Closed pimpelsang closed 4 years ago
answering myself, whoever needs it in future.
It needs DESCRIBE on group and cluster level. Like this:
kafka-acls --add --allow-principal User:kafka-lag-exporter --operation DESCRIBE --group '*' --cluster
Thanks @pimpelsang . I'll add this to the docs in the next release.
@pimpelsang, looks like it also needs DESCRIBE
on topics. The final ACLs that worked for me are:
ACLs for principal `User:kafka-lag-exporter`
Current ACLs for resource `Cluster:LITERAL:kafka-cluster`:
User:kafka-lag-exporter has Allow permission for operations: Describe from hosts: *
Current ACLs for resource `Group:LITERAL:*`:
User:kafka-lag-exporter has Allow permission for operations: Describe from hosts: *
Current ACLs for resource `Topic:LITERAL:*`:
User:kafka-lag-exporter has Allow permission for operations: Describe from hosts: *
The command can look like:
kafka-acls --add --allow-principal "User:kafka-lag-exporter" --operation DESCRIBE --group '*' --topic '*' --cluster
I finally got around to this in #152. Thank you.
Which ACL permissions kafka-lag-exporter kafka account requires?