重要
このページの日本語コンテンツは古くなっている可能性があります。最新の英語版コンテンツをご覧になるには、こちらをクリックしてください。
監査可能な認証イベントと認可イベント¶
Confluent Cloud の監査ログには、認証アクションと認可アクションにおける監査可能イベントのレコードが含まれています。監査可能イベントが発生すると、監査ログにメッセージが送信され、監査ログレコードとして保存されます。
ロールベースアクセス制御(RBAC)¶
ここでは、(Metadata Service(MDS)内の)ロールベースアクセス制御(RBAC)認可に関する監査可能イベントメッセージを生成するアクションまたは操作について説明します。サービスアカウントの詳細については、「サービスアカウント」を参照してください。
| メソッド名 | 監査可能イベントメッセージをトリガーするアクション |
|---|---|
mds.Authorize (例) |
RBAC 認可がチェックされている。 |
例¶
mds.Authorize¶
Kafka クラスターを作成する認可
{
"data": {
"serviceName": "crn://confluent.cloud/",
"methodName": "mds.Authorize",
"resourceName": "crn://confluent.cloud/organization=1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d/environment=env-1ab2c",
"authenticationInfo": {
"principal": "User:u-1abc2d"
},
"authorizationInfo": {
"granted": true,
"operation": "CreateCloudCluster",
"resourceType": "Environment",
"resourceName": "environment",
"patternType": "LITERAL",
"rbacAuthorization": {
"role": "OrganizationAdmin",
"scope": {
"outerScope": [
"organization=1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d"
],
"clusters": {}
}
}
},
"id": "f07bdde7-c633-41c9-abab-5ff3539e9967",
"source": "crn://confluent.cloud/",
"specversion": "1.0",
"type": "io.confluent.kafka.server/authorization",
"datacontenttype": "application/json",
"subject": "crn://confluent.cloud/organization=1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d/environment=env-1ab2c",
"time": "2021-06-07T18:49:40.331Z"
}
API キーを作成する認可
{
"data": {
"serviceName": "crn://confluent.cloud/",
"methodName": "mds.Authorize",
"resourceName": "crn://confluent.cloud/organization=1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d/cloud-api-key=%2A",
"authenticationInfo": {
"principal": "User:u-1abc2d"
},
"authorizationInfo": {
"granted": true,
"operation": "Create",
"resourceType": "CloudApiKey",
"resourceName": "*",
"patternType": "LITERAL",
"rbacAuthorization": {
"role": "OrganizationAdmin",
"scope": {
"outerScope": [
"organization=1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d"
],
"clusters": {}
}
}
},
"id": "87d5f2fe-b642-48e2-95cc-fafe87160288",
"source": "crn://confluent.cloud/",
"specversion": "1.0",
"type": "io.confluent.kafka.server/authorization",
"datacontenttype": "application/json",
"subject": "crn://confluent.cloud/organization=1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d/cloud-api-key=%2A",
"time": "2021-06-07T18:57:09.348Z"
}
API キーを削除する認可
{
"data": {
"serviceName": "crn://confluent.cloud/",
"methodName": "mds.Authorize",
"resourceName": "crn://confluent.cloud/organization=1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d/cloud-api-key=238661",
"authenticationInfo": {
"principal": "User:u-4vmx7p"
},
"authorizationInfo": {
"granted": true,
"operation": "Delete",
"resourceType": "CloudApiKey",
"resourceName": "238661",
"patternType": "LITERAL",
"rbacAuthorization": {
"role": "OrganizationAdmin",
"scope": {
"outerScope": [
"organization=1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d"
],
"clusters": {}
}
}
},
"id": "20441c90-7d42-428c-a52e-40f6d1d46c59",
"source": "crn://confluent.cloud/",
"specversion": "1.0",
"type": "io.confluent.kafka.server/authorization",
"datacontenttype": "application/json",
"subject": "crn://confluent.cloud/organization=1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d/cloud-api-key=238661",
"time": "2021-06-07T18:54:30.928Z"
}
請求情報をアップデートする認可
{
"data": {
"serviceName": "crn://confluent.cloud/",
"methodName": "mds.Authorize",
"resourceName": "crn://confluent.cloud/organization=1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d/billing=payment-info",
"authenticationInfo": {
"principal": "User:u-c1mv02"
},
"authorizationInfo": {
"granted": true,
"operation": "Alter",
"resourceType": "Billing",
