Adding cluster-level ACLs

[endofcake]

I'm trying to add ACLs similar to the ones created by running a command:

kafka-acls --add --allow-principal User:sample --operation DESCRIBE --group '*' --cluster

This principal needs DESCRIBE on group and cluster level.

The group level works without issues, however, when I try to add the same permissions on the cluster level:

resource "kafka_acl" "sample-cluster-describe" {
  acl_host                     = "*"
  acl_operation                = "Describe"
  acl_permission_type          = "Allow"
  acl_principal                = "User:sample"
  resource_name                = "*"
  resource_pattern_type_filter = "Literal"
  resource_type                = "Cluster"
}

I'm getting an error:

Error: kafka server: This most likely occurs because of a request being malformed by the client library or the message was sent to an incompatible broker. See the broker logs for more details.

  on acls.tf line 42, in resource "kafka_acl" "sample-cluster-describe":
  42: resource "kafka_acl" "sample-cluster-describe" {

I suspect it's because cluster-level permissions do not need the resource_name, however, it is a required argument and I can't omit it.

Error: Missing required argument

  on acls.tf line 42, in resource "kafka_acl" "sample-cluster-describe":
  42: resource "kafka_acl" "sample-cluster-describe" {

The argument "resource_name" is required, but no definition was found.

[endofcake]

Ok, looks like the resource_name in this case needs to be the name of the cluster. This works:

resource "kafka_acl" "sample-cluster-describe" {
  acl_host                     = "*"
  acl_operation                = "Describe"
  acl_permission_type          = "Allow"
  acl_principal                = "User:sample"
  resource_name                = "kafka-cluster"
  resource_pattern_type_filter = "Literal"
  resource_type                = "Cluster"
}