Viewing docs for redpanda 2.0.0
published on Wednesday, Jun 3, 2026 by redpanda-data
published on Wednesday, Jun 3, 2026 by redpanda-data
Viewing docs for redpanda 2.0.0
published on Wednesday, Jun 3, 2026 by redpanda-data
published on Wednesday, Jun 3, 2026 by redpanda-data
Cluster resource
Enables the provisioning and management of Redpanda clusters on AWS and GCP. A cluster must always have a network and resource group.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as redpanda from "@pulumi/redpanda";
const example = new redpanda.ResourceGroup("example", {name: "example-resource-group"});
const exampleNetwork = new redpanda.Network("example", {
name: "example-network",
resourceGroupId: example.id,
cloudProvider: "aws",
region: "us-west-2",
clusterType: "dedicated",
cidrBlock: "10.0.0.0/20",
});
const exampleCluster = new redpanda.Cluster("example", {
name: "example-cluster",
resourceGroupId: example.id,
networkId: exampleNetwork.id,
cloudProvider: "aws",
region: "us-west-2",
clusterType: "dedicated",
connectionType: "public",
throughputTier: "tier-1-aws-v2-arm",
zones: [
"us-west-2a",
"us-west-2b",
"us-west-2c",
],
});
import pulumi
import pulumi_redpanda as redpanda
example = redpanda.ResourceGroup("example", name="example-resource-group")
example_network = redpanda.Network("example",
name="example-network",
resource_group_id=example.id,
cloud_provider="aws",
region="us-west-2",
cluster_type="dedicated",
cidr_block="10.0.0.0/20")
example_cluster = redpanda.Cluster("example",
name="example-cluster",
resource_group_id=example.id,
network_id=example_network.id,
cloud_provider="aws",
region="us-west-2",
cluster_type="dedicated",
connection_type="public",
throughput_tier="tier-1-aws-v2-arm",
zones=[
"us-west-2a",
"us-west-2b",
"us-west-2c",
])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/redpanda/v2/redpanda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := redpanda.NewResourceGroup(ctx, "example", &redpanda.ResourceGroupArgs{
Name: pulumi.String("example-resource-group"),
})
if err != nil {
return err
}
exampleNetwork, err := redpanda.NewNetwork(ctx, "example", &redpanda.NetworkArgs{
Name: pulumi.String("example-network"),
ResourceGroupId: example.ID(),
CloudProvider: pulumi.String("aws"),
Region: pulumi.String("us-west-2"),
ClusterType: pulumi.String("dedicated"),
CidrBlock: pulumi.String("10.0.0.0/20"),
})
if err != nil {
return err
}
_, err = redpanda.NewCluster(ctx, "example", &redpanda.ClusterArgs{
Name: pulumi.String("example-cluster"),
ResourceGroupId: example.ID(),
NetworkId: exampleNetwork.ID(),
CloudProvider: pulumi.String("aws"),
Region: pulumi.String("us-west-2"),
ClusterType: pulumi.String("dedicated"),
ConnectionType: pulumi.String("public"),
ThroughputTier: pulumi.String("tier-1-aws-v2-arm"),
Zones: pulumi.StringArray{
pulumi.String("us-west-2a"),
pulumi.String("us-west-2b"),
pulumi.String("us-west-2c"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Redpanda = Pulumi.Redpanda;
return await Deployment.RunAsync(() =>
{
var example = new Redpanda.ResourceGroup("example", new()
{
Name = "example-resource-group",
});
var exampleNetwork = new Redpanda.Network("example", new()
{
Name = "example-network",
ResourceGroupId = example.Id,
CloudProvider = "aws",
Region = "us-west-2",
ClusterType = "dedicated",
CidrBlock = "10.0.0.0/20",
});
var exampleCluster = new Redpanda.Cluster("example", new()
{
Name = "example-cluster",
ResourceGroupId = example.Id,
NetworkId = exampleNetwork.Id,
CloudProvider = "aws",
Region = "us-west-2",
ClusterType = "dedicated",
ConnectionType = "public",
ThroughputTier = "tier-1-aws-v2-arm",
Zones = new[]
{
"us-west-2a",
"us-west-2b",
"us-west-2c",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.redpanda.ResourceGroup;
import com.pulumi.redpanda.ResourceGroupArgs;
import com.pulumi.redpanda.Network;
import com.pulumi.redpanda.NetworkArgs;
import com.pulumi.redpanda.Cluster;
import com.pulumi.redpanda.ClusterArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resource-group")
.build());
var exampleNetwork = new Network("exampleNetwork", NetworkArgs.builder()
.name("example-network")
.resourceGroupId(example.id())
.cloudProvider("aws")
.region("us-west-2")
.clusterType("dedicated")
.cidrBlock("10.0.0.0/20")
.build());
var exampleCluster = new Cluster("exampleCluster", ClusterArgs.builder()
.name("example-cluster")
.resourceGroupId(example.id())
.networkId(exampleNetwork.id())
.cloudProvider("aws")
.region("us-west-2")
.clusterType("dedicated")
.connectionType("public")
.throughputTier("tier-1-aws-v2-arm")
.zones(
"us-west-2a",
"us-west-2b",
"us-west-2c")
.build());
}
}
resources:
example:
type: redpanda:ResourceGroup
properties:
name: example-resource-group
exampleNetwork:
type: redpanda:Network
name: example
properties:
name: example-network
resourceGroupId: ${example.id}
cloudProvider: aws
region: us-west-2
clusterType: dedicated
cidrBlock: 10.0.0.0/20
exampleCluster:
type: redpanda:Cluster
name: example
properties:
name: example-cluster
resourceGroupId: ${example.id}
networkId: ${exampleNetwork.id}
cloudProvider: aws
region: us-west-2
clusterType: dedicated
connectionType: public
throughputTier: tier-1-aws-v2-arm
zones:
- us-west-2a
- us-west-2b
- us-west-2c
Example coming soon!
Advanced Usage
On AWS
import * as pulumi from "@pulumi/pulumi";
import * as redpanda from "@pulumi/redpanda";
const test = new redpanda.ResourceGroup("test", {name: resourceGroupName});
const testNetwork = new redpanda.Network("test", {
name: networkName,
resourceGroupId: test.id,
cloudProvider: cloudProvider,
region: region,
clusterType: "dedicated",
cidrBlock: "10.0.0.0/20",
timeouts: {
create: "20m",
"delete": "20m",
},
});
const testCluster = new redpanda.Cluster("test", {
name: clusterName,
resourceGroupId: test.id,
networkId: testNetwork.id,
cloudProvider: cloudProvider,
region: region,
clusterType: "dedicated",
connectionType: "public",
throughputTier: throughputTier,
zones: zones,
allowDeletion: clusterAllowDeletion,
clusterConfiguration: {
customPropertiesJson: JSON.stringify({
enable_shadow_linking: clusterEnableShadowLinking,
schema_registry_enable_authorization: true,
}),
},
maintenanceWindowConfig: {
dayHour: {
dayOfWeek: maintenanceDayOfWeek,
hourOfDay: maintenanceHourOfDay,
},
},
tags: clusterTags,
timeouts: {
create: "90m",
},
});
const testUser = new redpanda.User("test", {
name: userName,
password: userPasswordWo != null ? null : userPw,
passwordWo: userPasswordWo,
passwordWoVersion: userPasswordWoVersion,
mechanism: mechanism,
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: userAllowDeletion,
});
const testTopic = new redpanda.Topic("test", {
name: topicName,
partitionCount: partitionCount,
replicationFactor: replicationFactor,
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: true,
configuration: topicConfiguration != null ? topicConfiguration : {
"cleanup.policy": "delete",
"retention.ms": topicRetentionMs,
},
}, {
dependsOn: [testUser],
});
// Bootstrap SR ACL grants for the provider's own Bearer-token principal.
// Two grants are required: the SUBJECT-scope grant authorizes
// POST /subjects/<subj>/versions; the REGISTRY-scope grant authorizes the
// follow-up GET /schemas/ids/<id>/versions that the SR client (franz-go) makes
// to fetch the full schema metadata after create. Without the REGISTRY grant,
// the schema is created but the follow-up GET 403s and the resource fails.
