rpk acl create
Create ACLs.
Following the multiplying effect of combining flags, the create command works on a straightforward basis: every ACL combination is a created ACL.
As mentioned in the rpk acl
help text, if no host is specified, an allowed
principal is allowed access from all hosts. The wildcard principal *
allows
all principals. At least one principal, one host, one resource, and one
operation is required to create a single ACL.
Allow all permissions to user bar on topic foo
and group g
:
rpk acl create --allow-principal bar --operation all --topic foo --group g
Allow read permissions to all users on topics biz and baz:
rpk acl create --allow-principal * --operation read --topic biz,baz
Allow write permissions to user buzz to transactional id txn
:
rpk acl create --allow-principal User:buzz --operation write --transactional-id txn
Flags
Value | Type | Description |
---|---|---|
|
strings |
Hosts from which access will be granted (repeatable). |
|
strings |
Principals for which these permissions will be granted (repeatable). |
|
- |
Whether to grant ACLs to the cluster. |
|
strings |
Hosts from from access will be denied (repeatable). |
|
strings |
Principal for which these permissions will be denied (repeatable). |
|
strings |
Group to grant ACLs for (repeatable). |
|
- |
Help for create. |
|
strings |
Operation to grant (repeatable). |
|
string |
Pattern to use when matching resource names (literal or prefixed) (default "literal"). |
|
strings |
Topic to grant ACLs for (repeatable). |
|
strings |
Transactional IDs to grant ACLs for (repeatable). |
|
string |
The certificate to be used for TLS authentication with the Admin API. |
|
- |
Enable TLS for the Admin API (not necessary if specifying custom certs). |
|
string |
The certificate key to be used for TLS authentication with the Admin API. |
|
string |
The truststore to be used for TLS communication with the Admin API. |
|
strings |
Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092'). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses. |
|
string |
Redpanda config file, if not set the file will be searched for in the default locations. |
|
string |
SASL password to be used for authentication. |
|
string |
The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512. |
|
string |
The certificate to be used for TLS authentication with the broker. |
|
- |
Enable TLS for the Kafka API (not necessary if specifying custom certs). |
|
string |
The certificate key to be used for TLS authentication with the broker. |
|
string |
The truststore to be used for TLS communication with the broker. |
|
string |
SASL user to be used for authentication. |
|
- |
Enable verbose logging (default: false). |