Google Cloud v8.34.0, Jun 11 25

Google Cloud v8.34.0 published on Wednesday, Jun 11, 2025 by Pulumi

gcp.managedkafka.Acl

Explore with Pulumi AI

Google Cloud v8.34.0 published on Wednesday, Jun 11, 2025 by Pulumi

pulumi/pulumi-gcp

Example Usage

Managedkafka Acl Basic

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const project = gcp.organizations.getProject({});
const cluster = new gcp.managedkafka.Cluster("cluster", {
    clusterId: "my-cluster",
    location: "us-central1",
    capacityConfig: {
        vcpuCount: "3",
        memoryBytes: "3221225472",
    },
    gcpConfig: {
        accessConfig: {
            networkConfigs: [{
                subnet: project.then(project => `projects/${project.number}/regions/us-central1/subnetworks/default`),
            }],
        },
    },
});
const example = new gcp.managedkafka.Acl("example", {
    aclId: "topic/mytopic",
    cluster: cluster.clusterId,
    location: "us-central1",
    aclEntries: [
        {
            principal: "User:admin@my-project.iam.gserviceaccount.com",
            permissionType: "ALLOW",
            operation: "ALL",
            host: "*",
        },
        {
            principal: "User:producer-client@my-project.iam.gserviceaccount.com",
            permissionType: "ALLOW",
            operation: "WRITE",
            host: "*",
        },
    ],
});

import pulumi
import pulumi_gcp as gcp

project = gcp.organizations.get_project()
cluster = gcp.managedkafka.Cluster("cluster",
    cluster_id="my-cluster",
    location="us-central1",
    capacity_config={
        "vcpu_count": "3",
        "memory_bytes": "3221225472",
    },
    gcp_config={
        "access_config": {
            "network_configs": [{
                "subnet": f"projects/{project.number}/regions/us-central1/subnetworks/default",
            }],
        },
    })
example = gcp.managedkafka.Acl("example",
    acl_id="topic/mytopic",
    cluster=cluster.cluster_id,
    location="us-central1",
    acl_entries=[
        {
            "principal": "User:admin@my-project.iam.gserviceaccount.com",
            "permission_type": "ALLOW",
            "operation": "ALL",
            "host": "*",
        },
        {
            "principal": "User:producer-client@my-project.iam.gserviceaccount.com",
            "permission_type": "ALLOW",
            "operation": "WRITE",
            "host": "*",
        },
    ])

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/managedkafka"
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		project, err := organizations.LookupProject(ctx, &organizations.LookupProjectArgs{}, nil)
		if err != nil {
			return err
		}
		cluster, err := managedkafka.NewCluster(ctx, "cluster", &managedkafka.ClusterArgs{
			ClusterId: pulumi.String("my-cluster"),
			Location:  pulumi.String("us-central1"),
			CapacityConfig: &managedkafka.ClusterCapacityConfigArgs{
				VcpuCount:   pulumi.String("3"),
				MemoryBytes: pulumi.String("3221225472"),
			},
			GcpConfig: &managedkafka.ClusterGcpConfigArgs{
				AccessConfig: &managedkafka.ClusterGcpConfigAccessConfigArgs{
					NetworkConfigs: managedkafka.ClusterGcpConfigAccessConfigNetworkConfigArray{
						&managedkafka.ClusterGcpConfigAccessConfigNetworkConfigArgs{
							Subnet: pulumi.Sprintf("projects/%v/regions/us-central1/subnetworks/default", project.Number),
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = managedkafka.NewAcl(ctx, "example", &managedkafka.AclArgs{
			AclId:    pulumi.String("topic/mytopic"),
			Cluster:  cluster.ClusterId,
			Location: pulumi.String("us-central1"),
			AclEntries: managedkafka.AclAclEntryArray{
				&managedkafka.AclAclEntryArgs{
					Principal:      pulumi.String("User:admin@my-project.iam.gserviceaccount.com"),
					PermissionType: pulumi.String("ALLOW"),
					Operation:      pulumi.String("ALL"),
					Host:           pulumi.String("*"),
				},
				&managedkafka.AclAclEntryArgs{
					Principal:      pulumi.String("User:producer-client@my-project.iam.gserviceaccount.com"),
					PermissionType: pulumi.String("ALLOW"),
					Operation:      pulumi.String("WRITE"),
					Host:           pulumi.String("*"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var project = Gcp.Organizations.GetProject.Invoke();

    var cluster = new Gcp.ManagedKafka.Cluster("cluster", new()
    {
        ClusterId = "my-cluster",
        Location = "us-central1",
        CapacityConfig = new Gcp.ManagedKafka.Inputs.ClusterCapacityConfigArgs
        {
            VcpuCount = "3",
            MemoryBytes = "3221225472",
        },
        GcpConfig = new Gcp.ManagedKafka.Inputs.ClusterGcpConfigArgs
        {
            AccessConfig = new Gcp.ManagedKafka.Inputs.ClusterGcpConfigAccessConfigArgs
            {
                NetworkConfigs = new[]
                {
                    new Gcp.ManagedKafka.Inputs.ClusterGcpConfigAccessConfigNetworkConfigArgs
                    {
                        Subnet = $"projects/{project.Apply(getProjectResult => getProjectResult.Number)}/regions/us-central1/subnetworks/default",
                    },
                },
            },
        },
    });