// User:* is broader than necessary; tighten once the exact principal is
// documented as discoverable.
const providerBootstrapSubject = new redpanda.SchemaRegistryAcl("provider_bootstrap_subject", {
clusterId: testCluster.id,
principal: "User:*",
resourceType: "SUBJECT",
resourceName: topicName,
patternType: "PREFIXED",
host: "*",
operation: "ALL",
permission: "ALLOW",
allowDeletion: true,
});
const providerBootstrapRegistry = new redpanda.SchemaRegistryAcl("provider_bootstrap_registry", {
clusterId: testCluster.id,
principal: "User:*",
resourceType: "REGISTRY",
resourceName: "*",
patternType: "LITERAL",
host: "*",
operation: "ALL",
permission: "ALLOW",
allowDeletion: true,
});
const clusterAdmin = new redpanda.Acl("cluster_admin", {
resourceType: "CLUSTER",
resourceName: "kafka-cluster",
resourcePatternType: "LITERAL",
principal: pulumi.interpolate`User:${testUser.name}`,
host: "*",
operation: "ALL",
permissionType: "ALLOW",
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: aclAllowDeletion,
});
const schemaRegistryAdmin = new redpanda.Acl("schema_registry_admin", {
resourceType: "CLUSTER",
resourceName: "kafka-cluster",
resourcePatternType: "LITERAL",
principal: pulumi.interpolate`User:${testUser.name}`,
host: "*",
operation: "ALTER",
permissionType: "ALLOW",
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: aclAllowDeletion,
});
const clusterAction = new redpanda.Acl("cluster_action", {
resourceType: "CLUSTER",
resourceName: "kafka-cluster",
resourcePatternType: "LITERAL",
principal: pulumi.interpolate`User:${testUser.name}`,
host: "*",
operation: "CLUSTER_ACTION",
permissionType: "ALLOW",
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: aclAllowDeletion,
});
const topicAccess = new redpanda.Acl("topic_access", {
resourceType: "TOPIC",
resourceName: testTopic.name,
resourcePatternType: "LITERAL",
principal: pulumi.interpolate`User:${testUser.name}`,
host: "*",
operation: "ALL",
permissionType: "ALLOW",
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: aclAllowDeletion,
});
const allTestTopic = new redpanda.SchemaRegistryAcl("all_test_topic", {
clusterId: testCluster.id,
principal: pulumi.interpolate`User:${testUser.name}`,
resourceType: "SUBJECT",
resourceName: `${topicName}-`,
patternType: "PREFIXED",
host: "*",
operation: "ALL",
permission: "ALLOW",
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
],
});
const describeRegistry = new redpanda.SchemaRegistryAcl("describe_registry", {
clusterId: testCluster.id,
principal: pulumi.interpolate`User:${testUser.name}`,
resourceType: "REGISTRY",
resourceName: "*",
patternType: "LITERAL",
host: "*",
operation: "DESCRIBE",
permission: "ALLOW",
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
],
});
const alterConfigsRegistry = new redpanda.SchemaRegistryAcl("alter_configs_registry", {
clusterId: testCluster.id,
principal: pulumi.interpolate`User:${testUser.name}`,
resourceType: "REGISTRY",
resourceName: "*",
patternType: "LITERAL",
host: "*",
operation: "ALTER_CONFIGS",
permission: "ALLOW",
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
],
});
const readRegistry = new redpanda.SchemaRegistryAcl("read_registry", {
clusterId: testCluster.id,
principal: pulumi.interpolate`User:${testUser.name}`,
resourceType: "REGISTRY",
resourceName: "*",
patternType: "LITERAL",
host: "*",
operation: "READ",
permission: "ALLOW",
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
],
});
const writeRegistry = new redpanda.SchemaRegistryAcl("write_registry", {
clusterId: testCluster.id,
principal: pulumi.interpolate`User:${testUser.name}`,
resourceType: "REGISTRY",
resourceName: "*",
patternType: "LITERAL",
host: "*",
operation: "WRITE",
permission: "ALLOW",
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
],
});
const userSchema = new redpanda.Schema("user_schema", {
clusterId: testCluster.id,
subject: `${topicName}-value`,
schemaType: schemaType,
schema: userSchemaDefinition,
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
],
});
const userEventSchema = new redpanda.Schema("user_event_schema", {
clusterId: testCluster.id,
subject: `${topicName}-events-value`,
schemaType: schemaType,
schema: userEventSchemaDefinition,
allowDeletion: true,
references: [{
name: "User",
subject: userSchema.subject,
version: userSchema.version,
}],
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
],
});
const productSchema = new redpanda.Schema("product_schema", {
clusterId: testCluster.id,
subject: `${topicName}-product-value`,
schemaType: schemaType,
schema: productSchemaDefinition,
compatibility: compatibilityLevel,
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
],
});
const developer = new redpanda.Role("developer", {
name: roleName,
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: roleAllowDeletion,
});
const roleTopicRead = new redpanda.Acl("role_topic_read", {
resourceType: "TOPIC",
resourceName: testTopic.name,
resourcePatternType: "LITERAL",
principal: pulumi.interpolate`RedpandaRole:${developer.name}`,
host: "*",
operation: "READ",
permissionType: "ALLOW",
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: aclAllowDeletion,
});
const readProduct = new redpanda.SchemaRegistryAcl("read_product", {
clusterId: testCluster.id,
principal: pulumi.interpolate`User:${testUser.name}`,
resourceType: "SUBJECT",
resourceName: "product-",
patternType: "PREFIXED",
host: "*",
operation: "READ",
permission: "ALLOW",
allowDeletion: srAclAllowDeletion,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
],
});
const writeOrders = new redpanda.SchemaRegistryAcl("write_orders", {
clusterId: testCluster.id,
principal: pulumi.interpolate`User:${testUser.name}`,
resourceType: "SUBJECT",
resourceName: "orders-value",
patternType: "LITERAL",
host: "*",
operation: "WRITE",
permission: "ALLOW",
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
],
});
const developerAssignment = new redpanda.RoleAssignment("developer_assignment", {
roleName: developer.name,
principal: pulumi.interpolate`User:${testUser.name}`,
clusterApiUrl: testCluster.clusterApiUrl,
}, {
dependsOn: [testUser],
});
export const userSchemaInfo = {
id: userSchema.schemaId,
subject: userSchema.subject,
version: userSchema.version,
type: userSchema.schemaType,
};
export const userEventSchemaInfo = {
id: userEventSchema.schemaId,
subject: userEventSchema.subject,
version: userEventSchema.version,
type: userEventSchema.schemaType,
references: userEventSchema.references,
};
export const productSchemaInfo = {
id: productSchema.schemaId,
subject: productSchema.subject,
version: productSchema.version,
type: productSchema.schemaType,
compatibility: productSchema.compatibility,
};
import pulumi
import json
import pulumi_redpanda as redpanda
test = redpanda.ResourceGroup("test", name=resource_group_name)
test_network = redpanda.Network("test",
name=network_name,
resource_group_id=test.id,
cloud_provider=cloud_provider,
region=region,
cluster_type="dedicated",
cidr_block="10.0.0.0/20",
timeouts={
"create": "20m",
"delete": "20m",
})
test_cluster = redpanda.Cluster("test",
name=cluster_name,
resource_group_id=test.id,
network_id=test_network.id,
cloud_provider=cloud_provider,
region=region,
cluster_type="dedicated",
connection_type="public",
throughput_tier=throughput_tier,
zones=zones,
allow_deletion=cluster_allow_deletion,
cluster_configuration={
"custom_properties_json": json.dumps({
"enable_shadow_linking": cluster_enable_shadow_linking,
"schema_registry_enable_authorization": True,
}),
},
maintenance_window_config={
"day_hour": {
"day_of_week": maintenance_day_of_week,
"hour_of_day": maintenance_hour_of_day,
},
},
tags=cluster_tags,
timeouts={
"create": "90m",
})
test_user = redpanda.User("test",
name=user_name,
password=None if user_password_wo != None else user_pw,
password_wo=user_password_wo,
password_wo_version=user_password_wo_version,
mechanism=mechanism,
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=user_allow_deletion)
test_topic = redpanda.Topic("test",
name=topic_name,
partition_count=partition_count,
replication_factor=replication_factor,
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=True,
configuration=topic_configuration if topic_configuration != None else {
"cleanup.policy": "delete",
"retention.ms": topic_retention_ms,
},
opts = pulumi.ResourceOptions(depends_on=[test_user]))
