rpk acl create
Create ACLs.
Following the multiplying effect of combining flags, the create command works on a straightforward basis: every ACL combination is a created ACL.
As mentioned in the rpk acl help text, if no host is specified, an allowed
principal is allowed access from all hosts. The wildcard principal * allows
all principals. At least one principal, one host, one resource, and one
operation is required to create a single ACL.
Allow all permissions to user bar on topic foo and group g:
rpk acl create --allow-principal bar --operation all --topic foo --group g
Allow read permissions to all users on topics biz and baz:
rpk acl create --allow-principal * --operation read --topic biz,baz
Allow write permissions to user buzz to transactional id txn:
rpk acl create --allow-principal User:buzz --operation write --transactional-id txn
Usage
rpk acl create [flags]
Flags
| Value | Type | Description |
| --allow-host | strings | Hosts from which access will be granted (repeatable). |
| --allow-principal | strings | Principals for which these permissions will be granted (repeatable). |
| --cluster | - | Whether to grant ACLs to the cluster. |
| --deny-host | strings | Hosts from from access will be denied (repeatable). |
| --deny-principal | strings | Principal for which these permissions will be denied (repeatable). |
| --group | strings | Group to grant ACLs for (repeatable). |
| -h, --help | - | Help for create. |
| --operation | strings | Operation to grant (repeatable). |
| --resource-pattern-type | string | Pattern to use when matching resource names (literal or prefixed) (default "literal"). |
| --topic | strings | Topic to grant ACLs for (repeatable). |
| --transactional-id | strings | Transactional IDs to grant ACLs for (repeatable). |
| --admin-api-tls-cert | string | The certificate to be used for TLS authentication with the Admin API. |
| --admin-api-tls-enabled | - | Enable TLS for the Admin API (not necessary if specifying custom certs). |
| --admin-api-tls-key | string | The certificate key to be used for TLS authentication with the Admin API. |
| --admin-api-tls-truststore | string | The truststore to be used for TLS communication with the Admin API. |
| --brokers | strings | Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092'). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses. |
| --config | string | Redpanda config file, if not set the file will be searched for in the default locations. |
| --password | string | SASL password to be used for authentication. |
| --sasl-mechanism | string | The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512. |
| --tls-cert | string | The certificate to be used for TLS authentication with the broker. |
| --tls-enabled | - | Enable TLS for the Kafka API (not necessary if specifying custom certs). |
| --tls-key | string | The certificate key to be used for TLS authentication with the broker. |
| --tls-truststore | string | The truststore to be used for TLS communication with the broker. |
| --user | string | SASL user to be used for authentication. |
| -v, --verbose | - | Enable verbose logging (default: false). |