    var example = new Gcp.ManagedKafka.Acl("example", new()
    {
        AclId = "topic/mytopic",
        Cluster = cluster.ClusterId,
        Location = "us-central1",
        AclEntries = new[]
        {
            new Gcp.ManagedKafka.Inputs.AclAclEntryArgs
            {
                Principal = "User:admin@my-project.iam.gserviceaccount.com",
                PermissionType = "ALLOW",
                Operation = "ALL",
                Host = "*",
            },
            new Gcp.ManagedKafka.Inputs.AclAclEntryArgs
            {
                Principal = "User:producer-client@my-project.iam.gserviceaccount.com",
                PermissionType = "ALLOW",
                Operation = "WRITE",
                Host = "*",
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.managedkafka.Cluster;
import com.pulumi.gcp.managedkafka.ClusterArgs;
import com.pulumi.gcp.managedkafka.inputs.ClusterCapacityConfigArgs;
import com.pulumi.gcp.managedkafka.inputs.ClusterGcpConfigArgs;
import com.pulumi.gcp.managedkafka.inputs.ClusterGcpConfigAccessConfigArgs;
import com.pulumi.gcp.managedkafka.Acl;
import com.pulumi.gcp.managedkafka.AclArgs;
import com.pulumi.gcp.managedkafka.inputs.AclAclEntryArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()
            .build());

        var cluster = new Cluster("cluster", ClusterArgs.builder()
            .clusterId("my-cluster")
            .location("us-central1")
            .capacityConfig(ClusterCapacityConfigArgs.builder()
                .vcpuCount("3")
                .memoryBytes("3221225472")
                .build())
            .gcpConfig(ClusterGcpConfigArgs.builder()
                .accessConfig(ClusterGcpConfigAccessConfigArgs.builder()
                    .networkConfigs(ClusterGcpConfigAccessConfigNetworkConfigArgs.builder()
                        .subnet(String.format("projects/%s/regions/us-central1/subnetworks/default", project.number()))
                        .build())
                    .build())
                .build())
            .build());

        var example = new Acl("example", AclArgs.builder()
            .aclId("topic/mytopic")
            .cluster(cluster.clusterId())
            .location("us-central1")
            .aclEntries(            
                AclAclEntryArgs.builder()
                    .principal("User:admin@my-project.iam.gserviceaccount.com")
                    .permissionType("ALLOW")
                    .operation("ALL")
                    .host("*")
                    .build(),
                AclAclEntryArgs.builder()
                    .principal("User:producer-client@my-project.iam.gserviceaccount.com")
                    .permissionType("ALLOW")
                    .operation("WRITE")
                    .host("*")
                    .build())
            .build());

    }
}

resources:
  cluster:
    type: gcp:managedkafka:Cluster
    properties:
      clusterId: my-cluster
      location: us-central1
      capacityConfig:
        vcpuCount: 3
        memoryBytes: 3.221225472e+09
      gcpConfig:
        accessConfig:
          networkConfigs:
            - subnet: projects/${project.number}/regions/us-central1/subnetworks/default
  example:
    type: gcp:managedkafka:Acl
    properties:
      aclId: topic/mytopic
      cluster: ${cluster.clusterId}
      location: us-central1
      aclEntries:
        - principal: User:admin@my-project.iam.gserviceaccount.com
          permissionType: ALLOW
          operation: ALL
          host: '*'
        - principal: User:producer-client@my-project.iam.gserviceaccount.com
          permissionType: ALLOW
          operation: WRITE
          host: '*'
variables:
  project:
    fn::invoke:
      function: gcp:organizations:getProject
      arguments: {}

Create Acl Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Acl(name: string, args: AclArgs, opts?: CustomResourceOptions);

@overload
def Acl(resource_name: str,
        args: AclArgs,
        opts: Optional[ResourceOptions] = None)

@overload
def Acl(resource_name: str,
        opts: Optional[ResourceOptions] = None,
        acl_entries: Optional[Sequence[AclAclEntryArgs]] = None,
        acl_id: Optional[str] = None,
        cluster: Optional[str] = None,
        location: Optional[str] = None,
        project: Optional[str] = None)

func NewAcl(ctx *Context, name string, args AclArgs, opts ...ResourceOption) (*Acl, error)

public Acl(string name, AclArgs args, CustomResourceOptions? opts = null)

public Acl(String name, AclArgs args)
public Acl(String name, AclArgs args, CustomResourceOptions options)

type: gcp:managedkafka:Acl
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args AclArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args AclArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args AclArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AclArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args AclArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var aclResource = new Gcp.ManagedKafka.Acl("aclResource", new()
{
    AclEntries = new[]
    {
        new Gcp.ManagedKafka.Inputs.AclAclEntryArgs
        {
            Operation = "string",
            Principal = "string",
            Host = "string",
            PermissionType = "string",
        },
    },
    AclId = "string",
    Cluster = "string",
    Location = "string",
    Project = "string",
});