# Bootstrap SR ACL grants for the provider's own Bearer-token principal.
# Two grants are required: the SUBJECT-scope grant authorizes
# POST /subjects/<subj>/versions; the REGISTRY-scope grant authorizes the
# follow-up GET /schemas/ids/<id>/versions that the SR client (franz-go) makes
# to fetch the full schema metadata after create. Without the REGISTRY grant,
# the schema is created but the follow-up GET 403s and the resource fails.
# User:* is broader than necessary; tighten once the exact principal is
# documented as discoverable.
provider_bootstrap_subject = redpanda.SchemaRegistryAcl("provider_bootstrap_subject",
cluster_id=test_cluster.id,
principal="User:*",
resource_type="SUBJECT",
resource_name_=topic_name,
pattern_type="PREFIXED",
host="*",
operation="ALL",
permission="ALLOW",
allow_deletion=True)
provider_bootstrap_registry = redpanda.SchemaRegistryAcl("provider_bootstrap_registry",
cluster_id=test_cluster.id,
principal="User:*",
resource_type="REGISTRY",
resource_name_="*",
pattern_type="LITERAL",
host="*",
operation="ALL",
permission="ALLOW",
allow_deletion=True)
cluster_admin = redpanda.Acl("cluster_admin",
resource_type="CLUSTER",
resource_name_="kafka-cluster",
resource_pattern_type="LITERAL",
principal=test_user.name.apply(lambda name: f"User:{name}"),
host="*",
operation="ALL",
permission_type="ALLOW",
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=acl_allow_deletion)
schema_registry_admin = redpanda.Acl("schema_registry_admin",
resource_type="CLUSTER",
resource_name_="kafka-cluster",
resource_pattern_type="LITERAL",
principal=test_user.name.apply(lambda name: f"User:{name}"),
host="*",
operation="ALTER",
permission_type="ALLOW",
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=acl_allow_deletion)
cluster_action = redpanda.Acl("cluster_action",
resource_type="CLUSTER",
resource_name_="kafka-cluster",
resource_pattern_type="LITERAL",
principal=test_user.name.apply(lambda name: f"User:{name}"),
host="*",
operation="CLUSTER_ACTION",
permission_type="ALLOW",
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=acl_allow_deletion)
topic_access = redpanda.Acl("topic_access",
resource_type="TOPIC",
resource_name_=test_topic.name,
resource_pattern_type="LITERAL",
principal=test_user.name.apply(lambda name: f"User:{name}"),
host="*",
operation="ALL",
permission_type="ALLOW",
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=acl_allow_deletion)
all_test_topic = redpanda.SchemaRegistryAcl("all_test_topic",
cluster_id=test_cluster.id,
principal=test_user.name.apply(lambda name: f"User:{name}"),
resource_type="SUBJECT",
resource_name_=f"{topic_name}-",
pattern_type="PREFIXED",
host="*",
operation="ALL",
permission="ALLOW",
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
]))
describe_registry = redpanda.SchemaRegistryAcl("describe_registry",
cluster_id=test_cluster.id,
principal=test_user.name.apply(lambda name: f"User:{name}"),
resource_type="REGISTRY",
resource_name_="*",
pattern_type="LITERAL",
host="*",
operation="DESCRIBE",
permission="ALLOW",
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
]))
alter_configs_registry = redpanda.SchemaRegistryAcl("alter_configs_registry",
cluster_id=test_cluster.id,
principal=test_user.name.apply(lambda name: f"User:{name}"),
resource_type="REGISTRY",
resource_name_="*",
pattern_type="LITERAL",
host="*",
operation="ALTER_CONFIGS",
permission="ALLOW",
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
]))
read_registry = redpanda.SchemaRegistryAcl("read_registry",
cluster_id=test_cluster.id,
principal=test_user.name.apply(lambda name: f"User:{name}"),
resource_type="REGISTRY",
resource_name_="*",
pattern_type="LITERAL",
host="*",
operation="READ",
permission="ALLOW",
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
]))
write_registry = redpanda.SchemaRegistryAcl("write_registry",
cluster_id=test_cluster.id,
principal=test_user.name.apply(lambda name: f"User:{name}"),
resource_type="REGISTRY",
resource_name_="*",
pattern_type="LITERAL",
host="*",
operation="WRITE",
permission="ALLOW",
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
]))
user_schema = redpanda.Schema("user_schema",
cluster_id=test_cluster.id,
subject=f"{topic_name}-value",
schema_type=schema_type,
schema=user_schema_definition,
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
cluster_action,
topic_access,
provider_bootstrap_subject,
provider_bootstrap_registry,
all_test_topic,
describe_registry,
alter_configs_registry,
read_registry,
write_registry,
]))
user_event_schema = redpanda.Schema("user_event_schema",
cluster_id=test_cluster.id,
subject=f"{topic_name}-events-value",
schema_type=schema_type,
schema=user_event_schema_definition,
allow_deletion=True,
references=[{
"name": "User",
"subject": user_schema.subject,
"version": user_schema.version,
}],
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
cluster_action,
topic_access,
provider_bootstrap_subject,
provider_bootstrap_registry,
all_test_topic,
describe_registry,
alter_configs_registry,
read_registry,
write_registry,
]))
product_schema = redpanda.Schema("product_schema",
cluster_id=test_cluster.id,
subject=f"{topic_name}-product-value",
schema_type=schema_type,
schema=product_schema_definition,
compatibility=compatibility_level,
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
cluster_action,
topic_access,
provider_bootstrap_subject,
provider_bootstrap_registry,
all_test_topic,
describe_registry,
alter_configs_registry,
read_registry,
write_registry,
]))
developer = redpanda.Role("developer",
name=role_name,
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=role_allow_deletion)
role_topic_read = redpanda.Acl("role_topic_read",
resource_type="TOPIC",
resource_name_=test_topic.name,
resource_pattern_type="LITERAL",
principal=developer.name.apply(lambda name: f"RedpandaRole:{name}"),
host="*",
operation="READ",
permission_type="ALLOW",
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=acl_allow_deletion)
read_product = redpanda.SchemaRegistryAcl("read_product",
cluster_id=test_cluster.id,
principal=test_user.name.apply(lambda name: f"User:{name}"),
resource_type="SUBJECT",
resource_name_="product-",
pattern_type="PREFIXED",
host="*",
operation="READ",
permission="ALLOW",
allow_deletion=sr_acl_allow_deletion,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
]))
write_orders = redpanda.SchemaRegistryAcl("write_orders",
cluster_id=test_cluster.id,
principal=test_user.name.apply(lambda name: f"User:{name}"),
resource_type="SUBJECT",
resource_name_="orders-value",
pattern_type="LITERAL",
host="*",
operation="WRITE",
permission="ALLOW",
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
]))
developer_assignment = redpanda.RoleAssignment("developer_assignment",
role_name=developer.name,
principal=test_user.name.apply(lambda name: f"User:{name}"),
cluster_api_url=test_cluster.cluster_api_url,
opts = pulumi.ResourceOptions(depends_on=[test_user]))
pulumi.export("userSchemaInfo", {
"id": user_schema.schema_id,
"subject": user_schema.subject,
"version": user_schema.version,
"type": user_schema.schema_type,
})
pulumi.export("userEventSchemaInfo", {
"id": user_event_schema.schema_id,
"subject": user_event_schema.subject,
"version": user_event_schema.version,
"type": user_event_schema.schema_type,
"references": user_event_schema.references,
})
pulumi.export("productSchemaInfo", {