"resourceName": "payment-info",
"patternType": "LITERAL",
"rbacAuthorization": {
"role": "OrganizationAdmin",
"scope": {
"outerScope": [
"organization=1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d"
],
"clusters": {}
}
}
},
"id": "08503aa2-e712-436b-ad8e-5fb7f46e99b5",
"source": "crn://confluent.cloud/",
"specversion": "1.0",
"type": "io.confluent.kafka.server/authorization",
"datacontenttype": "application/json",
"subject": "crn://confluent.cloud/organization=1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d/billing=payment-info",
"time": "2021-06-15T02:21:41.251Z"
}
RBAC ロールバインディングを作成する認可
{
"data": {
"serviceName": "crn://confluent.cloud/",
"methodName": "mds.Authorize",
"resourceName": "crn://confluent.cloud/organization=1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d/environment=env-j123c/cloud-cluster=lkc-abc12/security-metadata=security-metadata",
"authenticationInfo": {
"principal": "User:u-a1bc23"
},
"authorizationInfo": {
"granted": true,
"operation": "Alter",
"resourceType": "SecurityMetadata",
"resourceName": "security-metadata",
"patternType": "LITERAL",
"rbacAuthorization": {
"role": "OrganizationAdmin",
"scope": {
"outerScope": [
"organization=1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d"
],
"clusters": {}
}
}
},
"id": "cc4f82c9-4794-4cb6-a2ad-d4d9a38a4ab1",
"source": "crn://confluent.cloud/",
"specversion": "1.0",
"type": "io.confluent.kafka.server/authorization",
"datacontenttype": "application/json",
"subject": "crn://confluent.cloud/organization=1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d/environment=env-j123c/cloud-cluster=lkc-abc12/security-metadata=security-metadata",
"time": "2021-06-15T02:28:03.769Z"
}
Kafka のアクション¶
ここでは、Kafka クラスターに関する監査可能イベントメッセージを生成するアクションまたは操作について説明します。クラスターの詳細については、「Confluent Cloud クラスター」を参照してください。
kafka.Authentication を除き、次のメソッドは Kafka データプレーン認可イベントです。
| メソッド名 | 監査可能イベントメッセージをトリガーするアクション |
|---|---|
kafka.AlterConfigs (例) |
Kafka 構成が変更またはアップデートされている。 |
kafka.AlterMirrors (例) |
このクラスターの クラスターリンク に存在するミラートピックのプロパティが変更されている。 |
kafka.Authentication (例) |
クライアントが API キーまたはトークンを使用して Kafka クラスターに接続した。 |
kafka.CreateAcls (例) |
Kafka ブローカーの ACL が作成されている。 |
kafka.CreateClusterLinks (例) |
このクラスターと別のクラスターとの間でクラスターリンクが作成されている。 |
kafka.CreatePartitions (例) |
パーティションがトピックに追加されている。 |
kafka.CreateTopics (例) |
トピックが作成されている。 |
kafka.DeleteAcls (例) |
Kafka ブローカーの ACL が削除されている。 |
kafka.DeleteClusterLinks (例) |
クラスターリンクが削除されている。 |
kafka.DeleteGroups (例) |
Kafka コンシューマーグループが削除されている。 |
kafka.DeleteRecords (例) |
Kafka レコードが削除されている。一般に、ksqlDB の内部トピックの再パーティション化で見られます。 |
kafka.DeleteTopics (例) |
Kafka トピックが削除されている。 |
kafka.IncrementalAlterConfigs (例) |
Kafka ブローカーの動的構成が変更されている。 |
kafka.OffsetDelete (例) |
コンシューマーグループ内のパーティションについてコミット済みのオフセットが削除されている。 |
認証イベント¶
例¶
kafka.Authentication¶
API キーを使用した Kafka クラスターへの認証 – 成功
{
"type": "io.confluent.kafka.server/authentication",
"data": {
"methodName": "kafka.Authentication",
"serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"authenticationInfo": {
"principal": "User:123456",
"metadata": {
"mechanism": "SASL_SSL/PLAIN",
"identifier": "MAIDSRFG53RXYTKR"
}
},
"result": {
"status": "SUCCESS",
"message": ""
}
},
"id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
"time": "2021-01-01T12:34:56.789Z",
"datacontenttype": "application/json",
"source": "crn://confluent.cloud/kafka=lkc-a1b2c",
"subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
"specversion": "1.0"
}
API キーを使用した Kafka クラスターへの認証 – 失敗
エラーメッセージ: "Bad password for user MAIDSRFG53RXYTKR"
{
"type": "io.confluent.kafka.server/authentication",
"data": {
"methodName": "kafka.Authentication",
"serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"authenticationInfo": {
"principal": "User:123456",
