ALIYUN::KAFKA::Acl_资源编排(ROS)-阿里云帮助中心

ALIYUN::KAFKA::Acl类型用于创建ACL。

语法

{
  "Type": "ALIYUN::KAFKA::Acl",
  "Properties": {
    "AclResourceName": String,
    "AclOperationTypes": List,
    "AclResourceType": String,
    "AclResourcePatternType": String,
    "InstanceId": String,
    "Username": String,
    "AclPermissionType": String,
    "Host": String
  }
}

属性

属性名称	类型	必须	允许更新	描述	约束
AclResourceName	String	是	否	资源名称。	资源的名称，可以是 Topic 名称、Group ID、集群名称或事务 ID。支持使用星号（）表示该类型的资源。说明只有当给所有资源授权之后，使用星号（）才可以查询到所授权的资源。
AclOperationTypes	List	是	否	批量授权操作类型。	多个操作以 , 分割。取值： Write：读取。 Read：写入。 Describe：读取TransactionalId。 IdempotentWrite：幂等写Cluster。 IDEMPOTENT_WRITE：幂等写 Cluster，仅 V3 系列实例可用。 DESCRIBE_CONFIGS：查询配置，仅 V3 系列实例可用。说明该参数仅支持 V3 系列（Serverless）实例。
AclResourceType	String	是	否	资源类型。	取值： Topic：消息主题。 Group：消费组。 Cluster：实例。 TransactionalId：事务 ID。
AclResourcePatternType	String	是	否	匹配模式。	取值： LITERAL：完全匹配。 PREFIXED：前缀匹配。
InstanceId	String	是	否	实例 ID。	无。
Username	String	是	否	用户名。	支持使用星号（）表示所有用户名。说明只有当给所有用户授权之后，使用星号（）才可以查询到所授权的用户。
AclPermissionType	String	否	否	授权方式。	取值： DENY：拒绝。 ALLOW：允许。说明该参数仅支持 V3 系列（Serverless）实例。
Host	String	否	否	来源 IP。	说明仅支持具体的 IP 地址或者设置 * （IP 全开），不支持设置 IP 网段。该参数仅支持 V3 系列（Serverless）实例。

返回值

Fn::GetAtt

InstanceId：实例 ID。
Username：用户名。
AclResourceType：资源类型。

示例

YAML格式

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  AclResourceName:
    Type: String
    Description:
      en: |-
        The resource name.
        The value can be a topic name, a group ID, a cluster name, or a transaction ID.
        You can use an asterisk (*) to specify the names of all resources of the specified type.
        Note You can use an asterisk (*) to query the resources on which permissions are granted only after you grant the user the required permissions on all resources.
    Required: true
    MinLength: 1
    MaxLength: 256
  AclOperationTypes:
    AssociationPropertyMetadata:
      Parameter:
        Type: String
        Description:
          en: |-
            The type of the operation allowed by the access control list (ACL). Valid values:
            Write
            Read
            Describe: reads of transactional IDs.
            IdempotentWrite: idempotent data writes to clusters.
            IDEMPOTENT_WRITE: idempotent data writes to clusters. This value isavailable only for ApsaraMQ for Kafka V3 instances.
        AllowedValues:
          - Write
          - Read
          - Describe
          - IdempotentWrite
          - IDEMPOTENT_WRITE
          - DESCRIBE_CONFIGS
        Required: true
    AssociationProperty: List[Parameter]
    Type: Json
    Description:
      en: The types of operations allowed by the ACL.
    Required: true
    MinLength: 1
    MaxLength: 10
  Username:
    Type: String
    Description:
      en: |-
        The username.
        You can use an asterisk (*) to specify all usernames.
        Note You can use an asterisk (*) to query the authorized users only after you grant the required permissions to all users.
    AllowedPattern: ^[a-zA-Z][a-zA-Z0-9_]{2,63}$
    Required: true
  InstanceId:
    Type: String
    Description:
      en: The instance ID.
    Required: true
    MinLength: 1
    MaxLength: 64
  AclResourceType:
    Type: String
    Description:
      en: |-
        The resource type. Valid values:
        Topic
        Group
        Cluster
        TransactionalId: transactional ID
    AllowedValues:
      - Cluster
      - Group
      - Topic
      - TransactionalId
    Required: true
  AclResourcePatternType:
    Type: String
    Description:
      en: |-
        The matching mode. Valid values:
        LITERAL: exact match
        PREFIXED: prefix match
    AllowedValues:
      - LITERAL
      - PREFIXED
    Required: true
Resources:
  Acl:
    Type: ALIYUN::KAFKA::Acl
    Properties:
      AclResourceName:
        Ref: AclResourceName
      AclOperationTypes:
        Ref: AclOperationTypes
      Username:
        Ref: Username
      InstanceId:
        Ref: InstanceId
      AclResourceType:
        Ref: AclResourceType
      AclResourcePatternType:
        Ref: AclResourcePatternType
Outputs:
  InstanceId:
    Description: The instance ID.
    Value:
      Fn::GetAtt:
        - Acl
        - InstanceId
  Username:
    Description: The username.
    Value:
      Fn::GetAtt:
        - Acl
        - Username
  AclResourceType:
    Description: The resource type.
    Value:
      Fn::GetAtt:
        - Acl
        - AclResourceType

