Kafka Administrator
Client Access
Before a client can access Kafka, their user principal must be granted access by an administrator.
Grant User Access
To grant a user access to Kafka, a user with admin privileges issues a PUT request to /api/v1/kafka/users/{user}
where {user} is the user’s principal ID (in Keycloak).
|
A user can get their principal from the auth test API. |
curl -X 'PUT' \
'http://DF_HOST/api/v1/kafka/users/21feb230-3ac4-471c-b90d-6d145a8b3f6e' \ (1)
-H 'accept: application/json' \
-H 'Authorization: Basic YWRtaW46TDk1aDUxbllkb2lxWWFJT2l0eHVLUFh6' (2)| 1 | The user principal to grant access to Kafka. |
| 2 | Credentials for an admin user (can use Basic username/password or Bearer token). |
If successful, you will get a response that echos back a confirmation of the user’s principal that was granted.
{
"name": "21feb230-3ac4-471c-b90d-6d145a8b3f6e"
}List Authorized Users
Admins can get a list of currently authorized users with a GET to /api/v1/kafka/users.
curl -X 'GET' \
'http://localhost/api/v1/kafka/users' \
-H 'accept: application/json' \
-H 'Authorization: Basic YWRtaW46TDk1aDUxbllkb2lxWWFJT2l0eHVLUFh6'[
{
"name": "21feb230-3ac4-471c-b90d-6d145a8b3f6e"
},
{
"name": "972f1aff-9c94-4e73-92be-f45a9156c83e"
},
{
"name": "2204a4ec-9137-4d3d-a61a-b24409a9cd20"
}
]Revoke User Access
To revoke a user’s access to Kafka, an admin issues a DELETE request to {url-base/users/{user}
where {user} is the user’s principal ID (in Keycloak).
|
A user can get their principal from the auth test API. |
curl -X 'DELETE' \
'http://DF_HOST/api/v1/kafka/users/21feb230-3ac4-471c-b90d-6d145a8b3f6e' \ (1)
-H 'accept: application/json' \
-H 'Authorization: Basic YWRtaW46TDk1aDUxbllkb2lxWWFJT2l0eHVLUFh6' (2)| 1 | The user principal to revoke access to Kafka. |
| 2 | Credentials for an admin user (can use Basic username/password or Bearer token). |
If successful, you will get a response that echos back a confirmation of the user’s principal that was revoked.
{
"name": "21feb230-3ac4-471c-b90d-6d145a8b3f6e"
}