Provide Stream Shares from Confluent Cloud¶

As a data provider, you can send invites and revoke access to shared data using the Confluent Cloud Console, the Confluent CLI or REST APIs.

Additionally you can describe the data you share with format and organization information, so that its origin is clear to consumers.

To share data, you must be an administrator in your Confluent Cloud organization or environment.

If you are using role-based access control (RBAC), you must have one of the following roles to initiate data sharing:

Stream shares¶

Once Stream Sharing has been enabled for your Confluent Cloud organization, you can easily share data by inviting users through email. To enable Stream Sharing, you must be an administrator for the organization, environment, or cluster. You can send one invitation to an email address. If a consumer cannot access their email invitation, resend the invitation. You can send invitations as often as you like until the invitation has been accepted. Once an invitation has been accepted, generating additional invitations results in an error.

Invitations contain a token for authentication. The token is automatically generated and added to the invitation. A token is redeemable only once.

The consumer uses the token to obtain an API key and secret. The API key and secret provide the user with read-only access to your shared topics and schemas. We restrict access to your resources with an internal service account and role-based access control (RBAC). To restrict access to your data, we bind the internal service account to these internal RBAC roles:

StreamShareRead - provides read access to shared topics.
- Allows consumers to read topics and groups
StreamShareSchemaRegistryRead - provides read access to the Schema Registry subject.
- Allows consumers to read Schema Registry subjects

Note

You can’t directly use the internal Stream Sharing RBAC service account or the associated RBAC roles.

The following examples show you how to share a stream with an email invitation.

In Cloud Console, you can share data from either Topics or the Confluent Cloud main page.

Sign in to Confluent Cloud with an administrator account.
1. Select the environment and cluster that contains the topic you want to share.
2. Click Topics in the navigation menu.
3. On the Topics page, take one of the following actions:
  - Hover over the topic you want to share and select to the right of topic information.
  - Select a topic and then select in the upper right.
  - Select a topic, select Explore Stream Lineage, select the topic node and select in the upper right.
  If you are not an administrator for the cluster, environment, or organization that contains the topic you want to share, you will not see the Share icon or button.
1. Select Stream shares.
2. Select Share a topic.
3. Specify Environment, Cluster, Topic, and select Next.
Enter the email of the person to which you would like to give read access of the topic. (Optional) You can also specify one or more Schema subjects to share with this account. Enter one email address at a time. If the email address is incorrectly formatted, you get an error.

Note

To view the status of all invitations to this topic, click Shared with. To resend or revoke invitations, click Manage invites.
Click Invite to send the invitation. A consumer will have seven days to access the data via the link provided, before the link expires. Once redeemed, the data share becomes active and remains so indefinitely until you revoke access or it is deleted (deactivated) by the consumer.

Note

To use the CLI for Stream Sharing, you must have CLI v3. For more information, see: Migrate to Confluent CLI v3

To share topics with the Confluent CLI.

Sign in to Confluent Cloud with an administrator account.
```
confluent login
```

Use the invite command to create an invite, specifying the environment and cluster that contains the topic to share, and the topic name. You will also specify the email address for the user you want to share the data with.

confluent stream-share provider invite create --email some-person@confluent.io
--environment env-xyz123 --kafka-cluster lkc-10000 --topic users --schema-registry-subjects strings

Your response should resemble:

+----------------------------+----------------------------+
| ID                         | ss-3vpvd                   |
| Consumer Name              | some-person@confluent.io   |
| Consumer Organization Name |                            |
| Cloud                      | Another Person             |
| Status                     | INVITED                    |
| Delivery method            | Email                      |
| ServiceAccountId           |                            |
| SharedResourceId           |                            |
| Invited At                 | 2022-09-01 15:35:17.508228 |
|                            |                            |
| Redeemed At                |                            |
| Invite Expiration          | 2022-09-08 15:35:17.508228 |
+----------------------------+----------------------------+

To share data with the REST API for a schema-enabled cluster that includes a schema subject, send an HTTP POST call to the https://api.confluent.cloud/cdx/v1/provider-shares endpoint, specifying the environment, cluster, any schema subjects, and delivery method in a JSON payload.

