rpk acl list
List ACLs.
See the rpk acl help text for a full write up on ACLs. List flags work in a
similar multiplying effect as creating ACLs, but list is more advanced:
listing works on a filter basis. Any unspecified flag defaults to matching
everything (all operations, or all allowed principals, etc).
As mentioned, not specifying flags matches everything. If no resources are specified, all resources are matched. If no operations are specified, all operations are matched. You can also opt in to matching everything with "any": --operation any matches any operation.
The --resource-pattern-type, defaulting to "any", configures how to filter resource names:
- "any" returns exact name matches of either prefixed or literal pattern type
- "match" returns wildcard matches, prefix patterns that match your input, and literal matches
- "prefix" returns prefix patterns that match your input (prefix "fo" matches "foo")
- "literal" returns exact name matches
Usage
rpk acl list [flags]
Aliases
list, ls, describe
Flags
| Value | Type | Description |
| --allow-host | strings | Allowed host ACLs to match (repeatable). |
| --allow-principal | strings | Allowed principal ACLs to match (repeatable). |
| --cluster | - | Whether to match ACLs to the cluster. |
| --deny-host | strings | Denied host ACLs to match (repeatable). |
| --deny-principal | strings | Denied principal ACLs to match (repeatable). |
| --group | strings | Group to match ACLs for (repeatable). |
| -h, --help | - | Help for list. |
| --operation | strings | Operation to match (repeatable). |
| -f, --print-filters | - | Print the filters that were requested (failed filters are always printed). |
| --resource-pattern-type | string | Pattern to use when matching resource names (any, match, literal, or prefixed) (default "any"). |
| --topic | strings | Topic to match ACLs for (repeatable). |
| --transactional-id | strings | Transactional IDs to match ACLs for (repeatable). |
| --admin-api-tls-cert | string | The certificate to be used for TLS authentication with the Admin API. |
| --admin-api-tls-enabled | - | Enable TLS for the Admin API (not necessary if specifying custom certs). |
| --admin-api-tls-key | string | The certificate key to be used for TLS authentication with the Admin API. |
| --admin-api-tls-truststore | string | The truststore to be used for TLS communication with the Admin API. |
| --brokers | strings | Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092'). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses. |
| --config | string | Redpanda config file, if not set the file will be searched for in the default locations. |
| --password | string | SASL password to be used for authentication. |
| --sasl-mechanism | string | The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512. |
| --tls-cert | string | The certificate to be used for TLS authentication with the broker. |
| --tls-enabled | - | Enable TLS for the Kafka API (not necessary if specifying custom certs). |
| --tls-key | string | The certificate key to be used for TLS authentication with the broker. |
| --tls-truststore | string | The truststore to be used for TLS communication with the broker. |
| --user | string | SASL user to be used for authentication. |
| -v, --verbose | - | Enable verbose logging (default: false). |