example, err := managedkafka.NewAcl(ctx, "aclResource", &managedkafka.AclArgs{
	AclEntries: managedkafka.AclAclEntryArray{
		&managedkafka.AclAclEntryArgs{
			Operation:      pulumi.String("string"),
			Principal:      pulumi.String("string"),
			Host:           pulumi.String("string"),
			PermissionType: pulumi.String("string"),
		},
	},
	AclId:    pulumi.String("string"),
	Cluster:  pulumi.String("string"),
	Location: pulumi.String("string"),
	Project:  pulumi.String("string"),
})

var aclResource = new Acl("aclResource", AclArgs.builder()
    .aclEntries(AclAclEntryArgs.builder()
        .operation("string")
        .principal("string")
        .host("string")
        .permissionType("string")
        .build())
    .aclId("string")
    .cluster("string")
    .location("string")
    .project("string")
    .build());

acl_resource = gcp.managedkafka.Acl("aclResource",
    acl_entries=[{
        "operation": "string",
        "principal": "string",
        "host": "string",
        "permission_type": "string",
    }],
    acl_id="string",
    cluster="string",
    location="string",
    project="string")

const aclResource = new gcp.managedkafka.Acl("aclResource", {
    aclEntries: [{
        operation: "string",
        principal: "string",
        host: "string",
        permissionType: "string",
    }],
    aclId: "string",
    cluster: "string",
    location: "string",
    project: "string",
});

type: gcp:managedkafka:Acl
properties:
    aclEntries:
        - host: string
          operation: string
          permissionType: string
          principal: string
    aclId: string
    cluster: string
    location: string
    project: string

Acl Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Acl resource accepts the following input properties:

AclEntries List<AclAclEntry>: The acl entries that apply to the resource pattern. The maximum number of allowed entries is 100. Structure is documented below.
AclId string: The ID to use for the acl, which will become the final component of the acl's name. The structure of aclId defines the Resource Pattern (resource_type, resource_name, pattern_type) of the acl. aclId is structured like one of the following: For acls on the cluster: cluster For acls on a single resource within the cluster: topic/{resource_name} consumerGroup/{resource_name} transactionalId/{resource_name} For acls on all resources that match a prefix: topicPrefixed/{resource_name} consumerGroupPrefixed/{resource_name} transactionalIdPrefixed/{resource_name} For acls on all resources of a given type (i.e. the wildcard literal '*''): allTopics (represents topic/*) allConsumerGroups (represents consumerGroup/*) allTransactionalIds (represents transactionalId/*).
Cluster string: The cluster name.
Location string: ID of the location of the Kafka resource. See https://cloud.google.com/managed-kafka/docs/locations for a list of supported locations.
Project string

AclEntries []AclAclEntryArgs: The acl entries that apply to the resource pattern. The maximum number of allowed entries is 100. Structure is documented below.
AclId string: The ID to use for the acl, which will become the final component of the acl's name. The structure of aclId defines the Resource Pattern (resource_type, resource_name, pattern_type) of the acl. aclId is structured like one of the following: For acls on the cluster: cluster For acls on a single resource within the cluster: topic/{resource_name} consumerGroup/{resource_name} transactionalId/{resource_name} For acls on all resources that match a prefix: topicPrefixed/{resource_name} consumerGroupPrefixed/{resource_name} transactionalIdPrefixed/{resource_name} For acls on all resources of a given type (i.e. the wildcard literal '*''): allTopics (represents topic/*) allConsumerGroups (represents consumerGroup/*) allTransactionalIds (represents transactionalId/*).
Cluster string: The cluster name.
Location string: ID of the location of the Kafka resource. See https://cloud.google.com/managed-kafka/docs/locations for a list of supported locations.
Project string

aclEntries List<AclAclEntry>: The acl entries that apply to the resource pattern. The maximum number of allowed entries is 100. Structure is documented below.
aclId String: The ID to use for the acl, which will become the final component of the acl's name. The structure of aclId defines the Resource Pattern (resource_type, resource_name, pattern_type) of the acl. aclId is structured like one of the following: For acls on the cluster: cluster For acls on a single resource within the cluster: topic/{resource_name} consumerGroup/{resource_name} transactionalId/{resource_name} For acls on all resources that match a prefix: topicPrefixed/{resource_name} consumerGroupPrefixed/{resource_name} transactionalIdPrefixed/{resource_name} For acls on all resources of a given type (i.e. the wildcard literal '*''): allTopics (represents topic/*) allConsumerGroups (represents consumerGroup/*) allTransactionalIds (represents transactionalId/*).
cluster String: The cluster name.
location String: ID of the location of the Kafka resource. See https://cloud.google.com/managed-kafka/docs/locations for a list of supported locations.
project String

aclEntries AclAclEntry[]: The acl entries that apply to the resource pattern. The maximum number of allowed entries is 100. Structure is documented below.
aclId string: The ID to use for the acl, which will become the final component of the acl's name. The structure of aclId defines the Resource Pattern (resource_type, resource_name, pattern_type) of the acl. aclId is structured like one of the following: For acls on the cluster: cluster For acls on a single resource within the cluster: topic/{resource_name} consumerGroup/{resource_name} transactionalId/{resource_name} For acls on all resources that match a prefix: topicPrefixed/{resource_name} consumerGroupPrefixed/{resource_name} transactionalIdPrefixed/{resource_name} For acls on all resources of a given type (i.e. the wildcard literal '*''): allTopics (represents topic/*) allConsumerGroups (represents consumerGroup/*) allTransactionalIds (represents transactionalId/*).
cluster string: The cluster name.
location string: ID of the location of the Kafka resource. See https://cloud.google.com/managed-kafka/docs/locations for a list of supported locations.
project string