"id": product_schema.schema_id,
"subject": product_schema.subject,
"version": product_schema.version,
"type": product_schema.schema_type,
"compatibility": product_schema.compatibility,
})
package main
import (
"encoding/json"
"fmt"
"github.com/pulumi/pulumi-terraform-provider/sdks/go/redpanda/v2/redpanda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
test, err := redpanda.NewResourceGroup(ctx, "test", &redpanda.ResourceGroupArgs{
Name: pulumi.Any(resourceGroupName),
})
if err != nil {
return err
}
testNetwork, err := redpanda.NewNetwork(ctx, "test", &redpanda.NetworkArgs{
Name: pulumi.Any(networkName),
ResourceGroupId: test.ID(),
CloudProvider: pulumi.Any(cloudProvider),
Region: pulumi.Any(region),
ClusterType: pulumi.String("dedicated"),
CidrBlock: pulumi.String("10.0.0.0/20"),
Timeouts: &redpanda.NetworkTimeoutsArgs{
Create: pulumi.String("20m"),
Delete: pulumi.String("20m"),
},
})
if err != nil {
return err
}
tmpJSON0, err := json.Marshal(map[string]interface{}{
"enable_shadow_linking": clusterEnableShadowLinking,
"schema_registry_enable_authorization": true,
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
testCluster, err := redpanda.NewCluster(ctx, "test", &redpanda.ClusterArgs{
Name: pulumi.Any(clusterName),
ResourceGroupId: test.ID(),
NetworkId: testNetwork.ID(),
CloudProvider: pulumi.Any(cloudProvider),
Region: pulumi.Any(region),
ClusterType: pulumi.String("dedicated"),
ConnectionType: pulumi.String("public"),
ThroughputTier: pulumi.Any(throughputTier),
Zones: pulumi.Any(zones),
AllowDeletion: pulumi.Any(clusterAllowDeletion),
ClusterConfiguration: &redpanda.ClusterClusterConfigurationArgs{
CustomPropertiesJson: pulumi.String(json0),
},
MaintenanceWindowConfig: &redpanda.ClusterMaintenanceWindowConfigArgs{
DayHour: &redpanda.ClusterMaintenanceWindowConfigDayHourArgs{
DayOfWeek: pulumi.Any(maintenanceDayOfWeek),
HourOfDay: pulumi.Any(maintenanceHourOfDay),
},
},
Tags: pulumi.Any(clusterTags),
Timeouts: &redpanda.ClusterTimeoutsArgs{
Create: pulumi.String("90m"),
},
})
if err != nil {
return err
}
var tmp0 pulumi.String
if userPasswordWo != nil {
tmp0 = nil
} else {
tmp0 = pulumi.Any(userPw)
}
testUser, err := redpanda.NewUser(ctx, "test", &redpanda.UserArgs{
Name: pulumi.Any(userName),
Password: pulumi.String(tmp0),
PasswordWo: pulumi.Any(userPasswordWo),
PasswordWoVersion: pulumi.Any(userPasswordWoVersion),
Mechanism: pulumi.Any(mechanism),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(userAllowDeletion),
})
if err != nil {
return err
}
var tmp1 pulumi.StringMap
if topicConfiguration != nil {
tmp1 = pulumi.Any(topicConfiguration)
} else {
tmp1 = pulumi.StringMap{
"cleanup.policy": pulumi.String("delete"),
"retention.ms": pulumi.Any(topicRetentionMs),
}
}
testTopic, err := redpanda.NewTopic(ctx, "test", &redpanda.TopicArgs{
Name: pulumi.Any(topicName),
PartitionCount: pulumi.Any(partitionCount),
ReplicationFactor: pulumi.Any(replicationFactor),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Bool(true),
Configuration: pulumi.StringMap(tmp1),
}, pulumi.DependsOn([]pulumi.Resource{
testUser,
}))
if err != nil {
return err
}
// Bootstrap SR ACL grants for the provider's own Bearer-token principal.
// Two grants are required: the SUBJECT-scope grant authorizes
// POST /subjects/<subj>/versions; the REGISTRY-scope grant authorizes the
// follow-up GET /schemas/ids/<id>/versions that the SR client (franz-go) makes
// to fetch the full schema metadata after create. Without the REGISTRY grant,
// the schema is created but the follow-up GET 403s and the resource fails.
// User:* is broader than necessary; tighten once the exact principal is
// documented as discoverable.
providerBootstrapSubject, err := redpanda.NewSchemaRegistryAcl(ctx, "provider_bootstrap_subject", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: pulumi.String("User:*"),
ResourceType: pulumi.String("SUBJECT"),
ResourceName: pulumi.Any(topicName),
PatternType: pulumi.String("PREFIXED"),
Host: pulumi.String("*"),
Operation: pulumi.String("ALL"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
})
if err != nil {
return err
}
providerBootstrapRegistry, err := redpanda.NewSchemaRegistryAcl(ctx, "provider_bootstrap_registry", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: pulumi.String("User:*"),
ResourceType: pulumi.String("REGISTRY"),
ResourceName: pulumi.String("*"),
PatternType: pulumi.String("LITERAL"),
Host: pulumi.String("*"),
Operation: pulumi.String("ALL"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
})
if err != nil {
return err
}
clusterAdmin, err := redpanda.NewAcl(ctx, "cluster_admin", &redpanda.AclArgs{
ResourceType: pulumi.String("CLUSTER"),
ResourceName: pulumi.String("kafka-cluster"),
ResourcePatternType: pulumi.String("LITERAL"),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
Host: pulumi.String("*"),
Operation: pulumi.String("ALL"),
PermissionType: pulumi.String("ALLOW"),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(aclAllowDeletion),
})
if err != nil {
return err
}
schemaRegistryAdmin, err := redpanda.NewAcl(ctx, "schema_registry_admin", &redpanda.AclArgs{
ResourceType: pulumi.String("CLUSTER"),
ResourceName: pulumi.String("kafka-cluster"),
ResourcePatternType: pulumi.String("LITERAL"),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
Host: pulumi.String("*"),
Operation: pulumi.String("ALTER"),
PermissionType: pulumi.String("ALLOW"),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(aclAllowDeletion),
})
if err != nil {
return err
}
clusterAction, err := redpanda.NewAcl(ctx, "cluster_action", &redpanda.AclArgs{
ResourceType: pulumi.String("CLUSTER"),
ResourceName: pulumi.String("kafka-cluster"),
ResourcePatternType: pulumi.String("LITERAL"),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
Host: pulumi.String("*"),
Operation: pulumi.String("CLUSTER_ACTION"),
PermissionType: pulumi.String("ALLOW"),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(aclAllowDeletion),
})
if err != nil {
return err
}
topicAccess, err := redpanda.NewAcl(ctx, "topic_access", &redpanda.AclArgs{
ResourceType: pulumi.String("TOPIC"),
ResourceName: testTopic.Name,
ResourcePatternType: pulumi.String("LITERAL"),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
Host: pulumi.String("*"),
Operation: pulumi.String("ALL"),
PermissionType: pulumi.String("ALLOW"),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(aclAllowDeletion),
})
if err != nil {
return err
}
allTestTopic, err := redpanda.NewSchemaRegistryAcl(ctx, "all_test_topic", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ResourceType: pulumi.String("SUBJECT"),
ResourceName: pulumi.Sprintf("%v-", topicName),
PatternType: pulumi.String("PREFIXED"),
Host: pulumi.String("*"),
Operation: pulumi.String("ALL"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
}))
if err != nil {
return err
}
describeRegistry, err := redpanda.NewSchemaRegistryAcl(ctx, "describe_registry", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ResourceType: pulumi.String("REGISTRY"),
ResourceName: pulumi.String("*"),
PatternType: pulumi.String("LITERAL"),
Host: pulumi.String("*"),
Operation: pulumi.String("DESCRIBE"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
}))
if err != nil {
return err
}
alterConfigsRegistry, err := redpanda.NewSchemaRegistryAcl(ctx, "alter_configs_registry", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ResourceType: pulumi.String("REGISTRY"),
