ALIYUN::KAFKA::Acl

ALIYUN::KAFKA::Acl类型用于创建ACL。

语法

{
  "Type": "ALIYUN::KAFKA::Acl",
  "Properties": {
    "AclResourceName": String,
    "AclOperationTypes": List,
    "AclResourceType": String,
    "AclResourcePatternType": String,
    "InstanceId": String,
    "Username": String,
    "AclPermissionType": String,
    "Host": String
  }
}

属性

属性名称

类型

必须

允许更新

描述

约束

AclResourceName

String

资源名称。

  • 资源的名称,可以是 Topic 名称、Group ID、集群名称或事务 ID。

  • 支持使用星号(*)表示该类型的资源。

说明

只有当给所有资源授权之后,使用星号(*)才可以查询到所授权的资源。

AclOperationTypes

List

批量授权操作类型。

多个操作以 , 分割。

取值:

  • Write:读取。

  • Read:写入。

  • Describe:读取TransactionalId。

  • IdempotentWrite:幂等写Cluster。

  • IDEMPOTENT_WRITE: 幂等写 Cluster,仅 V3 系列实例可用。

  • DESCRIBE_CONFIGS:查询配置,仅 V3 系列实例可用。

说明

该参数仅支持 V3 系列(Serverless)实例。

AclResourceType

String

资源类型。

取值:

  • Topic:消息主题。

  • Group:消费组。

  • Cluster:实例。

  • TransactionalId:事务 ID。

AclResourcePatternType

String

匹配模式。

取值:

  • LITERAL:完全匹配。

  • PREFIXED:前缀匹配。

InstanceId

String

实例 ID。

无。

Username

String

用户名。

  • 支持使用星号(*)表示所有用户名。

说明

只有当给所有用户授权之后,使用星号(*)才可以查询到所授权的用户。

AclPermissionType

String

授权方式。

取值:

  • DENY:拒绝。

  • ALLOW:允许。

说明

该参数仅支持 V3 系列(Serverless)实例。

Host

String

来源 IP。

说明

仅支持具体的 IP 地址或者设置 * (IP 全开),不支持设置 IP 网段。

该参数仅支持 V3 系列(Serverless)实例。

返回值

Fn::GetAtt

  • InstanceId:实例 ID。

  • Username:用户名。

  • AclResourceType:资源类型。

示例

  • YAML格式

    ROSTemplateFormatVersion: '2015-09-01'
    Parameters:
      AclResourceName:
        Type: String
        Description:
          en: |-
            The resource name.
            The value can be a topic name, a group ID, a cluster name, or a transaction ID.
            You can use an asterisk (*) to specify the names of all resources of the specified type.
            Note You can use an asterisk (*) to query the resources on which permissions are granted only after you grant the user the required permissions on all resources.
        Required: true
        MinLength: 1
        MaxLength: 256
      AclOperationTypes:
        AssociationPropertyMetadata:
          Parameter:
            Type: String
            Description:
              en: |-
                The type of the operation allowed by the access control list (ACL). Valid values:
                Write
                Read
                Describe: reads of transactional IDs.
                IdempotentWrite: idempotent data writes to clusters.
                IDEMPOTENT_WRITE: idempotent data writes to clusters. This value isavailable only for ApsaraMQ for Kafka V3 instances.
            AllowedValues:
              - Write
              - Read
              - Describe
              - IdempotentWrite
              - IDEMPOTENT_WRITE
              - DESCRIBE_CONFIGS
            Required: true
        AssociationProperty: List[Parameter]
        Type: Json
        Description:
          en: The types of operations allowed by the ACL.
        Required: true
        MinLength: 1
        MaxLength: 10
      Username:
        Type: String
        Description:
          en: |-
            The username.
            You can use an asterisk (*) to specify all usernames.
            Note You can use an asterisk (*) to query the authorized users only after you grant the required permissions to all users.
        AllowedPattern: ^[a-zA-Z][a-zA-Z0-9_]{2,63}$
        Required: true
      InstanceId:
        Type: String
        Description:
          en: The instance ID.
        Required: true
        MinLength: 1
        MaxLength: 64
      AclResourceType:
        Type: String
        Description:
          en: |-
            The resource type. Valid values:
            Topic
            Group
            Cluster
            TransactionalId: transactional ID
        AllowedValues:
          - Cluster
          - Group
          - Topic
          - TransactionalId
        Required: true
      AclResourcePatternType:
        Type: String
        Description:
          en: |-
            The matching mode. Valid values:
            LITERAL: exact match
            PREFIXED: prefix match
        AllowedValues:
          - LITERAL
          - PREFIXED
        Required: true
    Resources:
      Acl:
        Type: ALIYUN::KAFKA::Acl
        Properties:
          AclResourceName:
            Ref: AclResourceName
          AclOperationTypes:
            Ref: AclOperationTypes
          Username:
            Ref: Username
          InstanceId:
            Ref: InstanceId
          AclResourceType:
            Ref: AclResourceType
          AclResourcePatternType:
            Ref: AclResourcePatternType
    Outputs:
      InstanceId:
        Description: The instance ID.
        Value:
          Fn::GetAtt:
            - Acl
            - InstanceId
      Username:
        Description: The username.
        Value:
          Fn::GetAtt:
            - Acl
            - Username
      AclResourceType:
        Description: The resource type.
        Value:
          Fn::GetAtt:
            - Acl
            - AclResourceType
  • JSON格式