acl_entries Sequence[AclAclEntryArgs]: The acl entries that apply to the resource pattern. The maximum number of allowed entries is 100. Structure is documented below.
acl_id str: The ID to use for the acl, which will become the final component of the acl's name. The structure of aclId defines the Resource Pattern (resource_type, resource_name, pattern_type) of the acl. aclId is structured like one of the following: For acls on the cluster: cluster For acls on a single resource within the cluster: topic/{resource_name} consumerGroup/{resource_name} transactionalId/{resource_name} For acls on all resources that match a prefix: topicPrefixed/{resource_name} consumerGroupPrefixed/{resource_name} transactionalIdPrefixed/{resource_name} For acls on all resources of a given type (i.e. the wildcard literal '*''): allTopics (represents topic/*) allConsumerGroups (represents consumerGroup/*) allTransactionalIds (represents transactionalId/*).
cluster str: The cluster name.
location str: ID of the location of the Kafka resource. See https://cloud.google.com/managed-kafka/docs/locations for a list of supported locations.
project str

aclEntries List<Property Map>: The acl entries that apply to the resource pattern. The maximum number of allowed entries is 100. Structure is documented below.
aclId String: The ID to use for the acl, which will become the final component of the acl's name. The structure of aclId defines the Resource Pattern (resource_type, resource_name, pattern_type) of the acl. aclId is structured like one of the following: For acls on the cluster: cluster For acls on a single resource within the cluster: topic/{resource_name} consumerGroup/{resource_name} transactionalId/{resource_name} For acls on all resources that match a prefix: topicPrefixed/{resource_name} consumerGroupPrefixed/{resource_name} transactionalIdPrefixed/{resource_name} For acls on all resources of a given type (i.e. the wildcard literal '*''): allTopics (represents topic/*) allConsumerGroups (represents consumerGroup/*) allTransactionalIds (represents transactionalId/*).
cluster String: The cluster name.
location String: ID of the location of the Kafka resource. See https://cloud.google.com/managed-kafka/docs/locations for a list of supported locations.
project String

Outputs

All input properties are implicitly available as output properties. Additionally, the Acl resource produces the following output properties:

Etag string: etag is used for concurrency control. An etag is returned in the response to GetAcl and CreateAcl. Callers are required to put that etag in the request to UpdateAcl to ensure that their change will be applied to the same version of the acl that exists in the Kafka Cluster. A terminal 'T' character in the etag indicates that the AclEntries were truncated due to repeated field limits.
Id string: The provider-assigned unique ID for this managed resource.
Name string: The name of the acl. The ACL_ID segment is used when connecting directly to the cluster. Must be in the format projects/PROJECT_ID/locations/LOCATION/clusters/CLUSTER_ID/acls/ACL_ID.
PatternType string: The acl pattern type derived from the name. One of: LITERAL, PREFIXED.
ResourceName string: The acl resource name derived from the name. For cluster resource_type, this is always "kafka-cluster". Can be the wildcard literal "*".
ResourceType string: The acl resource type derived from the name. One of: CLUSTER, TOPIC, GROUP, TRANSACTIONAL_ID.

Etag string: etag is used for concurrency control. An etag is returned in the response to GetAcl and CreateAcl. Callers are required to put that etag in the request to UpdateAcl to ensure that their change will be applied to the same version of the acl that exists in the Kafka Cluster. A terminal 'T' character in the etag indicates that the AclEntries were truncated due to repeated field limits.
Id string: The provider-assigned unique ID for this managed resource.
Name string: The name of the acl. The ACL_ID segment is used when connecting directly to the cluster. Must be in the format projects/PROJECT_ID/locations/LOCATION/clusters/CLUSTER_ID/acls/ACL_ID.
PatternType string: The acl pattern type derived from the name. One of: LITERAL, PREFIXED.
ResourceName string: The acl resource name derived from the name. For cluster resource_type, this is always "kafka-cluster". Can be the wildcard literal "*".
ResourceType string: The acl resource type derived from the name. One of: CLUSTER, TOPIC, GROUP, TRANSACTIONAL_ID.

etag String: etag is used for concurrency control. An etag is returned in the response to GetAcl and CreateAcl. Callers are required to put that etag in the request to UpdateAcl to ensure that their change will be applied to the same version of the acl that exists in the Kafka Cluster. A terminal 'T' character in the etag indicates that the AclEntries were truncated due to repeated field limits.
id String: The provider-assigned unique ID for this managed resource.
name String: The name of the acl. The ACL_ID segment is used when connecting directly to the cluster. Must be in the format projects/PROJECT_ID/locations/LOCATION/clusters/CLUSTER_ID/acls/ACL_ID.
patternType String: The acl pattern type derived from the name. One of: LITERAL, PREFIXED.
resourceName String: The acl resource name derived from the name. For cluster resource_type, this is always "kafka-cluster". Can be the wildcard literal "*".
resourceType String: The acl resource type derived from the name. One of: CLUSTER, TOPIC, GROUP, TRANSACTIONAL_ID.