ResourceName: pulumi.String("*"),
PatternType: pulumi.String("LITERAL"),
Host: pulumi.String("*"),
Operation: pulumi.String("ALTER_CONFIGS"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
}))
if err != nil {
return err
}
readRegistry, err := redpanda.NewSchemaRegistryAcl(ctx, "read_registry", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ResourceType: pulumi.String("REGISTRY"),
ResourceName: pulumi.String("*"),
PatternType: pulumi.String("LITERAL"),
Host: pulumi.String("*"),
Operation: pulumi.String("READ"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
}))
if err != nil {
return err
}
writeRegistry, err := redpanda.NewSchemaRegistryAcl(ctx, "write_registry", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ResourceType: pulumi.String("REGISTRY"),
ResourceName: pulumi.String("*"),
PatternType: pulumi.String("LITERAL"),
Host: pulumi.String("*"),
Operation: pulumi.String("WRITE"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
}))
if err != nil {
return err
}
userSchema, err := redpanda.NewSchema(ctx, "user_schema", &redpanda.SchemaArgs{
ClusterId: testCluster.ID(),
Subject: pulumi.Sprintf("%v-value", topicName),
SchemaType: pulumi.Any(schemaType),
Schema: pulumi.Any(userSchemaDefinition),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
}))
if err != nil {
return err
}
userEventSchema, err := redpanda.NewSchema(ctx, "user_event_schema", &redpanda.SchemaArgs{
ClusterId: testCluster.ID(),
Subject: pulumi.Sprintf("%v-events-value", topicName),
SchemaType: pulumi.Any(schemaType),
Schema: pulumi.Any(userEventSchemaDefinition),
AllowDeletion: pulumi.Bool(true),
References: redpanda.SchemaReferenceArray{
&redpanda.SchemaReferenceArgs{
Name: pulumi.String("User"),
Subject: userSchema.Subject,
Version: userSchema.Version,
},
},
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
}))
if err != nil {
return err
}
productSchema, err := redpanda.NewSchema(ctx, "product_schema", &redpanda.SchemaArgs{
ClusterId: testCluster.ID(),
Subject: pulumi.Sprintf("%v-product-value", topicName),
SchemaType: pulumi.Any(schemaType),
Schema: pulumi.Any(productSchemaDefinition),
Compatibility: pulumi.Any(compatibilityLevel),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
}))
if err != nil {
return err
}
developer, err := redpanda.NewRole(ctx, "developer", &redpanda.RoleArgs{
Name: pulumi.Any(roleName),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(roleAllowDeletion),
})
if err != nil {
return err
}
_, err = redpanda.NewAcl(ctx, "role_topic_read", &redpanda.AclArgs{
ResourceType: pulumi.String("TOPIC"),
ResourceName: testTopic.Name,
ResourcePatternType: pulumi.String("LITERAL"),
Principal: developer.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("RedpandaRole:%v", name), nil
}).(pulumi.StringOutput),
Host: pulumi.String("*"),
Operation: pulumi.String("READ"),
PermissionType: pulumi.String("ALLOW"),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(aclAllowDeletion),
})
if err != nil {
return err
}
_, err = redpanda.NewSchemaRegistryAcl(ctx, "read_product", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ResourceType: pulumi.String("SUBJECT"),
ResourceName: pulumi.String("product-"),
PatternType: pulumi.String("PREFIXED"),
Host: pulumi.String("*"),
Operation: pulumi.String("READ"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Any(srAclAllowDeletion),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
}))
if err != nil {
return err
}
_, err = redpanda.NewSchemaRegistryAcl(ctx, "write_orders", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ResourceType: pulumi.String("SUBJECT"),
ResourceName: pulumi.String("orders-value"),
PatternType: pulumi.String("LITERAL"),
Host: pulumi.String("*"),
Operation: pulumi.String("WRITE"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
}))
if err != nil {
return err
}
_, err = redpanda.NewRoleAssignment(ctx, "developer_assignment", &redpanda.RoleAssignmentArgs{
RoleName: developer.Name,
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ClusterApiUrl: testCluster.ClusterApiUrl,
}, pulumi.DependsOn([]pulumi.Resource{
testUser,
}))
if err != nil {
return err
}
ctx.Export("userSchemaInfo", pulumi.Map{
"id": userSchema.SchemaId,
"subject": userSchema.Subject,
"version": userSchema.Version,
"type": userSchema.SchemaType,
})
ctx.Export("userEventSchemaInfo", pulumi.Map{
"id": userEventSchema.SchemaId,
"subject": userEventSchema.Subject,
"version": userEventSchema.Version,
"type": userEventSchema.SchemaType,
"references": userEventSchema.References,
})
ctx.Export("productSchemaInfo", pulumi.Map{
"id": productSchema.SchemaId,
"subject": productSchema.Subject,
"version": productSchema.Version,
"type": productSchema.SchemaType,
"compatibility": productSchema.Compatibility,
})
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Redpanda = Pulumi.Redpanda;
return await Deployment.RunAsync(() =>
{
var test = new Redpanda.ResourceGroup("test", new()
{
Name = resourceGroupName,
});
var testNetwork = new Redpanda.Network("test", new()
{
Name = networkName,
ResourceGroupId = test.Id,
CloudProvider = cloudProvider,
Region = region,
ClusterType = "dedicated",
CidrBlock = "10.0.0.0/20",
Timeouts = new Redpanda.Inputs.NetworkTimeoutsArgs
{
Create = "20m",
Delete = "20m",
},
});
var testCluster = new Redpanda.Cluster("test", new()
{
Name = clusterName,
ResourceGroupId = test.Id,
NetworkId = testNetwork.Id,
CloudProvider = cloudProvider,
Region = region,
ClusterType = "dedicated",
ConnectionType = "public",
ThroughputTier = throughputTier,
Zones = zones,
AllowDeletion = clusterAllowDeletion,
ClusterConfiguration = new Redpanda.Inputs.ClusterClusterConfigurationArgs
{
CustomPropertiesJson = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["enable_shadow_linking"] = clusterEnableShadowLinking,
["schema_registry_enable_authorization"] = true,
}),
},
MaintenanceWindowConfig = new Redpanda.Inputs.ClusterMaintenanceWindowConfigArgs
{
DayHour = new Redpanda.Inputs.ClusterMaintenanceWindowConfigDayHourArgs
{
DayOfWeek = maintenanceDayOfWeek,
HourOfDay = maintenanceHourOfDay,
},
},
Tags = clusterTags,
Timeouts = new Redpanda.Inputs.ClusterTimeoutsArgs
{
Create = "90m",
},
});
var testUser = new Redpanda.User("test", new()
{
Name = userName,
Password = userPasswordWo != null ? null : userPw,
PasswordWo = userPasswordWo,
PasswordWoVersion = userPasswordWoVersion,
Mechanism = mechanism,
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = userAllowDeletion,
});
var testTopic = new Redpanda.Topic("test", new()
{
Name = topicName,
PartitionCount = partitionCount,
ReplicationFactor = replicationFactor,
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = true,
Configuration = topicConfiguration != null ? topicConfiguration :
{
{ "cleanup.policy", "delete" },
{ "retention.ms", topicRetentionMs },
},
}, new CustomResourceOptions
{
DependsOn =
{
testUser,
},
});
// Bootstrap SR ACL grants for the provider's own Bearer-token principal.
// Two grants are required: the SUBJECT-scope grant authorizes
// POST /subjects/<subj>/versions; the REGISTRY-scope grant authorizes the
// follow-up GET /schemas/ids/<id>/versions that the SR client (franz-go) makes
// to fetch the full schema metadata after create. Without the REGISTRY grant,
// the schema is created but the follow-up GET 403s and the resource fails.
