ACLs
This API allows you to manage Kafka ACLs (Access Control Lists) for your WarpStream virtual clusters.
ACL rules are only enforced on Kafka traffic once ACLs are enabled on the virtual cluster. This lets you set up your ACL rules before turning on enforcement. You can enable ACLs via the UpdateConfiguration endpoint by setting are_acls_enabled to true.
For general information about ACLs in WarpStream, including principals, super users, and caching behavior, see the ACLs guide.
ACL Fields
Each ACL rule consists of the following fields:
resource_type
The type of Kafka resource. One of: TOPIC, GROUP, CLUSTER, TRANSACTIONAL_ID, DELEGATION_TOKEN, ANY.
resource_name
The name of the resource (e.g., topic name, consumer group name). For CLUSTER resources, use kafka-cluster.
pattern_type
How the resource name is matched. One of: LITERAL (exact match), PREFIXED (prefix match).
principal
The user principal in the format User:<name>. See ACL Principals for details.
host
The client host. Use * to allow all hosts.
operation
The Kafka operation. One of: ALL, READ, WRITE, CREATE, DELETE, ALTER, DESCRIBE, CLUSTER_ACTION, DESCRIBE_CONFIGS, ALTER_CONFIGS, IDEMPOTENT_WRITE.
permission_type
Whether to allow or deny the operation. One of: ALLOW, DENY.
Last updated
Was this helpful?