etag string: etag is used for concurrency control. An etag is returned in the response to GetAcl and CreateAcl. Callers are required to put that etag in the request to UpdateAcl to ensure that their change will be applied to the same version of the acl that exists in the Kafka Cluster. A terminal 'T' character in the etag indicates that the AclEntries were truncated due to repeated field limits.
id string: The provider-assigned unique ID for this managed resource.
name string: The name of the acl. The ACL_ID segment is used when connecting directly to the cluster. Must be in the format projects/PROJECT_ID/locations/LOCATION/clusters/CLUSTER_ID/acls/ACL_ID.
patternType string: The acl pattern type derived from the name. One of: LITERAL, PREFIXED.
resourceName string: The acl resource name derived from the name. For cluster resource_type, this is always "kafka-cluster". Can be the wildcard literal "*".
resourceType string: The acl resource type derived from the name. One of: CLUSTER, TOPIC, GROUP, TRANSACTIONAL_ID.

etag str: etag is used for concurrency control. An etag is returned in the response to GetAcl and CreateAcl. Callers are required to put that etag in the request to UpdateAcl to ensure that their change will be applied to the same version of the acl that exists in the Kafka Cluster. A terminal 'T' character in the etag indicates that the AclEntries were truncated due to repeated field limits.
id str: The provider-assigned unique ID for this managed resource.
name str: The name of the acl. The ACL_ID segment is used when connecting directly to the cluster. Must be in the format projects/PROJECT_ID/locations/LOCATION/clusters/CLUSTER_ID/acls/ACL_ID.
pattern_type str: The acl pattern type derived from the name. One of: LITERAL, PREFIXED.
resource_name str: The acl resource name derived from the name. For cluster resource_type, this is always "kafka-cluster". Can be the wildcard literal "*".
resource_type str: The acl resource type derived from the name. One of: CLUSTER, TOPIC, GROUP, TRANSACTIONAL_ID.

etag String: etag is used for concurrency control. An etag is returned in the response to GetAcl and CreateAcl. Callers are required to put that etag in the request to UpdateAcl to ensure that their change will be applied to the same version of the acl that exists in the Kafka Cluster. A terminal 'T' character in the etag indicates that the AclEntries were truncated due to repeated field limits.
id String: The provider-assigned unique ID for this managed resource.
name String: The name of the acl. The ACL_ID segment is used when connecting directly to the cluster. Must be in the format projects/PROJECT_ID/locations/LOCATION/clusters/CLUSTER_ID/acls/ACL_ID.
patternType String: The acl pattern type derived from the name. One of: LITERAL, PREFIXED.
resourceName String: The acl resource name derived from the name. For cluster resource_type, this is always "kafka-cluster". Can be the wildcard literal "*".
resourceType String: The acl resource type derived from the name. One of: CLUSTER, TOPIC, GROUP, TRANSACTIONAL_ID.

Look up Existing Acl Resource

Get an existing Acl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AclState, opts?: CustomResourceOptions): Acl

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        acl_entries: Optional[Sequence[AclAclEntryArgs]] = None,
        acl_id: Optional[str] = None,
        cluster: Optional[str] = None,
        etag: Optional[str] = None,
        location: Optional[str] = None,
        name: Optional[str] = None,
        pattern_type: Optional[str] = None,
        project: Optional[str] = None,
        resource_name: Optional[str] = None,
        resource_type: Optional[str] = None) -> Acl

func GetAcl(ctx *Context, name string, id IDInput, state *AclState, opts ...ResourceOption) (*Acl, error)

public static Acl Get(string name, Input<string> id, AclState? state, CustomResourceOptions? opts = null)

public static Acl get(String name, Output<String> id, AclState state, CustomResourceOptions options)

resources:  _:    type: gcp:managedkafka:Acl    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AclEntries List<AclAclEntry>: The acl entries that apply to the resource pattern. The maximum number of allowed entries is 100. Structure is documented below.
AclId string: The ID to use for the acl, which will become the final component of the acl's name. The structure of aclId defines the Resource Pattern (resource_type, resource_name, pattern_type) of the acl. aclId is structured like one of the following: For acls on the cluster: cluster For acls on a single resource within the cluster: topic/{resource_name} consumerGroup/{resource_name} transactionalId/{resource_name} For acls on all resources that match a prefix: topicPrefixed/{resource_name} consumerGroupPrefixed/{resource_name} transactionalIdPrefixed/{resource_name} For acls on all resources of a given type (i.e. the wildcard literal '*''): allTopics (represents topic/*) allConsumerGroups (represents consumerGroup/*) allTransactionalIds (represents transactionalId/*).
Cluster string: The cluster name.
Etag string: etag is used for concurrency control. An etag is returned in the response to GetAcl and CreateAcl. Callers are required to put that etag in the request to UpdateAcl to ensure that their change will be applied to the same version of the acl that exists in the Kafka Cluster. A terminal 'T' character in the etag indicates that the AclEntries were truncated due to repeated field limits.
Location string: ID of the location of the Kafka resource. See https://cloud.google.com/managed-kafka/docs/locations for a list of supported locations.
Name string: The name of the acl. The ACL_ID segment is used when connecting directly to the cluster. Must be in the format projects/PROJECT_ID/locations/LOCATION/clusters/CLUSTER_ID/acls/ACL_ID.
PatternType string: The acl pattern type derived from the name. One of: LITERAL, PREFIXED.
Project string
ResourceName string: The acl resource name derived from the name. For cluster resource_type, this is always "kafka-cluster". Can be the wildcard literal "*".
ResourceType string: The acl resource type derived from the name. One of: CLUSTER, TOPIC, GROUP, TRANSACTIONAL_ID.

