Managed Service for Apache Kafka® API, gRPC: UserService
A set of methods for managing Kafka users.
Call | Description |
---|---|
Get | Returns the specified Kafka user. |
List | Retrieves the list of Kafka users in the specified cluster. |
Create | Creates a Kafka user in the specified cluster. |
Update | Updates the specified Kafka user. |
Delete | Deletes the specified Kafka user. |
GrantPermission | Grants permission to the specified Kafka user. |
RevokePermission | Revokes permission from the specified Kafka user. |
Calls UserService
Get
Returns the specified Kafka user.
To get the list of available Kafka users, make a List request.
rpc Get (GetUserRequest) returns (User)
GetUserRequest
Field | Description |
---|---|
cluster_id | string Required. ID of the Apache Kafka® cluster the user belongs to. To get the cluster ID, make a ClusterService.List request. The maximum string length in characters is 50. |
user_name | string Required. Name of the Kafka user to return. To get the name of the user, make a UserService.List request. The string length in characters must be 1-63. Value must match the regular expression [a-zA-Z0-9_]* . |
User
Field | Description |
---|---|
name | string Name of the Kafka user. |
cluster_id | string ID of the Apache Kafka® cluster the user belongs to. To get the Apache Kafka® cluster ID, make a ClusterService.List request. |
permissions[] | Permission Set of permissions granted to this user. |
Permission
Field | Description |
---|---|
topic_name | string Name or prefix-pattern with wildcard for the topic that the permission grants access to. To get the topic name, make a TopicService.List request. |
role | enum AccessRole Access role type to grant to the user.
|
allow_hosts[] | string Lists hosts allowed for this permission. When not defined, access from any host is allowed. Bare in mind that the same host might appear in multiple permissions at the same time, hence removing individual permission doesn't automatically restricts access from the allow_hosts of the permission. If the same host(s) is listed for another permission of the same principal/topic, the host(s) remains allowed. |
List
Retrieves the list of Kafka users in the specified cluster.
rpc List (ListUsersRequest) returns (ListUsersResponse)
ListUsersRequest
Field | Description |
---|---|
cluster_id | string Required. ID of the Apache Kafka® cluster to list Kafka users in. To get the Apache Kafka® cluster ID, make a ClusterService.List request. The maximum string length in characters is 50. |
page_size | int64 The maximum number of results per page to return. If the number of available results is larger than page_size , the service returns a ListUsersResponse.next_page_token that can be used to get the next page of results in subsequent list requests. The maximum value is 1000. |
page_token | string Page token. To get the next page of results, set page_token to the ListUsersResponse.next_page_token returned by the previous list request. The maximum string length in characters is 100. |
ListUsersResponse
Field | Description |
---|---|
users[] | User List of Kafka users. |
next_page_token | string This token allows you to get the next page of results for list requests. If the number of results is larger than ListUsersRequest.page_size, use the next_page_token as the value for the ListUsersRequest.page_token parameter in the next list request. Each subsequent list request will have its own next_page_token to continue paging through the results. |
User
Field | Description |
---|---|
name | string Name of the Kafka user. |
cluster_id | string ID of the Apache Kafka® cluster the user belongs to. To get the Apache Kafka® cluster ID, make a ClusterService.List request. |
permissions[] | Permission Set of permissions granted to this user. |
Permission
Field | Description |
---|---|
topic_name | string Name or prefix-pattern with wildcard for the topic that the permission grants access to. To get the topic name, make a TopicService.List request. |
role | enum AccessRole Access role type to grant to the user.
|
allow_hosts[] | string Lists hosts allowed for this permission. When not defined, access from any host is allowed. Bare in mind that the same host might appear in multiple permissions at the same time, hence removing individual permission doesn't automatically restricts access from the allow_hosts of the permission. If the same host(s) is listed for another permission of the same principal/topic, the host(s) remains allowed. |
Create
Creates a Kafka user in the specified cluster.
