release_tracks: [GA, ALPHA, BETA] help_text: brief: | Create a Managed Service for Apache Kafka acl. description: | Create a Managed Service for Apache Kafka acl. examples: | To create an acl for the Kafka cluster resource pattern (acl ID = cluster), in a cluster named mycluster located in us-central1, run the following: $ {command} cluster \ --cluster=mycluster --location=us-central1 \ --acl-entry=principal='User:admin@project.iam.gserviceaccount.com',\ operation=ALL,permission-type=ALLOW,host='*' --acl-entry=principal='User:reader@project.iam.gserviceaccount.com',\ operation=DESCRIBE,permission-type=ALLOW,host='*' --acl-entry=principal='User:reader@project.iam.gserviceaccount.com',\ operation=DESCRIBE_CONFIGS,permission-type=ALLOW,host='*' This acl grants an "admin" service account access to ALL cluster-level operations, and grants a "reader" service account access to cluster-level DESCRIBE and DESCRIBE_CONFIGS operations. request: collection: managedkafka.projects.locations.clusters.acls arguments: resource: help_text: | Identifies the name of the acl that this command creates. The structure of the acl ID defines the Resource Pattern for which the acl entries apply in the Kafka cluster. The acl ID must be structured like one of the following: For acls on the cluster: cluster For acls on a single resource within the cluster: topic/{resource_name} consumerGroup/{resource_name} transactionalId/{resource_name} For acls on all resources that match a prefix: topicPrefixed/{resource_name} consumerGroupPrefixed/{resource_name} transactionalIdPrefixed/{resource_name} For acls on all resources of a given type (i.e. the wildcard literal "*"): allTopics (represents topic/*) allConsumerGroups (represents consumerGroup/*) allTransactionalIds (represents transactionalId/*) spec: !REF googlecloudsdk.command_lib.managed_kafka.resources:acl params: - group: mutex: true required: true params: - _REF_: googlecloudsdk.command_lib.managed_kafka.flags:acl-entry - _REF_: googlecloudsdk.command_lib.managed_kafka.flags:acl-entries-from-file