Create user for setting ACL rule over topic

[pchatterjee-cfx]

Discussed in #1583

^{Originally posted by pchatterjee-cfx June 12, 2023}
Hi,
I am looking for a way to create an owner for a topic and subseqeuently add ACL rules for consuming messages. I do this from CLI as follows:

$ kafka-configs.sh --bootstrap-server localhost:9092 --alter --add-config 'SCRAM-SHA-256=[iterations=8192,password=],SCRAM-SHA-512=[password=]' --entity-type users --entity-name
$ kafka-acls.sh --bootstrap-server localhost:9092 --add --allow-principal User: --operation All --resource-pattern-type prefixed --topic

I am trying to do the same via code as follows:

                    # Create topic owner
                    topic_username = str(attributes.get('topic-username'))
                    topic_password = str(attributes.get('topic-password'))
                    #resource = ConfigResource('Users', topic_username)
                    resource = ConfigResource(ConfigResource.Type.ANY, topic_username)
                    describe_configs = admin.describe_configs([resource])
                    describe_configs['SCRAM-SHA-256'] = f'[iterations=8192,password={topic_password}]'
                    describe_configs['SCRAM-SHA-512'] = f'[password={topic_password}]'
                    admin.alter_configs([resource])
                    # Create ACL rule
                    acl = AclBinding(ResourceType.TOPIC, topic_name, 
                                     ResourcePatternType.MATCH, f'User:{topic_username}', None, 
                                     AclOperation.ALL, AclPermissionType.ALLOW)
                    admin.create_acls([acl])

Issue is that I dont find USER under ResourceType and am unable to add a user configuration. Is there any other way to add a user?

Python library version: confluent-kafka==2.1.1

[pranavrth]

Resource type USER was added as part of KIP-373 which unfortunately is not implemented in the librdkafka/python client.

[pchatterjee-cfx]

Resource type USER was added as part of KIP-373 which unfortunately is not implemented in the librdkafka/python client.

Thanks @pranavrth and appreciate you adding this issue as a planned enhancement. For now, I plan to create ACL rule on a tenant-name prefixed topic and a pre-created tenant user.

[Endemoniada]

Resource type USER was added as part of KIP-373 which unfortunately is not implemented in the librdkafka/python client.

@pranavrth I was just about to open a similar issue, but am I understanding it correctly if I assume that means it's currently not possible to create, for example, producer bandwidth quota configs on a user entity-type/ResourceType either? I was confused at there not being a USER ResourceType, but I guess that would explain it.

[arushi315]

Hi @pranavrth are there any plans to add support for ResourceType.User?

[pchatterjee-cfx]

Hi @pchatterjee-cfx are there any plans to add support for ResourceType.User?

@arushi315 You meant to ask @pranavrth I reckon

[arushi315]

Hi @pchatterjee-cfx are there any plans to add support for ResourceType.User?

@arushi315 You meant to ask @pranavrth I reckon

Ahh you are right, thanks for correcting me!