Yes, I am running it from the command line. Zookeeper has *com.domain.xyz.** under /kafka-acl node. So it looks like it's being added correctly. I actually allowed some time for ACL propagation to the Kafka brokers.
On Mon, Sep 5, 2016 at 11:42 AM, Tom Crayford <tcrayf...@heroku.com> wrote: > if you're running that at a bash or similar shell, you need to quote the > "*" so that bash doesn't expand it as a glob: > > ./kafka-acls.sh --authorizer-properties zookeeper.connect=<connection-str> > --add --allow-principal User:"user01" --topic 'com.domain.xyz.*' --group > group01 --operation read > > It may be instructive to look at what data is in zookeeper for the acls to > debug this. > > On Mon, Sep 5, 2016 at 7:38 PM, Derar Alassi <derar.ala...@gmail.com> > wrote: > > > Hi all, > > > > Although the documentation mentions that one can use wildcards with topic > > ACLs, I couldn't get that to work. Essentially, I want to set an Allow > > Read/Write ACL on topics com.domain.xyz.* to a certain user. This would > > give this user Read/Write access to topics com.domain.xyz.abc and > > com.domain.xyz.def . > > > > I set an ACL using this command: > > ./kafka-acls.sh --authorizer-properties zookeeper.connect=<connection- > str> > > --add --allow-principal User:"user01" --topic com.domain.xyz.* --group > > group01 --operation read > > > > When I try to consume from the topic com.domain.xyz.abc using the same > > user ID and group, I get NOT_AUTHORIZED error. > > > > Anything I am missing? > > > > Thanks, > > Derar > > >