POST /cdx/v1/provider-shares

{
   "delivery_method": "Email",
   "consumer_restriction": {
      "kind": "Email",
      "email": "user@example.com"
   },
   "resources": [
      "crn://confluent.cloud/environment=env-abc123/cloud-cluster=lkc-q55555/kafka=lkc-q55555/topic=users"
      "crn://confluent.cloud/environment=env-abc123/schema-registry=lsrc-12345/subject=users-value"
   ]
}

Schema subjects are optional but require a schema-enabled cluster.

Your response should resemble:

{
   "api_version": "v1",
   "cloud_cluster": {
      "environment": "env-abc123",
      "id": "lkc-q55555",
      "related": "",
      "resource_name": ""
   },
   "consumer_restriction": {
      "email": "user@example.com",
      "kind": "Email"
   },
   "consumer_user_name": "user@example.com",
   "delivery_method": "Email",
   "id": "ss-ex123",
   "invite_expires_at": "2023-01-31T00:39:07.626255Z",
   "invited_at": "2023-01-24T00:39:07.624591Z",
   "kind": "ProviderShare",
   "metadata": {
      "created_at": "2023-01-24T00:39:07.624591Z",
      "resource_name": "crn://confluent.cloud/organization=example-7abc-4abc-a123-123456789b19/environment=env-abc123/cloud-cluster=lkc-q55555/provider-share=ss-ex123",
      "self": "https://api.confluent.cloud/cdx/v1/provider-shares/ss-ex123",
      "updated_at": "2023-01-24T00:39:07.624591Z"
   },
   "provider_user": {
      "id": "u-q50gkd",
      "related": "",
      "resource_name": ""
   },
   "provider_user_name": "rogert",
   "service_account": {
      "id": "",
      "related": "",
      "resource_name": ""
   },
   "status": {
      "phase": "INVITED"
   }
}

Note

If you share a topic from a cluster on a Confluent Cloud network, you are providing the email recipient with details on how to connect to your private Confluent Cloud network.

List stream shares¶

List the streams you have shared with other users.

Sign in to Confluent Cloud with an administrator account.
From the navigation menu, select Stream shares.

The Stream shares page opens.
View the list of shared streams in Data shared by you.

To view a list of data streams you have shared:

Sign in to Confluent Cloud with an administrator account.
```
confluent login
```
List the shares with the list command.
```
confluent stream-share provider share list
```
Your response should resemble:

To list shared data with an API, perform an HTTP GET against the https://api.confluent.cloud/cdx/v1/provider-shares URI.

The request must also include an authorization header that contains the API key and secret, base-64 encoded. For more, see Authentication.

An example request to list the shared data:

GET /cdx/v1/provider-shares

Your response should resemble:

{
   "api_version": "v1",
   "data": [
      {
         "api_version": "v1",
         "cloud_cluster": {
            "environment": "env-abc123",
            "id": "lkc-q55555",
            "related": "",
            "resource_name": ""
         },
         "consumer_restriction": {
            "email": "user@example.com",
            "kind": "Email"
         },
         "consumer_user_name": "user@example.com",
         "delivery_method": "Email",
         "id": "ss-ex123",
         "invite_expires_at": "2023-01-31T00:39:07.626255Z",
         "invited_at": "2023-01-24T00:39:07.624591Z",
         "kind": "ProviderShare",
         "metadata": {
            "created_at": "2023-01-24T00:39:07.624591Z",
            "resource_name": "crn://confluent.cloud/organization=example-7abc-4abc-a123-123456789b19/environment=env-abc123/cloud-cluster=lkc-q55555/provider-share=ss-ex123",
            "self": "https://api.confluent.cloud/cdx/v1/provider-shares/ss-ex123",
            "updated_at": "2023-01-24T00:39:07.624591Z"
         },
         "provider_user": {
            "id": "u-q50gkd",
            "related": "",
            "resource_name": ""
         },
         "provider_user_name": "rogert",
         "service_account": {
            "id": "",
            "related": "",
            "resource_name": ""
         },
         "status": {
            "phase": "INVITED"
         }
      },
      {
         "api_version": "v1",
         "cloud_cluster": {
               "environment": "env-abc123",
               "id": "lkc-q55555",
               "related": "",
               "resource_name": ""
         },
         "consumer_restriction": {
               "email": "user@example.com",
               "kind": "Email"
         },
         "consumer_user_name": "user@example.com",
         "delivery_method": "Email",
         "id": "ss-exabc",
         "invite_expires_at": "2023-01-31T00:31:13.108718Z",
         "invited_at": "2023-01-24T00:31:13.106964Z",
         "kind": "ProviderShare",
         "metadata": {
               "created_at": "2023-01-24T00:31:13.106964Z",
               "resource_name": "crn://confluent.cloud/organization=example-7abc-4abc-a123-123456789b19/environment=env-abc123/cloud-cluster=lkc-q55555/provider-share=ss-exabc",
               "self": "https://api.confluent.cloud/cdx/v1/provider-shares/ss-exabc",
               "updated_at": "2023-01-24T00:31:13.106964Z"
         },
         "provider_user": {
               "id": "u-q50gkd",
               "related": "",
               "resource_name": ""
         },
         "provider_user_name": "rogert",
         "service_account": {
               "id": "",
               "related": "",
               "resource_name": ""
         },
         "status": {
               "phase": "INVITED"
         }
      },
   ],
   "kind": "ProviderShareList",
   "metadata": {}
}

