blob: 0d65c931d6ae96af5de8091f93be35e38fccd378 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
syntax = "proto3";
package yandex.cloud.mdb.kafka.v1;
import "yandex/cloud/validation.proto";
option go_package = "github.com/yandex-cloud/go-genproto/yandex/cloud/mdb/kafka/v1;kafka";
option java_package = "yandex.cloud.api.mdb.kafka.v1";
// A Kafka user.
// For more information, see the [Operations -> Accounts](/docs/managed-kafka/operations/cluster-accounts) section of the documentation.
message User {
// Name of the Kafka user.
string name = 1;
// ID of the Apache Kafka® cluster the user belongs to.
//
// To get the Apache Kafka® cluster ID, make a [ClusterService.List] request.
string cluster_id = 2;
// Set of permissions granted to this user.
repeated Permission permissions = 3;
}
message UserSpec {
// Name of the Kafka user.
string name = 1 [
(required) = true,
(length) = "1-256",
(pattern) = "[a-zA-Z0-9_]*"
];
// Password of the Kafka user.
string password = 2 [
(required) = true,
(length) = "8-128"
];
// Set of permissions granted to the user.
repeated Permission permissions = 3;
}
message Permission {
reserved 3;
enum AccessRole {
ACCESS_ROLE_UNSPECIFIED = 0;
// Producer role for the user.
ACCESS_ROLE_PRODUCER = 1;
// Consumer role for the user.
ACCESS_ROLE_CONSUMER = 2;
// Admin role for the user.
ACCESS_ROLE_ADMIN = 3;
}
// Name or prefix-pattern with wildcard for the topic that the permission grants access to.
//
// To get the topic name, make a [TopicService.List] request.
string topic_name = 1;
// Access role type to grant to the user.
AccessRole role = 2;
// Lists hosts allowed for this permission.
// When not defined, access from any host is allowed.
//
// Bare in mind that the same host might appear in multiple permissions at the same time,
// hence removing individual permission doesn't automatically restricts access from the [allow_hosts] of the permission.
// If the same host(s) is listed for another permission of the same principal/topic, the host(s) remains allowed.
repeated string allow_hosts = 4;
}
|