"metadata": {
"mechanism": "SASL_SSL/PLAIN",
"identifier": "MAIDSRFG53RXYTKR"
}
},
"result": {
"status": "UNAUTHENTICATED",
"message": "Bad password for user MAIDSRFG53RXYTKR"
}
},
"id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
"time": "2021-01-01T12:34:56.789Z",
"datacontenttype": "application/json",
"source": "crn://confluent.cloud/kafka=lkc-a1b2c",
"subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
"specversion": "1.0"
}
対話型トークンを使用した Kafka クラスターへの認証 – 成功
{
"type": "io.confluent.kafka.server/authentication",
"data": {
"methodName": "kafka.Authentication",
"serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"authenticationInfo": {
"principal": "User:123456",
"metadata": {
"mechanism": "SASL_SSL/OAUTHBEARER",
"identifier": "123456"
}
},
"result": {
"status": "SUCCESS",
"message": ""
}
},
"id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
"time": "2021-01-01T12:34:56.789Z",
"datacontenttype": "application/json",
"source": "crn://confluent.cloud/kafka=lkc-a1b2c",
"subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
"specversion": "1.0"
}
対話型トークンを使用した Kafka クラスターへの認証 – 失敗
エラーメッセージ: "The principal 654321's logical cluster lkc-a1b2c is not hosted on this broker."
{
"type": "io.confluent.kafka.server/authentication",
"data": {
"methodName": "kafka.Authentication",
"serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"authenticationInfo": {
"principal": "None:UNKNOWN_USER",
"metadata": {
"mechanism": "SASL_SSL/OAUTHBEARER",
"identifier": "654321"
}
},
"result": {
"status": "UNAUTHENTICATED",
"message": "The principal 654321's logical cluster lkc-a1b2c is not hosted on this broker."
}
},
"id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
"time": "2021-01-01T12:34:56.789Z",
"datacontenttype": "application/json",
"source": "crn://confluent.cloud/kafka=lkc-a1b2c",
"subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
"specversion": "1.0"
}
認可イベント¶
例¶
kafka.AlterConfigs¶
トピック構成を変更する認可の付与
{
"type": "io.confluent.kafka.server/authorization",
"data": {
"methodName": "kafka.AlterConfigs",
"serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c/topic=departures",
"authenticationInfo": {
"principal": "User:123456"
},
"authorizationInfo": {
"granted": true,
"operation": "AlterConfigs",
"resourceType": "Topic",
"resourceName": "departures",
"patternType": "LITERAL",
"superUserAuthorization": true
},
"request": {
"correlationId": "123",
"clientId": "adminclient-42"
}
},
"id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
"time": "2021-01-01T12:34:56.789Z",
"datacontenttype": "application/json",
"source": "crn://confluent.cloud/kafka=lkc-a1b2c",
"subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
"specversion": "1.0"
}
kafka.AlterMirrors¶
クラスターリンクトピックのプロパティを変更する認可の付与
{
"type": "io.confluent.kafka.server/authorization",
"data": {
"methodName": "kafka.AlterMirrors",
"serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c/topic=departures",
"authenticationInfo": {
"principal": "User:123456"
},
"authorizationInfo": {
"granted": true,
"operation": "Alter",
"resourceType": "Topic",
"resourceName": "departures",
"patternType": "LITERAL",
"superUserAuthorization": true
},
"request": {
"correlationId": "123",
"clientId": "adminclient-42"
}
},
"id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
"time": "2021-01-01T12:34:56.789Z",
"datacontenttype": "application/json",
"source": "crn://confluent.cloud/kafka=lkc-a1b2c",
"subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
"specversion": "1.0"
}
kafka.CreateAcls¶
Kafka クラスターで ACL ルールを作成する認可の付与
{
"type": "io.confluent.kafka.server/authorization",
"data": {
"methodName": "kafka.CreateAcls",
"serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"authenticationInfo": {