Describe stream shares¶

You can annotate your shared data with a description, organization name and logo, schema for the data, and more using the Cloud Console or the REST API.

To annotate or modify shared data:

Sign in to Confluent Cloud with an administrator account.
From the navigation menu, select Stream shares.

The Stream shares page opens.
In Data shared by you, select the data that you want annotate or modify.

The shared topic details page appears.
From the shared topic details page, take one of the following actions:
- To edit share content, click Edit share content
- To add share content, click Add share content
Modify or add the following optional descriptive details:
- Display name
- Schema subjects
- Organization description
- Contact email
- Logo
Note

Shared data includes a topic description and any tags added to the topic. You can add or edit tags and the topic description from the topic details page.
Click Save to save your changes.

You can update or add information to a shared resource by making a PATCH call to the https://api.confluent.cloud/cdx/v1/provider-shared-resources/ URL, specifying the share you want to modify.

PATCH cdx/v1/provider-shared-resources/sr-12abc

{
   "resources": [
      "crn://confluent.cloud/environment=env-abc123/cloud-cluster=lkc-q55555/kafka=lkc-q55555/topic=user"
   ],
   "display_name": "Stock Trades",
   "organization_description": "ABC Corp is the biggest online retailer",
   "organization_contact": "jane.doe@example.com"
}

The response will resemble:

{
   "api_version": "v1",
   "cloud_cluster": {
      "environment": "env-abc123",
      "id": "lkc-q55555",
      "related": "",
      "resource_name": ""
   },
   "cluster_name": "cluster_1",
   "crn": "crn://confluent.cloud/organization=example-7abc-4abc-a123-123456789b19/environment=env-abc123/cloud-cluster=lkc-q55555/kafka=lkc-q55555/topic=user",
   "display_name": "Stock Trades",
   "environment_name": "test",
   "id": "sr-12abc",
   "kind": "ProviderSharedResource",
   "logo_url": "",
   "metadata": {
      "created_at": "2023-01-24T00:31:12.930903Z",
      "resource_name": "crn://confluent.cloud/organization=example-7abc-4abc-a123-123456789b19/environment=env-abc123/cloud-cluster=lkc-q55555/provider-shared-resource=sr-12abc",
      "self": "https://api.confluent.cloud/cdx/v1/provider-shared-resources/sr-12abc",
      "updated_at": "2023-01-24T00:31:13.103715Z"
   },
   "organization_contact": "jane.doe@example.com",
   "organization_description": "ABC Corp is the biggest online retailer",
   "organization_name": "Confluent",
   "resources": [
      "crn://confluent.cloud/organization=example-7abc-4abc-a123-123456789b19/environment=env-abc123/cloud-cluster=lkc-q55555/kafka=lkc-q55555/topic=user"
   ],
   "schemas": [],
   "tags": null
}

Provide Stream Shares from Confluent Cloud¶

Enable Stream Sharing¶

Stream shares¶

List stream shares¶

Revoke stream share access¶

Describe stream shares¶