Comments (3)
That's interesting, I think it depends on a use case and it might be OK to share the same producer / consumers for multiple topics. If you do want to create one-to-one mapping then for_each
meta-argument might help. Feel free to open another issue if you need a little bit more details about this question.
from terraform-provider-confluentcloud.
@VipulZopSmart here's a full set of ACLs you need:
resource "confluentcloud_kafka_acl" "app-producer-write-to-topic" {
kafka_cluster = confluentcloud_kafka_cluster.basic.id
resource_type = "TOPIC"
resource_name = confluentcloud_kafka_topic.orders.topic_name
pattern_type = "LITERAL"
principal = "User:${confluentcloud_service_account.app-producer.id}"
operation = "WRITE"
permission = "ALLOW"
http_endpoint = confluentcloud_kafka_cluster.basic.http_endpoint
credentials {
key = confluentcloud_api_key.app-manager-kafka-api-key.id
secret = confluentcloud_api_key.app-manager-kafka-api-key.secret
}
}
// Note that in order to consume from a topic, the principal of the consumer ('app-consumer' service account)
// needs to be authorized to perform 'READ' operation on both Topic and Group resources:
// confluentcloud_kafka_acl.app-consumer-read-on-topic, confluentcloud_kafka_acl.app-consumer-read-on-group.
// https://docs.confluent.io/platform/current/kafka/authorization.html#using-acls
resource "confluentcloud_kafka_acl" "app-consumer-read-on-topic" {
kafka_cluster = confluentcloud_kafka_cluster.basic.id
resource_type = "TOPIC"
resource_name = confluentcloud_kafka_topic.orders.topic_name
pattern_type = "LITERAL"
principal = "User:${confluentcloud_service_account.app-consumer.id}"
operation = "READ"
permission = "ALLOW"
http_endpoint = confluentcloud_kafka_cluster.basic.http_endpoint
credentials {
key = confluentcloud_api_key.app-manager-kafka-api-key.id
secret = confluentcloud_api_key.app-manager-kafka-api-key.secret
}
}
resource "confluentcloud_kafka_acl" "app-consumer-read-on-group" {
kafka_cluster = confluentcloud_kafka_cluster.basic.id
resource_type = "GROUP"
// The existing values of resource_name, pattern_type attributes are set up to match Confluent CLI's default consumer group ID ("confluent_cli_consumer_<uuid>").
// https://docs.confluent.io/confluent-cli/current/command-reference/kafka/topic/confluent_kafka_topic_consume.html
// Update the values of resource_name, pattern_type attributes to match your target consumer group ID.
// https://docs.confluent.io/platform/current/kafka/authorization.html#prefixed-acls
resource_name = "confluent_cli_consumer_"
pattern_type = "PREFIXED"
principal = "User:${confluentcloud_service_account.app-consumer.id}"
operation = "READ"
permission = "ALLOW"
http_endpoint = confluentcloud_kafka_cluster.basic.http_endpoint
credentials {
key = confluentcloud_api_key.app-manager-kafka-api-key.id
secret = confluentcloud_api_key.app-manager-kafka-api-key.secret
}
}
Let me know if it helps!
from terraform-provider-confluentcloud.
Thanks, it worked for that. One thing, how should i generate service accounts(for producers and consumers) from a array of topics and i think there should be only one producer and one consumer for each topic.
from terraform-provider-confluentcloud.
Related Issues (20)
- Ability to get resources environments by name instead of just id. HOT 2
- Error message when resources are exceeded is confusing HOT 3
- Ability to get resources clusters by name instead of just id. HOT 1
- Make topic deletion a sync operation HOT 1
- v0.4.0/v0.5.0 - Unable to create ACL after creating topic (401 error) - basic cluster HOT 16
- Enhancement: Need to specify Kafka cluster type as argument - for code reusability HOT 6
- Terraform Scripts fails, error indicates plugin crashed HOT 20
- data.confluentcloud_service_account.service_accounts_confluent with display name doesn't use cursor when listing... HOT 4
- Stack trace creating confluentcloud_kafka_acl resource HOT 15
- confluentcloud_service_account update dispay_name fails HOT 2
- Unable to import cluster from confluent cloud HOT 3
- Add confluentcloud_user data source HOT 3
- Add resource for resource specific access HOT 4
- Add Kafka API key as a resource HOT 10
- Attempting to create topics in a foreach within a resource HOT 3
- Error data after resource confluentcloud_service_account HOT 2
- ACL creation crash on both 0.5.0 and 0.4.0 HOT 11
- No ability to automate creation of cluster api-keys HOT 1
- Connect + Schema Registry? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-confluentcloud.