// User:* is broader than necessary; tighten once the exact principal is
// documented as discoverable.
var providerBootstrapSubject = new Redpanda.SchemaRegistryAcl("provider_bootstrap_subject", new()
{
ClusterId = testCluster.Id,
Principal = "User:*",
ResourceType = "SUBJECT",
ResourceName = topicName,
PatternType = "PREFIXED",
Host = "*",
Operation = "ALL",
Permission = "ALLOW",
AllowDeletion = true,
});
var providerBootstrapRegistry = new Redpanda.SchemaRegistryAcl("provider_bootstrap_registry", new()
{
ClusterId = testCluster.Id,
Principal = "User:*",
ResourceType = "REGISTRY",
ResourceName = "*",
PatternType = "LITERAL",
Host = "*",
Operation = "ALL",
Permission = "ALLOW",
AllowDeletion = true,
});
var clusterAdmin = new Redpanda.Acl("cluster_admin", new()
{
ResourceType = "CLUSTER",
ResourceName = "kafka-cluster",
ResourcePatternType = "LITERAL",
Principal = testUser.Name.Apply(name => $"User:{name}"),
Host = "*",
Operation = "ALL",
PermissionType = "ALLOW",
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = aclAllowDeletion,
});
var schemaRegistryAdmin = new Redpanda.Acl("schema_registry_admin", new()
{
ResourceType = "CLUSTER",
ResourceName = "kafka-cluster",
ResourcePatternType = "LITERAL",
Principal = testUser.Name.Apply(name => $"User:{name}"),
Host = "*",
Operation = "ALTER",
PermissionType = "ALLOW",
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = aclAllowDeletion,
});
var clusterAction = new Redpanda.Acl("cluster_action", new()
{
ResourceType = "CLUSTER",
ResourceName = "kafka-cluster",
ResourcePatternType = "LITERAL",
Principal = testUser.Name.Apply(name => $"User:{name}"),
Host = "*",
Operation = "CLUSTER_ACTION",
PermissionType = "ALLOW",
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = aclAllowDeletion,
});
var topicAccess = new Redpanda.Acl("topic_access", new()
{
ResourceType = "TOPIC",
ResourceName = testTopic.Name,
ResourcePatternType = "LITERAL",
Principal = testUser.Name.Apply(name => $"User:{name}"),
Host = "*",
Operation = "ALL",
PermissionType = "ALLOW",
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = aclAllowDeletion,
});
var allTestTopic = new Redpanda.SchemaRegistryAcl("all_test_topic", new()
{
ClusterId = testCluster.Id,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ResourceType = "SUBJECT",
ResourceName = $"{topicName}-",
PatternType = "PREFIXED",
Host = "*",
Operation = "ALL",
Permission = "ALLOW",
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
},
});
var describeRegistry = new Redpanda.SchemaRegistryAcl("describe_registry", new()
{
ClusterId = testCluster.Id,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ResourceType = "REGISTRY",
ResourceName = "*",
PatternType = "LITERAL",
Host = "*",
Operation = "DESCRIBE",
Permission = "ALLOW",
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
},
});
var alterConfigsRegistry = new Redpanda.SchemaRegistryAcl("alter_configs_registry", new()
{
ClusterId = testCluster.Id,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ResourceType = "REGISTRY",
ResourceName = "*",
PatternType = "LITERAL",
Host = "*",
Operation = "ALTER_CONFIGS",
Permission = "ALLOW",
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
},
});
var readRegistry = new Redpanda.SchemaRegistryAcl("read_registry", new()
{
ClusterId = testCluster.Id,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ResourceType = "REGISTRY",
ResourceName = "*",
PatternType = "LITERAL",
Host = "*",
Operation = "READ",
Permission = "ALLOW",
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
},
});
var writeRegistry = new Redpanda.SchemaRegistryAcl("write_registry", new()
{
ClusterId = testCluster.Id,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ResourceType = "REGISTRY",
ResourceName = "*",
PatternType = "LITERAL",
Host = "*",
Operation = "WRITE",
Permission = "ALLOW",
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
},
});
var userSchema = new Redpanda.Schema("user_schema", new()
{
ClusterId = testCluster.Id,
Subject = $"{topicName}-value",
SchemaType = schemaType,
Schema = userSchemaDefinition,
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
},
});
var userEventSchema = new Redpanda.Schema("user_event_schema", new()
{
ClusterId = testCluster.Id,
Subject = $"{topicName}-events-value",
SchemaType = schemaType,
Schema = userEventSchemaDefinition,
AllowDeletion = true,
References = new[]
{
new Redpanda.Inputs.SchemaReferenceArgs
{
Name = "User",
Subject = userSchema.Subject,
Version = userSchema.Version,
},
},
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
},
});
var productSchema = new Redpanda.Schema("product_schema", new()
{
ClusterId = testCluster.Id,
Subject = $"{topicName}-product-value",
SchemaType = schemaType,
Schema = productSchemaDefinition,
Compatibility = compatibilityLevel,
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
},
});
var developer = new Redpanda.Role("developer", new()
{
Name = roleName,
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = roleAllowDeletion,
});
var roleTopicRead = new Redpanda.Acl("role_topic_read", new()
{
ResourceType = "TOPIC",
ResourceName = testTopic.Name,
ResourcePatternType = "LITERAL",
Principal = developer.Name.Apply(name => $"RedpandaRole:{name}"),
Host = "*",
Operation = "READ",
PermissionType = "ALLOW",
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = aclAllowDeletion,
});
var readProduct = new Redpanda.SchemaRegistryAcl("read_product", new()
{
ClusterId = testCluster.Id,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ResourceType = "SUBJECT",
ResourceName = "product-",
PatternType = "PREFIXED",
Host = "*",
Operation = "READ",
Permission = "ALLOW",
AllowDeletion = srAclAllowDeletion,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
},
});
var writeOrders = new Redpanda.SchemaRegistryAcl("write_orders", new()
{
ClusterId = testCluster.Id,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ResourceType = "SUBJECT",
ResourceName = "orders-value",
PatternType = "LITERAL",
Host = "*",
Operation = "WRITE",
Permission = "ALLOW",
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
},
});
var developerAssignment = new Redpanda.RoleAssignment("developer_assignment", new()
{
RoleName = developer.Name,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ClusterApiUrl = testCluster.ClusterApiUrl,
}, new CustomResourceOptions
{
DependsOn =
{
testUser,
},
});
return new Dictionary<string, object?>
{
["userSchemaInfo"] =
{
{ "id", userSchema.SchemaId },
{ "subject", userSchema.Subject },
{ "version", userSchema.Version },
{ "type", userSchema.SchemaType },
},
["userEventSchemaInfo"] =
{
{ "id", userEventSchema.SchemaId },
{ "subject", userEventSchema.Subject },
{ "version", userEventSchema.Version },
{ "type", userEventSchema.SchemaType },
{ "references", userEventSchema.References },
},
["productSchemaInfo"] =
{
{ "id", productSchema.SchemaId },
{ "subject", productSchema.Subject },
{ "version", productSchema.Version },
{ "type", productSchema.SchemaType },
{ "compatibility", productSchema.Compatibility },
},
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.redpanda.ResourceGroup;
import com.pulumi.redpanda.ResourceGroupArgs;
import com.pulumi.redpanda.Network;
import com.pulumi.redpanda.NetworkArgs;
import com.pulumi.redpanda.inputs.NetworkTimeoutsArgs;
import com.pulumi.redpanda.Cluster;
import com.pulumi.redpanda.ClusterArgs;
import com.pulumi.redpanda.inputs.ClusterClusterConfigurationArgs;
import com.pulumi.redpanda.inputs.ClusterMaintenanceWindowConfigArgs;
import com.pulumi.redpanda.inputs.ClusterMaintenanceWindowConfigDayHourArgs;
import com.pulumi.redpanda.inputs.ClusterTimeoutsArgs;
import com.pulumi.redpanda.User;
import com.pulumi.redpanda.UserArgs;
import com.pulumi.redpanda.Topic;
import com.pulumi.redpanda.TopicArgs;
import com.pulumi.redpanda.SchemaRegistryAcl;
import com.pulumi.redpanda.SchemaRegistryAclArgs;
import com.pulumi.redpanda.Acl;
import com.pulumi.redpanda.AclArgs;
import com.pulumi.redpanda.Schema;
import com.pulumi.redpanda.SchemaArgs;
import com.pulumi.redpanda.inputs.SchemaReferenceArgs;
import com.pulumi.redpanda.Role;
import com.pulumi.redpanda.RoleArgs;
import com.pulumi.redpanda.RoleAssignment;
import com.pulumi.redpanda.RoleAssignmentArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new ResourceGroup("test", ResourceGroupArgs.builder()
.name(resourceGroupName)
.build());
var testNetwork = new Network("testNetwork", NetworkArgs.builder()
.name(networkName)
.resourceGroupId(test.id())
.cloudProvider(cloudProvider)
.region(region)
.clusterType("dedicated")
.cidrBlock("10.0.0.0/20")
.timeouts(NetworkTimeoutsArgs.builder()
.create("20m")
.delete("20m")
.build())
.build());
var testCluster = new Cluster("testCluster", ClusterArgs.builder()
.name(clusterName)
.resourceGroupId(test.id())
.networkId(testNetwork.id())
.cloudProvider(cloudProvider)
.region(region)
