Question: How to add ACLs with transactional-ids?

StephenSorriaux / ansible-kafka-admin

Manage your topic's configuration (partitions, replication factor, parameters), ACLs, quotas, users and get stats, without any effort with this library. It does not use the Kafka scripts and does not require ssh connection to the remote broker.

Apache License 2.0

150 stars 46 forks source link

Question: How to add ACLs with transactional-ids? #133

Closed jheinitz closed 2 years ago

jheinitz commented 2 years ago

General Question

We are currently implementing a Kafka Streams application in the exactly-once context. Therefore we need to grant permissions to te topics using an additional option called `--transactional-ids' like this:

$ kafka-acls --bootstrap-server kafkabr1test.example.com:9093 --command-config command.properties \
 --add --allow-principal User:Alice \
 --producer --topic test-topic --transactional-id test-txn

I was not able to find the corresponding properties in the kafka_acl or kafka_acls module. do you support creating ACLs in this context?

Kind regards

Jens

Specifications

Library version:
Result of pip list command:
Kafka version: Confluent Platform 7.1.1
Python version: 3.6.8
OS: RedHat Enterprise Linux 8.5

ryarnyah commented 2 years ago

The --transactional-id is juste another ACL that is appened by your kafka-acls script. You can manage same thing when using something like that with this lib:

kafka_acls:
...
  - acl_principal: User:Alice
    acl_resource_type: transactional_id
    acl_permission: allow
    acl_operation: write
    state: present
  - acl_principal: User:Alice
    acl_resource_type: transactional_id
    acl_permission: allow
    acl_operation: describe
    state: present

You can have more informations on https://github.com/StephenSorriaux/ansible-kafka-admin/blob/master/library/kafka_acl.py

jheinitz commented 2 years ago

Hi!

Thanks for the quick answer. I will give it a try. If I have further questions, I will re-open this issue.

Best regards

Jens

jheinitz commented 2 years ago

Hi! I'm just thinking about it again. When I issue the command kafka-acls from above, I specify the topic AND the transactional-id test-txn. Do I need to specify this as name: test-txn in your example?

kafka_acls:
...
  - acl_principal: User:Alice
    acl_resource_type: transactional_id
    name: text-txn
    acl_permission: allow
    acl_operation: write
    state: present
  - acl_principal: User:Alice
    acl_resource_type: transactional_id
    name: text-txn
    acl_permission: allow
    acl_operation: describe
    state: present

Maybe I'm just a bit confused.

Thanks and best regards

Jens

ryarnyah commented 2 years ago

@jheinitz Yes you need to specify the associated resource. (Sorry for my example...)

jheinitz commented 2 years ago

No need to say sorry. I'm glad that you answered and that the lib is able to handle this.

Thanks again.

Jens