    {
      "ROSTemplateFormatVersion": "2015-09-01",
      "Parameters": {
        "AclResourceName": {
          "Type": "String",
          "Description": {
            "en": "The resource name.\nThe value can be a topic name, a group ID, a cluster name, or a transaction ID.\nYou can use an asterisk (*) to specify the names of all resources of the specified type.\nNote You can use an asterisk (*) to query the resources on which permissions are granted only after you grant the user the required permissions on all resources."
          },
          "Required": true,
          "MinLength": 1,
          "MaxLength": 256
        },
        "AclOperationTypes": {
          "AssociationPropertyMetadata": {
            "Parameter": {
              "Type": "String",
              "Description": {
                "en": "The type of the operation allowed by the access control list (ACL). Valid values:\nWrite\nRead\nDescribe: reads of transactional IDs.\nIdempotentWrite: idempotent data writes to clusters.\nIDEMPOTENT_WRITE: idempotent data writes to clusters. This value isavailable only for ApsaraMQ for Kafka V3 instances."
              },
              "AllowedValues": [
                "Write",
                "Read",
                "Describe",
                "IdempotentWrite",
                "IDEMPOTENT_WRITE",
                "DESCRIBE_CONFIGS"
              ],
              "Required": true
            }
          },
          "AssociationProperty": "List[Parameter]",
          "Type": "Json",
          "Description": {
            "en": "The types of operations allowed by the ACL."
          },
          "Required": true,
          "MinLength": 1,
          "MaxLength": 10
        },
        "Username": {
          "Type": "String",
          "Description": {
            "en": "The username.\nYou can use an asterisk (*) to specify all usernames.\nNote You can use an asterisk (*) to query the authorized users only after you grant the required permissions to all users."
          },
          "AllowedPattern": "^[a-zA-Z][a-zA-Z0-9_]{2,63}$",
          "Required": true
        },
        "InstanceId": {
          "Type": "String",
          "Description": {
            "en": "The instance ID."
          },
          "Required": true,
          "MinLength": 1,
          "MaxLength": 64
        },
        "AclResourceType": {
          "Type": "String",
          "Description": {
            "en": "The resource type. Valid values:\nTopic\nGroup\nCluster\nTransactionalId: transactional ID"
          },
          "AllowedValues": [
            "Cluster",
            "Group",
            "Topic",
            "TransactionalId"
          ],
          "Required": true
        },
        "AclResourcePatternType": {
          "Type": "String",
          "Description": {
            "en": "The matching mode. Valid values:\nLITERAL: exact match\nPREFIXED: prefix match"
          },
          "AllowedValues": [
            "LITERAL",
            "PREFIXED"
          ],
          "Required": true
        }
      },
      "Resources": {
        "Acl": {
          "Type": "ALIYUN::KAFKA::Acl",
          "Properties": {
            "AclResourceName": {
              "Ref": "AclResourceName"
            },
            "AclOperationTypes": {
              "Ref": "AclOperationTypes"
            },
            "Username": {
              "Ref": "Username"
            },
            "InstanceId": {
              "Ref": "InstanceId"
            },
            "AclResourceType": {
              "Ref": "AclResourceType"
            },
            "AclResourcePatternType": {
              "Ref": "AclResourcePatternType"
            }
          }
        }
      },
      "Outputs": {
        "InstanceId": {
          "Description": "The instance ID.",
          "Value": {
            "Fn::GetAtt": [
              "Acl",
              "InstanceId"
            ]
          }
        },
        "Username": {
          "Description": "The username.",
          "Value": {
            "Fn::GetAtt": [
              "Acl",
              "Username"
            ]
          }
        },
        "AclResourceType": {
          "Description": "The resource type.",
          "Value": {
            "Fn::GetAtt": [
              "Acl",
              "AclResourceType"
            ]
          }
        }
      }
    }