1

I have an application that communicates with Kafka using the C# (.NET 6) Confluent.Kafka library. It's part of a larger platform that's mostly written in Java. On the Java side org.apache.kafka.AdminClient provides ACLOperations classes to manage ACLs on the topics, but I have not been able to find something similar on the C# side.

I've been looking through the docs for Confluent.Kafka, but I don't find anything about adding or deleting ACLs. Is this even possible? EDIT: After digging in, I know that Confluent.Kafka is a wrapper for librdkafka, which only has support for manipulating ACLS in the RC releases. Is there another library (which would need to be open source and redistributable) that could be used for this?

Jason
  • 121
  • 8
  • Overall, I'd suggest mantaining this outside of any language specific platform. For example - https://github.com/conduktor/kafka-security-manager#kafka-security-manager – OneCricketeer Feb 22 '22 at 23:37
  • This is a microservice that's part of a larger appliance. Kafka topic creation, including ACLs are managed by the microservice apps that join the platform that create their own topics. Adding a UI and forcing manual management isn't going to work for me. – Jason Feb 23 '22 at 00:31
  • The UI component is optional, AFAIK. My point is that you should maintain your ACL list as part of a separate application. Ideally, an independent, centralized location such as a Git repo like that project uses. And that application could be Java based instead, where you have access to the necessary API calls. Primarily, the apps shouldn't care what their access policies are (apart from certificates) and it doesn't scale from an administrator perspective. – OneCricketeer Feb 23 '22 at 01:00
  • Actually, looking through the source code, there is no GUI. The first image is simply referring to a separate project altogether – OneCricketeer Feb 23 '22 at 01:04
  • Still, this is a tightly coupled appliance, with optional microservices that need to be able to manage their own topics and acls. Adding a new service to the stack just for ACL management isn't going to fly. – Jason Feb 23 '22 at 02:12
  • Alright, well, I don't see any methods in C# client API to do what you want. Therefore, you're going to need some standalone thing. Sorry. – OneCricketeer Feb 23 '22 at 04:19
  • Did you figure this out? I have the same need for my microservices – John Waters Jun 10 '22 at 22:20
  • @JohnWaters Since it's containerized I took the fool's route of installing the Kafka binaries and Java JRE in my container and using System.Diagnostics.Process calls to use the kafka commandline for ACLs. This was deemed a temporary solution as LibRDKafka had ACL management in the pipeline so it should eventually make it to Confluent.Kafka. It may be in Confluent.Kafka 1.9.0 but there are other issues with that version right now (https://github.com/confluentinc/confluent-kafka-dotnet/issues/1708) that prevent us from using it. – Jason Jun 22 '22 at 15:03

1 Answers1

0

Since writing this question Confluent.Kafka 1.9.0+ now supports ACL managment.

Jason
  • 121
  • 8