novafarma/gcloud auth application-default login/google-cloud-sdk/lib/surface/managed_kafka/acls/create.yaml

release_tracks: [GA, ALPHA, BETA]

help_text:
  brief: |
    Create a Managed Service for Apache Kafka acl.
  description: |
    Create a Managed Service for Apache Kafka acl.

  examples: |
    To create an acl for the Kafka cluster resource pattern (acl ID = cluster),
    in a cluster named mycluster located in us-central1, run the following:

        $ {command} cluster \
            --cluster=mycluster --location=us-central1 \
            --acl-entry=principal='User:admin@project.iam.gserviceaccount.com',\
              operation=ALL,permission-type=ALLOW,host='*'
            --acl-entry=principal='User:reader@project.iam.gserviceaccount.com',\
              operation=DESCRIBE,permission-type=ALLOW,host='*'
            --acl-entry=principal='User:reader@project.iam.gserviceaccount.com',\
              operation=DESCRIBE_CONFIGS,permission-type=ALLOW,host='*'

    This acl grants an "admin" service account access to ALL cluster-level
    operations, and grants a "reader" service account access to cluster-level
    DESCRIBE and DESCRIBE_CONFIGS operations.

request:
  collection: managedkafka.projects.locations.clusters.acls

arguments:
  resource:
    help_text: |
      Identifies the name of the acl that this command creates.

      The structure of the acl ID defines the Resource Pattern for which the
      acl entries apply in the Kafka cluster. The acl ID must be structured
      like one of the following:

        For acls on the cluster:
          cluster

        For acls on a single resource within the cluster:
          topic/{resource_name}
          consumerGroup/{resource_name}
          transactionalId/{resource_name}

        For acls on all resources that match a prefix:
          topicPrefixed/{resource_name}
          consumerGroupPrefixed/{resource_name}
          transactionalIdPrefixed/{resource_name}

        For acls on all resources of a given type (i.e. the wildcard literal "*"):
          allTopics (represents topic/*)
          allConsumerGroups (represents consumerGroup/*)
          allTransactionalIds (represents transactionalId/*)
    spec: !REF googlecloudsdk.command_lib.managed_kafka.resources:acl

  params:
  - group:
      mutex: true
      required: true
      params:
      - _REF_: googlecloudsdk.command_lib.managed_kafka.flags:acl-entry
      - _REF_: googlecloudsdk.command_lib.managed_kafka.flags:acl-entries-from-file