Page MenuHomeSoftware Heritage
Paste P1454

create kakfa user for swh-indexer-prod-01
ActivePublic

Authored by ardumont on Sep 15 2022, 5:19 PM.
root@getty:~# /usr/local/sbin/create_kafka_users_rocquencourt.sh --consumer-group-prefix "swh.indexer.journal_client." swh-indexer-prod-01
Creating user swh-indexer-prod-01, with unprivileged access to consumer group prefix swh.indexer.journal_client.
Password for user swh-indexer-prod-01:
Setting user credentials
Warning: --zookeeper is deprecated and will be removed in a future version of Kafka.
Use --bootstrap-server instead to specify a broker to connect to.
Completed updating config for entity: user-principal 'swh-indexer-prod-01'.
Granting access to topics swh.journal.objects. to swh-indexer-prod-01
Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name=swh.journal.objects., patternType=PREFIXED)`:
(principal=User:swh-indexer-prod-01, host=*, operation=READ, permissionType=ALLOW)
Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name=swh.journal.objects., patternType=PREFIXED)`:
(principal=User:swh-cassandra-replayer-prod, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-olasd, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-olasd, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-vse, host=*, operation=READ, permissionType=ALLOW)
(principal=User:snyk-prod-01, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-content-replayer-s3, host=*, operation=READ, permissionType=ALLOW)
(principal=User:enea-prod-01, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-seirl, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-douardda, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-seirl, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-provenance-mmca, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-cassandra-replayer-prod, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-vse, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-provenance-mmca, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:enea-prod-01, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-content-replayer-s3, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-anlambert-prod-01, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-provenance-met, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-vlorentz, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-douardda, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-provenance-met, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-anlambert-prod-01, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-vlorentz, host=*, operation=READ, permissionType=ALLOW)
(principal=User:snyk-prod-01, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-indexer-prod-01, host=*, operation=READ, permissionType=ALLOW)
Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name=swh.journal.objects., patternType=PREFIXED)`:
(principal=User:swh-indexer-prod-01, host=*, operation=DESCRIBE, permissionType=ALLOW)
Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name=swh.journal.objects., patternType=PREFIXED)`:
(principal=User:swh-cassandra-replayer-prod, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-olasd, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-olasd, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-vse, host=*, operation=READ, permissionType=ALLOW)
(principal=User:snyk-prod-01, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-content-replayer-s3, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-seirl, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-douardda, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-seirl, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-provenance-mmca, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-cassandra-replayer-prod, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-vse, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-provenance-mmca, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:enea-prod-01, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-content-replayer-s3, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-anlambert-prod-01, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-provenance-met, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-vlorentz, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-indexer-prod-01, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:enea-prod-01, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-douardda, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-provenance-met, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-anlambert-prod-01, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-vlorentz, host=*, operation=READ, permissionType=ALLOW)
(principal=User:snyk-prod-01, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-indexer-prod-01, host=*, operation=READ, permissionType=ALLOW)
Granting access to topics swh.journal.indexed. to swh-indexer-prod-01
Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name=swh.journal.indexed., patternType=PREFIXED)`:
(principal=User:swh-indexer-prod-01, host=*, operation=READ, permissionType=ALLOW)
Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name=swh.journal.indexed., patternType=PREFIXED)`:
(principal=User:swh-cassandra-replayer-prod, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-provenance-mmca, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:snyk-prod-01, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:enea-prod-01, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-douardda, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-provenance-mmca, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-cassandra-replayer-prod, host=*, operation=READ, permissionType=ALLOW)
(principal=User:enea-prod-01, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-anlambert-prod-01, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-provenance-met, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-vlorentz, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-douardda, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-provenance-met, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-anlambert-prod-01, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-vlorentz, host=*, operation=READ, permissionType=ALLOW)
(principal=User:snyk-prod-01, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-indexer-prod-01, host=*, operation=READ, permissionType=ALLOW)
Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name=swh.journal.indexed., patternType=PREFIXED)`:
(principal=User:swh-indexer-prod-01, host=*, operation=DESCRIBE, permissionType=ALLOW)
Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name=swh.journal.indexed., patternType=PREFIXED)`:
(principal=User:swh-cassandra-replayer-prod, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-provenance-mmca, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:snyk-prod-01, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-douardda, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-provenance-mmca, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-cassandra-replayer-prod, host=*, operation=READ, permissionType=ALLOW)
(principal=User:enea-prod-01, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-anlambert-prod-01, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-provenance-met, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-vlorentz, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-indexer-prod-01, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:enea-prod-01, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-douardda, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-provenance-met, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User:swh-anlambert-prod-01, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-vlorentz, host=*, operation=READ, permissionType=ALLOW)
(principal=User:snyk-prod-01, host=*, operation=READ, permissionType=ALLOW)
(principal=User:swh-indexer-prod-01, host=*, operation=READ, permissionType=ALLOW)
Granting access to consumer group prefix swh.indexer.journal_client. to swh-indexer-prod-01
Adding ACLs for resource `ResourcePattern(resourceType=GROUP, name=swh.indexer.journal_client., patternType=PREFIXED)`:
(principal=User:swh-indexer-prod-01, host=*, operation=READ, permissionType=ALLOW)
Current ACLs for resource `ResourcePattern(resourceType=GROUP, name=swh.indexer.journal_client., patternType=PREFIXED)`:
(principal=User:swh-indexer-prod-01, host=*, operation=READ, permissionType=ALLOW)

Event Timeline

Actually, we must avoid overriding the consumer group id prefix so more like this:

/usr/local/sbin/create_kafka_users_rocquencourt.sh swh-indexer-prod-01