AclEntries []AclAclEntryArgs: The acl entries that apply to the resource pattern. The maximum number of allowed entries is 100. Structure is documented below.
AclId string: The ID to use for the acl, which will become the final component of the acl's name. The structure of aclId defines the Resource Pattern (resource_type, resource_name, pattern_type) of the acl. aclId is structured like one of the following: For acls on the cluster: cluster For acls on a single resource within the cluster: topic/{resource_name} consumerGroup/{resource_name} transactionalId/{resource_name} For acls on all resources that match a prefix: topicPrefixed/{resource_name} consumerGroupPrefixed/{resource_name} transactionalIdPrefixed/{resource_name} For acls on all resources of a given type (i.e. the wildcard literal '*''): allTopics (represents topic/*) allConsumerGroups (represents consumerGroup/*) allTransactionalIds (represents transactionalId/*).
Cluster string: The cluster name.
Etag string: etag is used for concurrency control. An etag is returned in the response to GetAcl and CreateAcl. Callers are required to put that etag in the request to UpdateAcl to ensure that their change will be applied to the same version of the acl that exists in the Kafka Cluster. A terminal 'T' character in the etag indicates that the AclEntries were truncated due to repeated field limits.
Location string: ID of the location of the Kafka resource. See https://cloud.google.com/managed-kafka/docs/locations for a list of supported locations.
Name string: The name of the acl. The ACL_ID segment is used when connecting directly to the cluster. Must be in the format projects/PROJECT_ID/locations/LOCATION/clusters/CLUSTER_ID/acls/ACL_ID.
PatternType string: The acl pattern type derived from the name. One of: LITERAL, PREFIXED.
Project string
ResourceName string: The acl resource name derived from the name. For cluster resource_type, this is always "kafka-cluster". Can be the wildcard literal "*".
ResourceType string: The acl resource type derived from the name. One of: CLUSTER, TOPIC, GROUP, TRANSACTIONAL_ID.

aclEntries List<AclAclEntry>: The acl entries that apply to the resource pattern. The maximum number of allowed entries is 100. Structure is documented below.
aclId String: The ID to use for the acl, which will become the final component of the acl's name. The structure of aclId defines the Resource Pattern (resource_type, resource_name, pattern_type) of the acl. aclId is structured like one of the following: For acls on the cluster: cluster For acls on a single resource within the cluster: topic/{resource_name} consumerGroup/{resource_name} transactionalId/{resource_name} For acls on all resources that match a prefix: topicPrefixed/{resource_name} consumerGroupPrefixed/{resource_name} transactionalIdPrefixed/{resource_name} For acls on all resources of a given type (i.e. the wildcard literal '*''): allTopics (represents topic/*) allConsumerGroups (represents consumerGroup/*) allTransactionalIds (represents transactionalId/*).
cluster String: The cluster name.
etag String: etag is used for concurrency control. An etag is returned in the response to GetAcl and CreateAcl. Callers are required to put that etag in the request to UpdateAcl to ensure that their change will be applied to the same version of the acl that exists in the Kafka Cluster. A terminal 'T' character in the etag indicates that the AclEntries were truncated due to repeated field limits.
location String: ID of the location of the Kafka resource. See https://cloud.google.com/managed-kafka/docs/locations for a list of supported locations.
name String: The name of the acl. The ACL_ID segment is used when connecting directly to the cluster. Must be in the format projects/PROJECT_ID/locations/LOCATION/clusters/CLUSTER_ID/acls/ACL_ID.
patternType String: The acl pattern type derived from the name. One of: LITERAL, PREFIXED.
project String
resourceName String: The acl resource name derived from the name. For cluster resource_type, this is always "kafka-cluster". Can be the wildcard literal "*".
resourceType String: The acl resource type derived from the name. One of: CLUSTER, TOPIC, GROUP, TRANSACTIONAL_ID.

aclEntries AclAclEntry[]: The acl entries that apply to the resource pattern. The maximum number of allowed entries is 100. Structure is documented below.
aclId string: The ID to use for the acl, which will become the final component of the acl's name. The structure of aclId defines the Resource Pattern (resource_type, resource_name, pattern_type) of the acl. aclId is structured like one of the following: For acls on the cluster: cluster For acls on a single resource within the cluster: topic/{resource_name} consumerGroup/{resource_name} transactionalId/{resource_name} For acls on all resources that match a prefix: topicPrefixed/{resource_name} consumerGroupPrefixed/{resource_name} transactionalIdPrefixed/{resource_name} For acls on all resources of a given type (i.e. the wildcard literal '*''): allTopics (represents topic/*) allConsumerGroups (represents consumerGroup/*) allTransactionalIds (represents transactionalId/*).
cluster string: The cluster name.
etag string: etag is used for concurrency control. An etag is returned in the response to GetAcl and CreateAcl. Callers are required to put that etag in the request to UpdateAcl to ensure that their change will be applied to the same version of the acl that exists in the Kafka Cluster. A terminal 'T' character in the etag indicates that the AclEntries were truncated due to repeated field limits.
location string: ID of the location of the Kafka resource. See https://cloud.google.com/managed-kafka/docs/locations for a list of supported locations.
name string: The name of the acl. The ACL_ID segment is used when connecting directly to the cluster. Must be in the format projects/PROJECT_ID/locations/LOCATION/clusters/CLUSTER_ID/acls/ACL_ID.
patternType string: The acl pattern type derived from the name. One of: LITERAL, PREFIXED.
project string
resourceName string: The acl resource name derived from the name. For cluster resource_type, this is always "kafka-cluster". Can be the wildcard literal "*".
resourceType string: The acl resource type derived from the name. One of: CLUSTER, TOPIC, GROUP, TRANSACTIONAL_ID.

