
  Also see RetryInfo and Help types for other details about handling a quota failure.
  
  Hide attributes Show attributes
  
  @type string
  
  Fully qualified protobuf type name of the underlying response, prefixed with type.googleapis.com/.
  
  Value is type.googleapis.com/google.rpc.QuotaFailure.
  
  violations array[object]
  
  Describes all quota violations.
  
  A message type used to describe a single quota violation. For example, a daily quota or a custom quota that was exceeded.
  
  Hide violations attributes Show violations attributes object
  
  description string
  
  A description of how the quota check failed. Clients can use this description to find more about the quota configuration in the service's public documentation, or find the relevant quota limit to adjust through developer console.
  
  For example: "Service disabled" or "Daily Limit for read operations exceeded".
  
  subject string
  
  The subject on which the quota check failed. For example, "clientip:" or "project:".
  
  Provides links to documentation or for performing an out of band action.
  
  For example, if a quota check failed with an error indicating the calling project hasn't enabled the accessed service, this can contain a URL pointing directly to the right place in the developer console to flip the bit.
  
  Hide attributes Show attributes
  
  @type string
  
  Fully qualified protobuf type name of the underlying response, prefixed with type.googleapis.com/.
  
  Value is type.googleapis.com/google.rpc.Help.
  
  links array[object]
  
  URL(s) pointing to additional information on handling the current error.
  
  Describes a URL link.
  
  Hide links attributes Show links attributes object
  
  description string
  
  Describes what the link offers.
  
  url string
  
  The URL of the link.
- message string
  
  Detailed error message. No compatibility guarantees are given for the text contained in this message.
default application/json

An unexpected error response.
Hide response attributes Show response attributes object
- code string(int32)
  
  RPC status code, as described here.
  
  Values are OK, CANCELLED, UNKNOWN, INVALID_ARGUMENT, DEADLINE_EXCEEDED, NOT_FOUND, ALREADY_EXISTS, PERMISSION_DENIED, UNAUTHENTICATED, RESOURCE_EXHAUSTED, FAILED_PRECONDITION, ABORTED, OUT_OF_RANGE, UNIMPLEMENTED, INTERNAL, UNAVAILABLE, or DATA_LOSS.
- details array[object]
  
  A list of messages that carries the error details.
  
  Details of the error.
  
  Details of the error.
  
  One of:
  BadRequest object ErrorInfo object QuotaFailure object Help object
  
  Describes violations in a client request. This error type focuses on the syntactic aspects of the request.
  
  Hide attributes Show attributes
  
  @type string
  
  Fully qualified protobuf type name of the underlying response, prefixed with type.googleapis.com/.
  
  Value is type.googleapis.com/google.rpc.BadRequest.
  
  field_violations array[object]
  
  Describes all violations in a client request.
  
  A message type used to describe a single bad request field.
  
  Hide field_violations attributes Show field_violations attributes object
  
  description string
  
  A description of why the request element is bad.
  
  field string
  
  A path that leads to a field in the request body. The value will be a sequence of dot-separated identifiers that identify a protocol buffer field.
  
  Consider the following:
  
  message CreateContactRequest { message EmailAddress { enum Type { TYPE_UNSPECIFIED = 0; HOME = 1; WORK = 2; }
  
  optional string email = 1; repeated EmailType type = 2; }
  
  string full_name = 1; repeated EmailAddress email_addresses = 2; }
  
  In this example, in proto field could take one of the following values:
  
  full_name for a violation in the full_name value
  
  email_addresses[1].email for a violation in the email field of the first email_addresses message
  
  email_addresses[3].type[2] for a violation in the second type value in the third email_addresses message.
  
  In JSON, the same values are represented as:
  
  fullName for a violation in the fullName value
  
  emailAddresses[1].email for a violation in the email field of the first emailAddresses message
  
  emailAddresses[3].type[2] for a violation in the second type value in the third emailAddresses message.
  
  Describes the cause of the error with structured details.
  
  Example of an error when contacting the "pubsub.googleapis.com" API when it is not enabled:
  
  { "reason": "API_DISABLED" "domain": "googleapis.com" "metadata": { "resource": "projects/123", "service": "pubsub.googleapis.com" } }
  
  This response indicates that the pubsub.googleapis.com API is not enabled.
  
  Example of an error that is returned when attempting to create a Spanner instance in a region that is out of stock:
  
  { "reason": "STOCKOUT" "domain": "spanner.googleapis.com", "metadata": { "availableRegions": "us-central1,us-east2" } }
  
  Hide attributes Show attributes
  
  @type string
  
  Fully qualified protobuf type name of the underlying response, prefixed with type.googleapis.com/.
  