rpc Create (CreateUserRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:CreateUserMetadata
Operation.response:User
CreateUserRequest
Field | Description |
---|---|
cluster_id | string Required. ID of the Apache Kafka® cluster to create a user in. To get the cluster ID, make a ClusterService.List request. The maximum string length in characters is 50. |
user_spec | UserSpec Required. Configuration of the user to create. |
UserSpec
Field | Description |
---|---|
name | string Required. Name of the Kafka user. The string length in characters must be 1-256. Value must match the regular expression [a-zA-Z0-9_]* . |
password | string Required. Password of the Kafka user. The string length in characters must be 8-128. |
permissions[] | Permission Set of permissions granted to the user. |
Permission
Field | Description |
---|---|
topic_name | string Name or prefix-pattern with wildcard for the topic that the permission grants access to. To get the topic name, make a TopicService.List request. |
role | enum AccessRole Access role type to grant to the user.
|
allow_hosts[] | string Lists hosts allowed for this permission. When not defined, access from any host is allowed. Bare in mind that the same host might appear in multiple permissions at the same time, hence removing individual permission doesn't automatically restricts access from the allow_hosts of the permission. If the same host(s) is listed for another permission of the same principal/topic, the host(s) remains allowed. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any if operation finished successfully. |
CreateUserMetadata
Field | Description |
---|---|
cluster_id | string ID of the Apache Kafka® cluster the user is being created in. |
user_name | string Name of the user that is being created. |
User
Field | Description |
---|---|
name | string Name of the Kafka user. |
cluster_id | string ID of the Apache Kafka® cluster the user belongs to. To get the Apache Kafka® cluster ID, make a ClusterService.List request. |
permissions[] | Permission Set of permissions granted to this user. |
Update
Updates the specified Kafka user.
rpc Update (UpdateUserRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:UpdateUserMetadata
Operation.response:User
UpdateUserRequest
Field | Description |
---|---|
cluster_id | string Required. ID of the Apache Kafka® cluster the user belongs to. To get the cluster ID, make a ClusterService.List request. The maximum string length in characters is 50. |
user_name | string Required. Name of the user to be updated. To get the name of the user, make a UserService.List request. The string length in characters must be 1-63. Value must match the regular expression [a-zA-Z0-9_]* . |
update_mask | google.protobuf.FieldMask |
password | string New password for the user. The string length in characters must be 8-128. |
permissions[] | Permission New set of permissions for the user. |
Permission
Field | Description |
---|---|
topic_name | string Name or prefix-pattern with wildcard for the topic that the permission grants access to. To get the topic name, make a TopicService.List request. |
role | enum AccessRole Access role type to grant to the user.
|
allow_hosts[] | string Lists hosts allowed for this permission. When not defined, access from any host is allowed. Bare in mind that the same host might appear in multiple permissions at the same time, hence removing individual permission doesn't automatically restricts access from the allow_hosts of the permission. If the same host(s) is listed for another permission of the same principal/topic, the host(s) remains allowed. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any if operation finished successfully. |
UpdateUserMetadata
Field | Description |
---|---|
cluster_id | string ID of the Apache Kafka® cluster the user belongs to. |
user_name | string Name of the user that is being updated. |
User
Field | Description |
---|---|
name | string Name of the Kafka user. |
cluster_id | string ID of the Apache Kafka® cluster the user belongs to. To get the Apache Kafka® cluster ID, make a ClusterService.List request. |
permissions[] | Permission Set of permissions granted to this user. |
Delete
Deletes the specified Kafka user.