acl_entries Sequence[AclAclEntryArgs]: The acl entries that apply to the resource pattern. The maximum number of allowed entries is 100. Structure is documented below.
acl_id str: The ID to use for the acl, which will become the final component of the acl's name. The structure of aclId defines the Resource Pattern (resource_type, resource_name, pattern_type) of the acl. aclId is structured like one of the following: For acls on the cluster: cluster For acls on a single resource within the cluster: topic/{resource_name} consumerGroup/{resource_name} transactionalId/{resource_name} For acls on all resources that match a prefix: topicPrefixed/{resource_name} consumerGroupPrefixed/{resource_name} transactionalIdPrefixed/{resource_name} For acls on all resources of a given type (i.e. the wildcard literal '*''): allTopics (represents topic/*) allConsumerGroups (represents consumerGroup/*) allTransactionalIds (represents transactionalId/*).
cluster str: The cluster name.
etag str: etag is used for concurrency control. An etag is returned in the response to GetAcl and CreateAcl. Callers are required to put that etag in the request to UpdateAcl to ensure that their change will be applied to the same version of the acl that exists in the Kafka Cluster. A terminal 'T' character in the etag indicates that the AclEntries were truncated due to repeated field limits.
location str: ID of the location of the Kafka resource. See https://cloud.google.com/managed-kafka/docs/locations for a list of supported locations.
name str: The name of the acl. The ACL_ID segment is used when connecting directly to the cluster. Must be in the format projects/PROJECT_ID/locations/LOCATION/clusters/CLUSTER_ID/acls/ACL_ID.
pattern_type str: The acl pattern type derived from the name. One of: LITERAL, PREFIXED.
project str
resource_name str: The acl resource name derived from the name. For cluster resource_type, this is always "kafka-cluster". Can be the wildcard literal "*".
resource_type str: The acl resource type derived from the name. One of: CLUSTER, TOPIC, GROUP, TRANSACTIONAL_ID.

aclEntries List<Property Map>: The acl entries that apply to the resource pattern. The maximum number of allowed entries is 100. Structure is documented below.
aclId String: The ID to use for the acl, which will become the final component of the acl's name. The structure of aclId defines the Resource Pattern (resource_type, resource_name, pattern_type) of the acl. aclId is structured like one of the following: For acls on the cluster: cluster For acls on a single resource within the cluster: topic/{resource_name} consumerGroup/{resource_name} transactionalId/{resource_name} For acls on all resources that match a prefix: topicPrefixed/{resource_name} consumerGroupPrefixed/{resource_name} transactionalIdPrefixed/{resource_name} For acls on all resources of a given type (i.e. the wildcard literal '*''): allTopics (represents topic/*) allConsumerGroups (represents consumerGroup/*) allTransactionalIds (represents transactionalId/*).
cluster String: The cluster name.
etag String: etag is used for concurrency control. An etag is returned in the response to GetAcl and CreateAcl. Callers are required to put that etag in the request to UpdateAcl to ensure that their change will be applied to the same version of the acl that exists in the Kafka Cluster. A terminal 'T' character in the etag indicates that the AclEntries were truncated due to repeated field limits.
location String: ID of the location of the Kafka resource. See https://cloud.google.com/managed-kafka/docs/locations for a list of supported locations.
name String: The name of the acl. The ACL_ID segment is used when connecting directly to the cluster. Must be in the format projects/PROJECT_ID/locations/LOCATION/clusters/CLUSTER_ID/acls/ACL_ID.
patternType String: The acl pattern type derived from the name. One of: LITERAL, PREFIXED.
project String
resourceName String: The acl resource name derived from the name. For cluster resource_type, this is always "kafka-cluster". Can be the wildcard literal "*".
resourceType String: The acl resource type derived from the name. One of: CLUSTER, TOPIC, GROUP, TRANSACTIONAL_ID.

Supporting Types

AclAclEntry, AclAclEntryArgs

Operation string: The operation type. Allowed values are (case insensitive): ALL, READ, WRITE, CREATE, DELETE, ALTER, DESCRIBE, CLUSTER_ACTION, DESCRIBE_CONFIGS, ALTER_CONFIGS, and IDEMPOTENT_WRITE. See https://kafka.apache.org/documentation/#operations_resources_and_protocols for valid combinations of resource_type and operation for different Kafka API requests.
Principal string: The principal. Specified as Google Cloud account, with the Kafka StandardAuthorizer prefix User:". For example: "User:test-kafka-client@test-project.iam.gserviceaccount.com". Can be the wildcard "User:*" to refer to all users.
Host string: The host. Must be set to "*" for Managed Service for Apache Kafka.
PermissionType string: The permission type. Accepted values are (case insensitive): ALLOW, DENY.

