rpk acl list

List ACLs.

See the rpk acl help text for a full write up on ACLs. List flags work in a similar multiplying effect as creating ACLs, but list is more advanced: listing works on a filter basis. Any unspecified flag defaults to matching everything (all operations, or all allowed principals, etc).

As mentioned, not specifying flags matches everything. If no resources are specified, all resources are matched. If no operations are specified, all operations are matched. You can also opt in to matching everything with "any": --operation any matches any operation.

The --resource-pattern-type, defaulting to "any", configures how to filter resource names:

"any" returns exact name matches of either prefixed or literal pattern type
"match" returns wildcard matches, prefix patterns that match your input, and literal matches
"prefix" returns prefix patterns that match your input (prefix "fo" matches "foo")
"literal" returns exact name matches

Usage

rpk acl list [flags]

Aliases

list, ls, describe

Flags

Value Type Description

Value	Type	Description
`--allow-host`	strings	Allowed host ACLs to match (repeatable).
`--allow-principal`	strings	Allowed principal ACLs to match (repeatable).
`--cluster`	-	Whether to match ACLs to the cluster.
`--deny-host`	strings	Denied host ACLs to match (repeatable).
`--deny-principal`	strings	Denied principal ACLs to match (repeatable).
`--group`	strings	Group to match ACLs for (repeatable).
`-h, --help`	-	Help for list.
`--operation`	strings	Operation to match (repeatable).
`-f, --print-filters`	-	Print the filters that were requested (failed filters are always printed).
`--resource-pattern-type`	string	Pattern to use when matching resource names (any, match, literal, or prefixed) (default "any").
`--topic`	strings	Topic to match ACLs for (repeatable).
`--transactional-id`	strings	Transactional IDs to match ACLs for (repeatable).
`--admin-api-tls-cert`	string	The certificate to be used for TLS authentication with the Admin API.
`--admin-api-tls-enabled`	-	Enable TLS for the Admin API (not necessary if specifying custom certs).
`--admin-api-tls-key`	string	The certificate key to be used for TLS authentication with the Admin API.
`--admin-api-tls-truststore`	string	The truststore to be used for TLS communication with the Admin API.
`--brokers`	strings	Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092'). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
`--config`	string	Redpanda config file, if not set the file will be searched for in the default locations.
`--password`	string	SASL password to be used for authentication.
`--sasl-mechanism`	string	The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
`--tls-cert`	string	The certificate to be used for TLS authentication with the broker.
`--tls-enabled`	-	Enable TLS for the Kafka API (not necessary if specifying custom certs).
`--tls-key`	string	The certificate key to be used for TLS authentication with the broker.
`--tls-truststore`	string	The truststore to be used for TLS communication with the broker.
`--user`	string	SASL user to be used for authentication.
`-v, --verbose`	-	Enable verbose logging (default: false).

--allow-host

strings

Allowed host ACLs to match (repeatable).

--allow-principal

strings

Allowed principal ACLs to match (repeatable).

--cluster

Whether to match ACLs to the cluster.

--deny-host

strings

Denied host ACLs to match (repeatable).

--deny-principal

strings

Denied principal ACLs to match (repeatable).

--group

strings

Group to match ACLs for (repeatable).

-h, --help

Help for list.

--operation

strings

Operation to match (repeatable).

-f, --print-filters

Print the filters that were requested (failed filters are always printed).

--resource-pattern-type

string

Pattern to use when matching resource names (any, match, literal, or prefixed) (default "any").

--topic

strings

Topic to match ACLs for (repeatable).

--transactional-id

strings

Transactional IDs to match ACLs for (repeatable).

--admin-api-tls-cert

string

The certificate to be used for TLS authentication with the Admin API.

--admin-api-tls-enabled

Enable TLS for the Admin API (not necessary if specifying custom certs).

--admin-api-tls-key

string

The certificate key to be used for TLS authentication with the Admin API.

--admin-api-tls-truststore

string

The truststore to be used for TLS communication with the Admin API.

--brokers

strings

Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092'). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.

--config

string

Redpanda config file, if not set the file will be searched for in the default locations.

--password

string

SASL password to be used for authentication.

--sasl-mechanism

string

The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.

--tls-cert

string

The certificate to be used for TLS authentication with the broker.

--tls-enabled

Enable TLS for the Kafka API (not necessary if specifying custom certs).

--tls-key

string

The certificate key to be used for TLS authentication with the broker.

--tls-truststore

string

The truststore to be used for TLS communication with the broker.

--user

string

SASL user to be used for authentication.

-v, --verbose

Enable verbose logging (default: false).

Was this helpful?

Ask in the community

Share your feedback

Make a contribution

What do you like about this doc?

Let us know what we do well:

Let us contact you about your feedback:

What did you not like about this doc?

Let us know what we can improve:

Let us contact you about your feedback:

rpk acl list

Usage

Aliases

Flags

Simple online edits

Contribution guide