"principal": "User:123456"
},
"authorizationInfo": {
"granted": true,
"operation": "Alter",
"resourceType": "Cluster",
"resourceName": "kafka-cluster",
"patternType": "LITERAL",
"superUserAuthorization": true
},
"request": {
"correlationId": "123",
"clientId": "adminclient-42"
}
},
"id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
"time": "2021-01-01T12:34:56.789Z",
"datacontenttype": "application/json",
"source": "crn://confluent.cloud/kafka=lkc-a1b2c",
"subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
"specversion": "1.0"
}
kafka.CreateClusterLinks¶
クラスターリンクを作成する認可の付与
{
"type": "io.confluent.kafka.server/authorization",
"data": {
"methodName": "kafka.CreateClusterLinks",
"serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"authenticationInfo": {
"principal": "User:123456"
},
"authorizationInfo": {
"granted": true,
"operation": "Alter",
"resourceType": "Cluster",
"resourceName": "kafka-cluster",
"patternType": "LITERAL",
"superUserAuthorization": true
},
"request": {
"correlationId": "123",
"clientId": "adminclient-42"
}
},
"id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
"time": "2021-01-01T12:34:56.789Z",
"datacontenttype": "application/json",
"source": "crn://confluent.cloud/kafka=lkc-a1b2c",
"subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
"specversion": "1.0"
}
kafka.CreatePartitions¶
トピックにパーティションを追加する認可の付与の禁止
{
"type": "io.confluent.kafka.server/authorization",
"data": {
"methodName": "kafka.CreatePartitions",
"serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c/topic=departures",
"authenticationInfo": {
"principal": "User:123456"
},
"authorizationInfo": {
"granted": false,
"operation": "Alter",
"resourceType": "Topic",
"resourceName": "departures",
"patternType": "LITERAL",
"superUserAuthorization": false
},
"request": {
"correlationId": "123",
"clientId": "adminclient-42"
}
},
"id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
"time": "2021-01-01T12:34:56.789Z",
"datacontenttype": "application/json",
"source": "crn://confluent.cloud/kafka=lkc-a1b2c",
"subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
"specversion": "1.0"
}
kafka.CreateTopics¶
Kafka クラスターで任意のトピックを作成する認可の付与
{
"type": "io.confluent.kafka.server/authorization",
"data": {
"methodName": "kafka.CreateTopics",
"serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"authenticationInfo": {
"principal": "User:123456"
},
"authorizationInfo": {
"granted": true,
"operation": "Create",
"resourceType": "Cluster",
"resourceName": "kafka-cluster",
"patternType": "LITERAL",
"superUserAuthorization": true
},
"request": {
"correlationId": "123",
"clientId": "adminclient-42"
}
},
"id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
"time": "2021-01-01T12:34:56.789Z",
"datacontenttype": "application/json",
"source": "crn://confluent.cloud/kafka=lkc-a1b2c",
"subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
"specversion": "1.0"
}
特定のトピックを作成する認可の付与
{
"type": "io.confluent.kafka.server/authorization",
"data": {
"serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"methodName": "kafka.CreateTopics",
"resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c/topic=departures",
"authenticationInfo": {
"principal": "User:123456"
},
"authorizationInfo": {
"granted": true,
"operation": "DescribeConfigs",
"resourceType": "Topic",
"resourceName": "departures",
"patternType": "LITERAL",
"superUserAuthorization": true
},
"request": {
"correlationId": "123",
"clientId": "adminclient-42"
}
},
"id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
"time": "2021-01-01T12:34:56.789Z",
"datacontenttype": "application/json",
"source": "crn://confluent.cloud/kafka=lkc-a1b2c",
"subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
"specversion": "1.0"
}
