Closed wheresalice closed 4 years ago
Mongey
commented
4 years ago alter, alter-configs, cluster-action, create, delete, describe, describe-configs, idempotent-write, read, and write on topics, consumer-groups, and clusters
Are these not just ACLs on the Kafka cluster itself? couldn't they be configured with terraform-provider-kafka
wheresalice
commented
4 years ago I was really not expecting that to work given the previous insistence from Confluent that you need to use their ccloud tool to do anything with permissions.
But you're right - it works!
resource "confluentcloud_service_account" "alice" {
name = "alice-test"
description = "alice service account test"
}
resource "kafka_acl" "alice_acl" {
resource_name = "dev_alice_test"
resource_type = "Topic"
acl_principal = "User:${confluentcloud_service_account.alice.id}"
acl_operation = "Read"
acl_permission_type = "Allow"
acl_host = "*"
}That acl_principal could be nicer, but that's a minor thing.
Now that service accounts can be created by this provider, we need a way of setting ACLs so that the service accounts can be used.
The provider should support setting alter, alter-configs, cluster-action, create, delete, describe, describe-configs, idempotent-write, read, and write on topics, consumer-groups, and clusters and the underlying API requires a service account ID (rather than name).