rpc Delete (DeleteUserRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:DeleteUserMetadata
Operation.response:google.protobuf.Empty
DeleteUserRequest
Field | Description |
---|---|
cluster_id | string Required. ID of the Apache Kafka® cluster the user belongs to. To get the cluster ID, make a ClusterService.List request. The maximum string length in characters is 50. |
user_name | string Required. Name of the user to delete. To get the name of the user, make a UserService.List request. The string length in characters must be 1-63. Value must match the regular expression [a-zA-Z0-9_]* . |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any if operation finished successfully. |
DeleteUserMetadata
Field | Description |
---|---|
cluster_id | string ID of the Apache Kafka® cluster the user belongs to. |
user_name | string Name of the user that is being deleted. |
GrantPermission
Grants permission to the specified Kafka user.
rpc GrantPermission (GrantUserPermissionRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:GrantUserPermissionMetadata
Operation.response:User
GrantUserPermissionRequest
Field | Description |
---|---|
cluster_id | string Required. ID of the Apache Kafka® cluster the user belongs to. To get the cluster ID, make a ClusterService.List request. The maximum string length in characters is 50. |
user_name | string Required. Name of the user to grant the permission to. To get the name of the user, make a UserService.List request. The string length in characters must be 1-63. Value must match the regular expression [a-zA-Z0-9_]* . |
permission | Permission Required. Permission that should be granted to the specified user. |
Permission
Field | Description |
---|---|
topic_name | string Name or prefix-pattern with wildcard for the topic that the permission grants access to. To get the topic name, make a TopicService.List request. |
role | enum AccessRole Access role type to grant to the user.
|
allow_hosts[] | string Lists hosts allowed for this permission. When not defined, access from any host is allowed. Bare in mind that the same host might appear in multiple permissions at the same time, hence removing individual permission doesn't automatically restricts access from the allow_hosts of the permission. If the same host(s) is listed for another permission of the same principal/topic, the host(s) remains allowed. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any if operation finished successfully. |
GrantUserPermissionMetadata
Field | Description |
---|---|
cluster_id | string ID of the Apache Kafka® cluster the user belongs to. To get the cluster ID, make a ClusterService.List request. |
user_name | string Name of the user that is being granted a permission. |
User
Field | Description |
---|---|
name | string Name of the Kafka user. |
cluster_id | string ID of the Apache Kafka® cluster the user belongs to. To get the Apache Kafka® cluster ID, make a ClusterService.List request. |
permissions[] | Permission Set of permissions granted to this user. |
RevokePermission
Revokes permission from the specified Kafka user.
rpc RevokePermission (RevokeUserPermissionRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:RevokeUserPermissionMetadata
Operation.response:User
RevokeUserPermissionRequest
Field | Description |
---|---|
cluster_id | string Required. ID of the Apache Kafka® cluster the user belongs to. To get the cluster ID, make a ClusterService.List request. The maximum string length in characters is 50. |
user_name | string Required. Name of the user to revoke a permission from. To get the name of the user, make a UserService.List request. The string length in characters must be 1-63. Value must match the regular expression [a-zA-Z0-9_]* . |
permission | Permission Required. Permission that should be revoked from the specified user. |
Permission
Field | Description |
---|---|
topic_name | string Name or prefix-pattern with wildcard for the topic that the permission grants access to. To get the topic name, make a TopicService.List request. |
role | enum AccessRole Access role type to grant to the user.
|
allow_hosts[] | string Lists hosts allowed for this permission. When not defined, access from any host is allowed. Bare in mind that the same host might appear in multiple permissions at the same time, hence removing individual permission doesn't automatically restricts access from the allow_hosts of the permission. If the same host(s) is listed for another permission of the same principal/topic, the host(s) remains allowed. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any if operation finished successfully. |
RevokeUserPermissionMetadata
Field | Description |
---|---|
cluster_id | string ID of the Apache Kafka® cluster the user belongs to. |
user_name | string Name of the user whose permission is being revoked. |
User
Field | Description |
---|---|
name | string Name of the Kafka user. |
cluster_id | string ID of the Apache Kafka® cluster the user belongs to. To get the Apache Kafka® cluster ID, make a ClusterService.List request. |
permissions[] | Permission Set of permissions granted to this user. |