Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to create kafka-acl at Cluster level for Confluent Cloud #81

Open
kanthi-hpfc opened this issue May 14, 2021 · 4 comments
Open

Unable to create kafka-acl at Cluster level for Confluent Cloud #81

kanthi-hpfc opened this issue May 14, 2021 · 4 comments

Comments

@kanthi-hpfc
Copy link

kanthi-hpfc commented May 14, 2021
edited by Mongey
Loading

Hi,

I tried to create a Cluster level Acl, using the following instructions:

terraform {
  required_version = "> 0.13"
  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
      version = "2.58.0"
    }
    confluentcloud = {
      source = "Mongey/confluentcloud"
    }
    kafka = {
      source  = "Mongey/kafka"
      version = "0.3.3"
    }
  }

################################-Confluent Cloud Provider##############################
provider "confluentcloud" {
  username = var.CCLOUD_USER
  password = var.CCLOUD_PASSWORD
}

#######################API Key  And service Account###############################################
resource "confluentcloud_api_key" "dest_api_admin_access" {
  cluster_id     = var.DEST_CLUSTER_ID
  environment_id = var.DEST_ENVIRONMENT_ID
}

resource "confluentcloud_service_account" "replicatorServiceAccount" {
  name           = var.SERVICE_ACCOUNT_NAME
  description    = "Replicator Test Service Account"
}

#####################################################################################
provider "kafka" {
  alias = "dest_cluster"
  bootstrap_servers = var.DEST_BOOTSTRAP_SERVERS

  tls_enabled    = true
  sasl_username  = confluentcloud_api_key.dest_api_admin_access.key
  sasl_password  = confluentcloud_api_key.dest_api_admin_access.secret
  sasl_mechanism = "plain"
  timeout        = 10
}
####################################################################################

resource "kafka_acl" "LicenTopicAcl-Cluster-Create" {
  provider            = kafka.dest_cluster
  resource_name       = var.DEST_CLUSTER_ID
  resource_type       = "Cluster"
  acl_principal       = format("User:%d", confluentcloud_service_account.replicatorServiceAccount.id)
  acl_host            = "*"
  acl_operation       = "Create"
  acl_permission_type = "Allow" 
}

For the resource name neither the Cluster Id nor the Cluster Name worked.
I get the following exception:

Error: kafka server: This most likely occurs because of a request being malformed by the client library or the message was sent to an incompatible broker. See the broker logs for more details.

│ with kafka_acl.LicenTopicAcl-Cluster-Create,
│ on license-topic-acls.tf line 48, in resource "kafka_acl" "LicenTopicAcl-Cluster-Create":
│ 48: resource "kafka_acl" "LicenTopicAcl-Cluster-Create" {

Can you please confirm what is wrong in the format of the message?
@cvdv87
Copy link

cvdv87 commented Jun 22, 2021

Bug confirmed, hereby the debug log:

values removed for security reasons.

2021/06/22 09:37:43 [WARN] Provider "registry.terraform.io/mongey/kafka" produced an invalid plan for kafka_acl.test_acl_cluster, but we are tolerating it because it is using the legacy plugin SDK.
The following problems may be the cause of any confusing errors from downstream operations:
- .resource_pattern_type_filter: planned value cty.StringVal("Literal") does not match config value cty.NullVal(cty.String)
kafka_acl.test_acl_cluster: Creating...
2021/06/22 09:37:43 [DEBUG] EvalApply: ProviderMeta config value set
2021/06/22 09:37:43 [DEBUG] kafka_acl.test_acl_cluster: applying the planned Create change
2021-06-22T09:37:43.715+0200 [DEBUG] plugin.terraform-provider-kafka_v0.2.11: 2021/06/22 09:37:43 [INFO] Creating ACL User:|*|Alter|Allow|Cluster||Literal
2021-06-22T09:37:43.715+0200 [DEBUG] plugin.terraform-provider-kafka_v0.2.11: 2021/06/22 09:37:43 [INFO] configuring bootstrap_servers {0xc000560940 10 ***** ***** true false ***** plain}
2021-06-22T09:37:43.715+0200 [DEBUG] plugin.terraform-provider-kafka_v0.2.11: 2021/06/22 09:37:43 [WARN] no CA file set skipping
2021-06-22T09:37:44.544+0200 [DEBUG] plugin.terraform-provider-kafka_v0.2.11: 2021/06/22 09:37:44 [DEBUG] retrieving supported APIs from broker: &[aws.confluent.cloud:9092]
2021-06-22T09:37:45.105+0200 [WARN] plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2021-06-22T09:37:45.107+0200 [DEBUG] plugin: plugin process exited: path=.terraform/providers/registry.terraform.io/mongey/confluentcloud/0.0.10/darwin_amd64/terraform-provider-confluentcloud_v0.0.10 pid=18657
2021-06-22T09:37:45.107+0200 [DEBUG] plugin: plugin exited

@bedzinsk
Copy link

I think the problem is at resource_type must be "kafka-cluster". There is an issue with resolution under terraform-provider-kafka Mongey/terraform-provider-kafka#155

@kanthi-hpfc
Copy link
Author

That means we really cannot use it for confluent cloud right until that issue is resolved. For confluent cloud, we will want to give cluster level access to a specific named cluster

@Islam-Alii
Copy link

I think here
resource_name = var.DEST_CLUSTER_ID
you've to provide the Cluster Name not ID

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cvdv87 @Islam-Alii @bedzinsk @kanthi-hpfc