  Value is type.googleapis.com/google.rpc.ErrorInfo.
  
  domain string
  
  The logical grouping to which the "reason" belongs. The error domain is typically the registered service name of the tool or product that generates the error. Example: "pubsub.googleapis.com". If the error is generated by some common infrastructure, the error domain must be a globally unique value that identifies the infrastructure. For Google API infrastructure, the error domain is "googleapis.com".
  
  metadata object
  
  Additional structured details about this error.
  
  Keys should match /[a-zA-Z0-9-_]/ and be limited to 64 characters in length. When identifying the current value of an exceeded limit, the units should be contained in the key, not the value. For example, rather than {"instanceLimit": "100/request"}, should be returned as, {"instanceLimitPerRequest": "100"}, if the client exceeds the number of instances that can be created in a single (batch) request.
  
  Hide metadata attribute Show metadata attribute object
  
  * string Additional properties
  
  reason string
  
  The reason of the error. This is a constant value that identifies the proximate cause of the error. Error reasons are unique within a particular domain of errors. This should be at most 63 characters and match a regular expression of [A-Z][A-Z0-9_]+[A-Z0-9], which represents UPPER_SNAKE_CASE.
  
  Describes how a quota check failed.
  
  For example if a daily limit was exceeded for the calling project, a service could respond with a QuotaFailure detail containing the project id and the description of the quota limit that was exceeded. If the calling project hasn't enabled the service in the developer console, then a service could respond with the project id and set service_disabled to true.
  
  Also see RetryInfo and Help types for other details about handling a quota failure.
  
  Hide attributes Show attributes
  
  @type string
  
  Fully qualified protobuf type name of the underlying response, prefixed with type.googleapis.com/.
  
  Value is type.googleapis.com/google.rpc.QuotaFailure.
  
  violations array[object]
  
  Describes all quota violations.
  
  A message type used to describe a single quota violation. For example, a daily quota or a custom quota that was exceeded.
  
  Hide violations attributes Show violations attributes object
  
  description string
  
  A description of how the quota check failed. Clients can use this description to find more about the quota configuration in the service's public documentation, or find the relevant quota limit to adjust through developer console.
  
  For example: "Service disabled" or "Daily Limit for read operations exceeded".
  
  subject string
  
  The subject on which the quota check failed. For example, "clientip:" or "project:".
  
  Provides links to documentation or for performing an out of band action.
  
  For example, if a quota check failed with an error indicating the calling project hasn't enabled the accessed service, this can contain a URL pointing directly to the right place in the developer console to flip the bit.
  
  Hide attributes Show attributes
  
  @type string
  
  Fully qualified protobuf type name of the underlying response, prefixed with type.googleapis.com/.
  
  Value is type.googleapis.com/google.rpc.Help.
  
  links array[object]
  
  URL(s) pointing to additional information on handling the current error.
  
  Describes a URL link.
  
  Hide links attributes Show links attributes object
  
  description string
  
  Describes what the link offers.
  
  url string
  
  The URL of the link.
- message string
  
  Detailed error message. No compatibility guarantees are given for the text contained in this message.

POST /v1/acls

curl \
 --request POST 'https://{dataplane_api_subdomain}.cloud.redpanda.com/v1/acls' \
 --header "Authorization: Bearer $ACCESS_TOKEN" \
 --header "Content-Type: application/json" \
 --data '{"host":"string","operation":"OPERATION_ANY","permission_type":"PERMISSION_TYPE_ANY","principal":"string","resource_name":"string","resource_pattern_type":"RESOURCE_PATTERN_TYPE_ANY","resource_type":"RESOURCE_TYPE_ANY"}'

Request examples

{
  "host": "string",
  "operation": "OPERATION_ANY",
  "permission_type": "PERMISSION_TYPE_ANY",
  "principal": "string",
  "resource_name": "string",
  "resource_pattern_type": "RESOURCE_PATTERN_TYPE_ANY",
  "resource_type": "RESOURCE_TYPE_ANY"
}

Response examples (201)

{}

Response examples (401)

{
  "code": "OK",
  "details": [
    {
      "@type": "type.googleapis.com/google.rpc.BadRequest",
      "field_violations": [
        {
          "description": "string",
          "field": "string"
        }
      ]
    }
  ],
  "message": "string"
}

Response examples (500)

{
  "code": "OK",
  "details": [
    {
      "@type": "type.googleapis.com/google.rpc.BadRequest",
      "field_violations": [
        {
          "description": "string",
          "field": "string"
        }
      ]
    }
  ],
  "message": "string"
}

Response examples (default)

{
  "code": "OK",
  "details": [
    {
      "@type": "type.googleapis.com/google.rpc.BadRequest",
      "field_violations": [
        {
          "description": "string",
          "field": "string"
        }
      ]
    }
  ],
  "message": "string"
}