.clusterType("dedicated")
.connectionType("public")
.throughputTier(throughputTier)
.zones(zones)
.allowDeletion(clusterAllowDeletion)
.clusterConfiguration(ClusterClusterConfigurationArgs.builder()
.customPropertiesJson(serializeJson(
jsonObject(
jsonProperty("enable_shadow_linking", clusterEnableShadowLinking),
jsonProperty("schema_registry_enable_authorization", true)
)))
.build())
.maintenanceWindowConfig(ClusterMaintenanceWindowConfigArgs.builder()
.dayHour(ClusterMaintenanceWindowConfigDayHourArgs.builder()
.dayOfWeek(maintenanceDayOfWeek)
.hourOfDay(maintenanceHourOfDay)
.build())
.build())
.tags(clusterTags)
.timeouts(ClusterTimeoutsArgs.builder()
.create("90m")
.build())
.build());
var testUser = new User("testUser", UserArgs.builder()
.name(userName)
.password(userPasswordWo != null ? null : userPw)
.passwordWo(userPasswordWo)
.passwordWoVersion(userPasswordWoVersion)
.mechanism(mechanism)
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(userAllowDeletion)
.build());
var testTopic = new Topic("testTopic", TopicArgs.builder()
.name(topicName)
.partitionCount(partitionCount)
.replicationFactor(replicationFactor)
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(true)
.configuration(topicConfiguration != null ? topicConfiguration : Map.ofEntries(
Map.entry("cleanup.policy", "delete"),
Map.entry("retention.ms", topicRetentionMs)
))
.build(), CustomResourceOptions.builder()
.dependsOn(testUser)
.build());
// Bootstrap SR ACL grants for the provider's own Bearer-token principal.
// Two grants are required: the SUBJECT-scope grant authorizes
// POST /subjects/<subj>/versions; the REGISTRY-scope grant authorizes the
// follow-up GET /schemas/ids/<id>/versions that the SR client (franz-go) makes
// to fetch the full schema metadata after create. Without the REGISTRY grant,
// the schema is created but the follow-up GET 403s and the resource fails.
// User:* is broader than necessary; tighten once the exact principal is
// documented as discoverable.
var providerBootstrapSubject = new SchemaRegistryAcl("providerBootstrapSubject", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal("User:*")
.resourceType("SUBJECT")
.resourceName(topicName)
.patternType("PREFIXED")
.host("*")
.operation("ALL")
.permission("ALLOW")
.allowDeletion(true)
.build());
var providerBootstrapRegistry = new SchemaRegistryAcl("providerBootstrapRegistry", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal("User:*")
.resourceType("REGISTRY")
.resourceName("*")
.patternType("LITERAL")
.host("*")
.operation("ALL")
.permission("ALLOW")
.allowDeletion(true)
.build());
var clusterAdmin = new Acl("clusterAdmin", AclArgs.builder()
.resourceType("CLUSTER")
.resourceName("kafka-cluster")
.resourcePatternType("LITERAL")
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.host("*")
.operation("ALL")
.permissionType("ALLOW")
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(aclAllowDeletion)
.build());
var schemaRegistryAdmin = new Acl("schemaRegistryAdmin", AclArgs.builder()
.resourceType("CLUSTER")
.resourceName("kafka-cluster")
.resourcePatternType("LITERAL")
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.host("*")
.operation("ALTER")
.permissionType("ALLOW")
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(aclAllowDeletion)
.build());
var clusterAction = new Acl("clusterAction", AclArgs.builder()
.resourceType("CLUSTER")
.resourceName("kafka-cluster")
.resourcePatternType("LITERAL")
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.host("*")
.operation("CLUSTER_ACTION")
.permissionType("ALLOW")
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(aclAllowDeletion)
.build());
var topicAccess = new Acl("topicAccess", AclArgs.builder()
.resourceType("TOPIC")
.resourceName(testTopic.name())
.resourcePatternType("LITERAL")
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.host("*")
.operation("ALL")
.permissionType("ALLOW")
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(aclAllowDeletion)
.build());
var allTestTopic = new SchemaRegistryAcl("allTestTopic", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.resourceType("SUBJECT")
.resourceName(String.format("%s-", topicName))
.patternType("PREFIXED")
.host("*")
.operation("ALL")
.permission("ALLOW")
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin)
.build());
var describeRegistry = new SchemaRegistryAcl("describeRegistry", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.resourceType("REGISTRY")
.resourceName("*")
.patternType("LITERAL")
.host("*")
.operation("DESCRIBE")
.permission("ALLOW")
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin)
.build());
var alterConfigsRegistry = new SchemaRegistryAcl("alterConfigsRegistry", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.resourceType("REGISTRY")
.resourceName("*")
.patternType("LITERAL")
.host("*")
.operation("ALTER_CONFIGS")
.permission("ALLOW")
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin)
.build());
var readRegistry = new SchemaRegistryAcl("readRegistry", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.resourceType("REGISTRY")
.resourceName("*")
.patternType("LITERAL")
.host("*")
.operation("READ")
.permission("ALLOW")
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin)
.build());
var writeRegistry = new SchemaRegistryAcl("writeRegistry", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.resourceType("REGISTRY")
.resourceName("*")
.patternType("LITERAL")
.host("*")
.operation("WRITE")
.permission("ALLOW")
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin)
.build());
var userSchema = new Schema("userSchema", SchemaArgs.builder()
.clusterId(testCluster.id())
.subject(String.format("%s-value", topicName))
.schemaType(schemaType)
.schema(userSchemaDefinition)
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry)
.build());
var userEventSchema = new Schema("userEventSchema", SchemaArgs.builder()
.clusterId(testCluster.id())
.subject(String.format("%s-events-value", topicName))
.schemaType(schemaType)
.schema(userEventSchemaDefinition)
.allowDeletion(true)
.references(SchemaReferenceArgs.builder()
.name("User")
.subject(userSchema.subject())
.version(userSchema.version())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry)
.build());
var productSchema = new Schema("productSchema", SchemaArgs.builder()
.clusterId(testCluster.id())
.subject(String.format("%s-product-value", topicName))
.schemaType(schemaType)
.schema(productSchemaDefinition)
.compatibility(compatibilityLevel)
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry)
.build());
var developer = new Role("developer", RoleArgs.builder()
.name(roleName)
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(roleAllowDeletion)
.build());
var roleTopicRead = new Acl("roleTopicRead", AclArgs.builder()
.resourceType("TOPIC")
.resourceName(testTopic.name())
.resourcePatternType("LITERAL")
.principal(developer.name().applyValue(_name -> String.format("RedpandaRole:%s", _name)))
.host("*")
.operation("READ")
.permissionType("ALLOW")
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(aclAllowDeletion)
.build());
var readProduct = new SchemaRegistryAcl("readProduct", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.resourceType("SUBJECT")
.resourceName("product-")
.patternType("PREFIXED")
.host("*")
.operation("READ")
.permission("ALLOW")
.allowDeletion(srAclAllowDeletion)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin)
.build());
var writeOrders = new SchemaRegistryAcl("writeOrders", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.resourceType("SUBJECT")
.resourceName("orders-value")
.patternType("LITERAL")
.host("*")
.operation("WRITE")
.permission("ALLOW")
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin)
.build());
var developerAssignment = new RoleAssignment("developerAssignment", RoleAssignmentArgs.builder()
.roleName(developer.name())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.clusterApiUrl(testCluster.clusterApiUrl())
.build(), CustomResourceOptions.builder()
.dependsOn(testUser)
.build());
ctx.export("userSchemaInfo", Map.ofEntries(
Map.entry("id", userSchema.schemaId()),
Map.entry("subject", userSchema.subject()),
Map.entry("version", userSchema.version()),
Map.entry("type", userSchema.schemaType())
));
ctx.export("userEventSchemaInfo", Map.ofEntries(
Map.entry("id", userEventSchema.schemaId()),
Map.entry("subject", userEventSchema.subject()),
Map.entry("version", userEventSchema.version()),
Map.entry("type", userEventSchema.schemaType()),
Map.entry("references", userEventSchema.references())
));
ctx.export("productSchemaInfo", Map.ofEntries(
Map.entry("id", productSchema.schemaId()),
Map.entry("subject", productSchema.subject()),
Map.entry("version", productSchema.version()),
Map.entry("type", productSchema.schemaType()),
Map.entry("compatibility", productSchema.compatibility())
));
}
}
Example coming soon!