Operation string: The operation type. Allowed values are (case insensitive): ALL, READ, WRITE, CREATE, DELETE, ALTER, DESCRIBE, CLUSTER_ACTION, DESCRIBE_CONFIGS, ALTER_CONFIGS, and IDEMPOTENT_WRITE. See https://kafka.apache.org/documentation/#operations_resources_and_protocols for valid combinations of resource_type and operation for different Kafka API requests.
Principal string: The principal. Specified as Google Cloud account, with the Kafka StandardAuthorizer prefix User:". For example: "User:test-kafka-client@test-project.iam.gserviceaccount.com". Can be the wildcard "User:*" to refer to all users.
Host string: The host. Must be set to "*" for Managed Service for Apache Kafka.
PermissionType string: The permission type. Accepted values are (case insensitive): ALLOW, DENY.

operation String: The operation type. Allowed values are (case insensitive): ALL, READ, WRITE, CREATE, DELETE, ALTER, DESCRIBE, CLUSTER_ACTION, DESCRIBE_CONFIGS, ALTER_CONFIGS, and IDEMPOTENT_WRITE. See https://kafka.apache.org/documentation/#operations_resources_and_protocols for valid combinations of resource_type and operation for different Kafka API requests.
principal String: The principal. Specified as Google Cloud account, with the Kafka StandardAuthorizer prefix User:". For example: "User:test-kafka-client@test-project.iam.gserviceaccount.com". Can be the wildcard "User:*" to refer to all users.
host String: The host. Must be set to "*" for Managed Service for Apache Kafka.
permissionType String: The permission type. Accepted values are (case insensitive): ALLOW, DENY.

operation string: The operation type. Allowed values are (case insensitive): ALL, READ, WRITE, CREATE, DELETE, ALTER, DESCRIBE, CLUSTER_ACTION, DESCRIBE_CONFIGS, ALTER_CONFIGS, and IDEMPOTENT_WRITE. See https://kafka.apache.org/documentation/#operations_resources_and_protocols for valid combinations of resource_type and operation for different Kafka API requests.
principal string: The principal. Specified as Google Cloud account, with the Kafka StandardAuthorizer prefix User:". For example: "User:test-kafka-client@test-project.iam.gserviceaccount.com". Can be the wildcard "User:*" to refer to all users.
host string: The host. Must be set to "*" for Managed Service for Apache Kafka.
permissionType string: The permission type. Accepted values are (case insensitive): ALLOW, DENY.

operation str: The operation type. Allowed values are (case insensitive): ALL, READ, WRITE, CREATE, DELETE, ALTER, DESCRIBE, CLUSTER_ACTION, DESCRIBE_CONFIGS, ALTER_CONFIGS, and IDEMPOTENT_WRITE. See https://kafka.apache.org/documentation/#operations_resources_and_protocols for valid combinations of resource_type and operation for different Kafka API requests.
principal str: The principal. Specified as Google Cloud account, with the Kafka StandardAuthorizer prefix User:". For example: "User:test-kafka-client@test-project.iam.gserviceaccount.com". Can be the wildcard "User:*" to refer to all users.
host str: The host. Must be set to "*" for Managed Service for Apache Kafka.
permission_type str: The permission type. Accepted values are (case insensitive): ALLOW, DENY.

operation String: The operation type. Allowed values are (case insensitive): ALL, READ, WRITE, CREATE, DELETE, ALTER, DESCRIBE, CLUSTER_ACTION, DESCRIBE_CONFIGS, ALTER_CONFIGS, and IDEMPOTENT_WRITE. See https://kafka.apache.org/documentation/#operations_resources_and_protocols for valid combinations of resource_type and operation for different Kafka API requests.
principal String: The principal. Specified as Google Cloud account, with the Kafka StandardAuthorizer prefix User:". For example: "User:test-kafka-client@test-project.iam.gserviceaccount.com". Can be the wildcard "User:*" to refer to all users.
host String: The host. Must be set to "*" for Managed Service for Apache Kafka.
permissionType String: The permission type. Accepted values are (case insensitive): ALLOW, DENY.

Import

Acl can be imported using any of these accepted formats:

projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/acls/{{acl_id}}

When using the pulumi import command, Acl can be imported using one of the formats above. For example:

$ pulumi import gcp:managedkafka/acl:Acl default projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/acls/{{acl_id}}

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Google Cloud (GCP) Classic pulumi/pulumi-gcp
License: Apache-2.0
Notes: This Pulumi package is based on the google-beta Terraform Provider.

Google Cloud v8.34.0 published on Wednesday, Jun 11, 2025 by Pulumi

pulumi/pulumi-gcp

gcp.managedkafka.Acl

On this page

On this page

Example Usage

Managedkafka Acl Basic

Create Acl Resource

Constructor syntax

Parameters

Constructor example

Acl Resource Properties

Inputs

Outputs

Look up Existing Acl Resource

Supporting Types

AclAclEntry, AclAclEntryArgs

Import

Package Details

On this page

On this page