特定のトピックを作成する認可の付与の禁止
{
"type": "io.confluent.kafka.server/authorization",
"data": {
"methodName": "kafka.CreateTopics",
"serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c/topic=departures",
"authenticationInfo": {
"principal": "User:123456"
},
"authorizationInfo": {
"granted": false,
"operation": "Create",
"resourceType": "Topic",
"resourceName": "departures",
"patternType": "LITERAL",
"superUserAuthorization": false
},
"request": {
"correlationId": "123",
"clientId": "adminclient-42"
}
},
"id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
"time": "2021-01-01T12:34:56.789Z",
"datacontenttype": "application/json",
"source": "crn://confluent.cloud/kafka=lkc-a1b2c",
"subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
"specversion": "1.0"
}
kafka.DeleteAcls¶
Kafka クラスターから ACL ルールを削除する認可の付与
{
"type": "io.confluent.kafka.server/authorization",
"data": {
"serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"methodName": "kafka.DeleteAcls",
"resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"authenticationInfo": {
"principal": "User:123456"
},
"authorizationInfo": {
"granted": true,
"operation": "Alter",
"resourceType": "Cluster",
"resourceName": "kafka-cluster",
"patternType": "LITERAL",
"superUserAuthorization": true
},
"request": {
"correlationId": "123",
"clientId": "adminclient-42"
}
},
"id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
"time": "2021-01-01T12:34:56.789Z",
"datacontenttype": "application/json",
"source": "crn://confluent.cloud/kafka=lkc-a1b2c",
"subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
"specversion": "1.0"
}
kafka.DeleteClusterLinks¶
クラスターリンクを削除する認可の付与
{
"type": "io.confluent.kafka.server/authorization",
"data": {
"methodName": "kafka.DeleteClusterLinks",
"serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"authenticationInfo": {
"principal": "User:123456"
},
"authorizationInfo": {
"granted": true,
"operation": "Alter",
"resourceType": "Cluster",
"resourceName": "kafka-cluster",
"patternType": "LITERAL",
"superUserAuthorization": true
},
"request": {
"correlationId": "123",
"clientId": "adminclient-42"
}
},
"id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
"time": "2021-01-01T12:34:56.789Z",
"datacontenttype": "application/json",
"source": "crn://confluent.cloud/kafka=lkc-a1b2c",
"subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
"specversion": "1.0"
}
kafka.DeleteGroups¶
コンシューマーグループを削除する認可の付与
{
"type": "io.confluent.kafka.server/authorization",
"data": {
"methodName": "kafka.DeleteGroups",
"serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c/group=delivery-estimator",
"authenticationInfo": {
"principal": "User:123456"
},
"authorizationInfo": {
"granted": true,
"operation": "Delete",
"resourceType": "Group",
"resourceName": "delivery-estimator",
"patternType": "LITERAL",
"superUserAuthorization": false,
"aclAuthorization": {
"host": "*",
"permissionType": "ALLOW"
}
},
"request": {
"correlationId": "123",
"clientId": "adminclient-42"
}
},
"id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
"time": "2021-01-01T12:34:56.789Z",
"datacontenttype": "application/json",
"source": "crn://confluent.cloud/kafka=lkc-a1b2c",
"subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
"specversion": "1.0"
}
kafka.DeleteRecords¶
トピックからレコードを削除する認可の付与
{
"type": "io.confluent.kafka.server/authorization",
"data": {
"methodName": "kafka.DeleteRecords",
"serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c/topic=foo-KSTREAM-REPARTITION-0000000016-repartition",
"authenticationInfo": {
"principal": "User:123456"
},
"authorizationInfo": {
"granted": true,
"operation": "Delete",
"resourceType": "Topic",
"resourceName": "foo-KSTREAM-REPARTITION-0000000016-repartition",
"patternType": "LITERAL",