JSON格式

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "AclResourceName": {
      "Type": "String",
      "Description": {
        "en": "The resource name.\nThe value can be a topic name, a group ID, a cluster name, or a transaction ID.\nYou can use an asterisk (*) to specify the names of all resources of the specified type.\nNote You can use an asterisk (*) to query the resources on which permissions are granted only after you grant the user the required permissions on all resources."
      },
      "Required": true,
      "MinLength": 1,
      "MaxLength": 256
    },
    "AclOperationTypes": {
      "AssociationPropertyMetadata": {
        "Parameter": {
          "Type": "String",
          "Description": {
            "en": "The type of the operation allowed by the access control list (ACL). Valid values:\nWrite\nRead\nDescribe: reads of transactional IDs.\nIdempotentWrite: idempotent data writes to clusters.\nIDEMPOTENT_WRITE: idempotent data writes to clusters. This value isavailable only for ApsaraMQ for Kafka V3 instances."
          },
          "AllowedValues": [
            "Write",
            "Read",
            "Describe",
            "IdempotentWrite",
            "IDEMPOTENT_WRITE",
            "DESCRIBE_CONFIGS"
          ],
          "Required": true
        }
      },
      "AssociationProperty": "List[Parameter]",
      "Type": "Json",
      "Description": {
        "en": "The types of operations allowed by the ACL."
      },
      "Required": true,
      "MinLength": 1,
      "MaxLength": 10
    },
    "Username": {
      "Type": "String",
      "Description": {
        "en": "The username.\nYou can use an asterisk (*) to specify all usernames.\nNote You can use an asterisk (*) to query the authorized users only after you grant the required permissions to all users."
      },
      "AllowedPattern": "^[a-zA-Z][a-zA-Z0-9_]{2,63}$",
      "Required": true
    },
    "InstanceId": {
      "Type": "String",
      "Description": {
        "en": "The instance ID."
      },
      "Required": true,
      "MinLength": 1,
      "MaxLength": 64
    },
    "AclResourceType": {
      "Type": "String",
      "Description": {
        "en": "The resource type. Valid values:\nTopic\nGroup\nCluster\nTransactionalId: transactional ID"
      },
      "AllowedValues": [
        "Cluster",
        "Group",
        "Topic",
        "TransactionalId"
      ],
      "Required": true
    },
    "AclResourcePatternType": {
      "Type": "String",
      "Description": {
        "en": "The matching mode. Valid values:\nLITERAL: exact match\nPREFIXED: prefix match"
      },
      "AllowedValues": [
        "LITERAL",
        "PREFIXED"
      ],
      "Required": true
    }
  },
  "Resources": {
    "Acl": {
      "Type": "ALIYUN::KAFKA::Acl",
      "Properties": {
        "AclResourceName": {
          "Ref": "AclResourceName"
        },
        "AclOperationTypes": {
          "Ref": "AclOperationTypes"
        },
        "Username": {
          "Ref": "Username"
        },
        "InstanceId": {
          "Ref": "InstanceId"
        },
        "AclResourceType": {
          "Ref": "AclResourceType"
        },
        "AclResourcePatternType": {
          "Ref": "AclResourcePatternType"
        }
      }
    }
  },
  "Outputs": {
    "InstanceId": {
      "Description": "The instance ID.",
      "Value": {
        "Fn::GetAtt": [
          "Acl",
          "InstanceId"
        ]
      }
    },
    "Username": {
      "Description": "The username.",
      "Value": {
        "Fn::GetAtt": [
          "Acl",
          "Username"
        ]
      }
    },
    "AclResourceType": {
      "Description": "The resource type.",
      "Value": {
        "Fn::GetAtt": [
          "Acl",
          "AclResourceType"
        ]
      }
    }
  }
}