"superUserAuthorization": true
},
"request": {
"correlationId": "123",
"clientId": "adminclient-42"
}
},
"id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
"time": "2021-01-01T12:34:56.789Z",
"datacontenttype": "application/json",
"source": "crn://confluent.cloud/kafka=lkc-a1b2c",
"subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
"specversion": "1.0"
}
kafka.DeleteTopics¶
トピックを削除する認可の、プレフィックスの一致に基づく付与
{
"type": "io.confluent.kafka.server/authorization",
"data": {
"methodName": "kafka.DeleteTopics",
"serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c/topic=departures-2021-01-01",
"authenticationInfo": {
"principal": "User:123456"
},
"authorizationInfo": {
"granted": true,
"operation": "Delete",
"resourceType": "Topic",
"resourceName": "departures-",
"patternType": "PREFIX",
"superUserAuthorization": false,
"aclAuthorization": {
"permissionType": "ALLOW",
"host": "*"
}
},
"request": {
"correlationId": "123",
"clientId": "adminclient-42"
}
},
"id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
"time": "2021-01-01T12:34:56.789Z",
"datacontenttype": "application/json",
"source": "crn://confluent.cloud/kafka=lkc-a1b2c",
"subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
"specversion": "1.0"
}
kafka.IncrementalAlterConfigs¶
クラスター構成を変更する認可の、スーパーユーザーに基づく付与
{
"type": "io.confluent.kafka.server/authorization",
"data": {
"methodName": "kafka.IncrementalAlterConfigs",
"serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"authenticationInfo": {
"principal": "User:123456"
},
"authorizationInfo": {
"granted": true,
"operation": "AlterConfigs",
"resourceType": "Cluster",
"resourceName": "kafka-cluster",
"patternType": "LITERAL",
"superUserAuthorization": true
},
"request": {
"correlationId": "123",
"clientId": "adminclient-42"
}
},
"id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
"time": "2021-01-01T12:34:56.789Z",
"datacontenttype": "application/json",
"source": "crn://confluent.cloud/kafka=lkc-a1b2c",
"subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
"specversion": "1.0"
}
トピック構成を変更する認可の、ACL に基づく付与
{
"type": "io.confluent.kafka.server/authorization",
"data": {
"methodName": "kafka.IncrementalAlterConfigs",
"serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c/topic=departures",
"authenticationInfo": {
"principal": "User:123456"
},
"authorizationInfo": {
"granted": true,
"operation": "AlterConfigs",
"resourceType": "Topic",
"resourceName": "departures",
"patternType": "LITERAL",
"superUserAuthorization": false,
"aclAuthorization": {
"permissionType": "ALLOW",
"host": "*"
}
},
"request": {
"correlationId": "123",
"clientId": "adminclient-42"
}
},
"id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
"time": "2021-01-01T12:34:56.789Z",
"datacontenttype": "application/json",
"source": "crn://confluent.cloud/kafka=lkc-a1b2c",
"subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
"specversion": "1.0"
}
kafka.OffsetDelete¶
コンシューマーグループのオフセットを削除する認可の付与の禁止
{
"type": "io.confluent.kafka.server/authorization",
"data": {
"methodName": "kafka.OffsetDelete",
"serviceName": "crn://confluent.cloud/kafka=lkc-a1b2c",
"resourceName": "crn://confluent.cloud/kafka=lkc-a1b2c/group=delivery-estimator",
"authenticationInfo": {
"principal": "User:123456"
},
"authorizationInfo": {
"granted": false,
"operation": "Delete",
"resourceType": "Group",
"resourceName": "delivery-estimator",
"patternType": "LITERAL",
"superUserAuthorization": false
},
"request": {
"correlationId": "123",
"clientId": "adminclient-42"
}
}
},
"id": "fc0f727d-899a-4a22-ad8b-a866871a9d37",
"time": "2021-01-01T12:34:56.789Z",
"datacontenttype": "application/json",
"source": "crn://confluent.cloud/kafka=lkc-a1b2c",
"subject": "crn://confluent.cloud/kafka=lkc-a2b2c",
"specversion": "1.0"
}