Example coming soon!
On GCP
import * as pulumi from "@pulumi/pulumi";
import * as redpanda from "@pulumi/redpanda";
const test = new redpanda.ResourceGroup("test", {name: resourceGroupName});
const testNetwork = new redpanda.Network("test", {
name: networkName,
resourceGroupId: test.id,
cloudProvider: cloudProvider,
region: region,
clusterType: "dedicated",
cidrBlock: "10.0.0.0/20",
timeouts: {
create: "20m",
"delete": "20m",
},
});
const testCluster = new redpanda.Cluster("test", {
name: clusterName,
resourceGroupId: test.id,
networkId: testNetwork.id,
cloudProvider: cloudProvider,
region: region,
clusterType: "dedicated",
connectionType: "public",
throughputTier: throughputTier,
zones: zones,
allowDeletion: clusterAllowDeletion,
clusterConfiguration: {
customPropertiesJson: JSON.stringify({
enable_shadow_linking: clusterEnableShadowLinking,
schema_registry_enable_authorization: true,
}),
},
maintenanceWindowConfig: {
dayHour: {
dayOfWeek: maintenanceDayOfWeek,
hourOfDay: maintenanceHourOfDay,
},
},
tags: clusterTags,
timeouts: {
create: "90m",
},
});
const testUser = new redpanda.User("test", {
name: userName,
password: userPw,
mechanism: mechanism,
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: userAllowDeletion,
});
const testTopic = new redpanda.Topic("test", {
name: topicName,
partitionCount: partitionCount,
replicationFactor: replicationFactor,
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: true,
configuration: topicConfiguration != null ? topicConfiguration : {
"cleanup.policy": "delete",
"retention.ms": topicRetentionMs,
},
}, {
dependsOn: [testUser],
});
// Bootstrap SR ACL grants for the provider's own Bearer-token principal.
// SUBJECT grant authorizes POST /subjects/<subj>/versions; REGISTRY grant
// authorizes the franz-go follow-up GET /schemas/ids/<id>/versions.
const providerBootstrapSubject = new redpanda.SchemaRegistryAcl("provider_bootstrap_subject", {
clusterId: testCluster.id,
principal: "User:*",
resourceType: "SUBJECT",
resourceName: topicName,
patternType: "PREFIXED",
host: "*",
operation: "ALL",
permission: "ALLOW",
allowDeletion: true,
});
const providerBootstrapRegistry = new redpanda.SchemaRegistryAcl("provider_bootstrap_registry", {
clusterId: testCluster.id,
principal: "User:*",
resourceType: "REGISTRY",
resourceName: "*",
patternType: "LITERAL",
host: "*",
operation: "ALL",
permission: "ALLOW",
allowDeletion: true,
});
const clusterAdmin = new redpanda.Acl("cluster_admin", {
resourceType: "CLUSTER",
resourceName: "kafka-cluster",
resourcePatternType: "LITERAL",
principal: pulumi.interpolate`User:${testUser.name}`,
host: "*",
operation: "ALL",
permissionType: "ALLOW",
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: aclAllowDeletion,
});
const schemaRegistryAdmin = new redpanda.Acl("schema_registry_admin", {
resourceType: "CLUSTER",
resourceName: "kafka-cluster",
resourcePatternType: "LITERAL",
principal: pulumi.interpolate`User:${testUser.name}`,
host: "*",
operation: "ALTER",
permissionType: "ALLOW",
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: aclAllowDeletion,
});
const clusterAction = new redpanda.Acl("cluster_action", {
resourceType: "CLUSTER",
resourceName: "kafka-cluster",
resourcePatternType: "LITERAL",
principal: pulumi.interpolate`User:${testUser.name}`,
host: "*",
operation: "CLUSTER_ACTION",
permissionType: "ALLOW",
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: aclAllowDeletion,
});
const topicAccess = new redpanda.Acl("topic_access", {
resourceType: "TOPIC",
resourceName: testTopic.name,
resourcePatternType: "LITERAL",
principal: pulumi.interpolate`User:${testUser.name}`,
host: "*",
operation: "ALL",
permissionType: "ALLOW",
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: aclAllowDeletion,
});
const allTestTopic = new redpanda.SchemaRegistryAcl("all_test_topic", {
clusterId: testCluster.id,
principal: pulumi.interpolate`User:${testUser.name}`,
resourceType: "SUBJECT",
resourceName: `${topicName}-`,
patternType: "PREFIXED",
host: "*",
operation: "ALL",
permission: "ALLOW",
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
],
});
const describeRegistry = new redpanda.SchemaRegistryAcl("describe_registry", {
clusterId: testCluster.id,
principal: pulumi.interpolate`User:${testUser.name}`,
resourceType: "REGISTRY",
resourceName: "*",
patternType: "LITERAL",
host: "*",
operation: "DESCRIBE",
permission: "ALLOW",
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
],
});
const alterConfigsRegistry = new redpanda.SchemaRegistryAcl("alter_configs_registry", {
clusterId: testCluster.id,
principal: pulumi.interpolate`User:${testUser.name}`,
resourceType: "REGISTRY",
resourceName: "*",
patternType: "LITERAL",
host: "*",
operation: "ALTER_CONFIGS",
permission: "ALLOW",
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
],
});
const readRegistry = new redpanda.SchemaRegistryAcl("read_registry", {
clusterId: testCluster.id,
principal: pulumi.interpolate`User:${testUser.name}`,
resourceType: "REGISTRY",
resourceName: "*",
patternType: "LITERAL",
host: "*",
operation: "READ",
permission: "ALLOW",
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
],
});
const writeRegistry = new redpanda.SchemaRegistryAcl("write_registry", {
clusterId: testCluster.id,
principal: pulumi.interpolate`User:${testUser.name}`,
resourceType: "REGISTRY",
resourceName: "*",
patternType: "LITERAL",
host: "*",
operation: "WRITE",
permission: "ALLOW",
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
],
});
const userSchema = new redpanda.Schema("user_schema", {
clusterId: testCluster.id,
subject: `${topicName}-value`,
schemaType: schemaType,
schema: userSchemaDefinition,
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
],
});
const userEventSchema = new redpanda.Schema("user_event_schema", {
clusterId: testCluster.id,
subject: `${topicName}-events-value`,
schemaType: schemaType,
schema: userEventSchemaDefinition,
allowDeletion: true,
references: [{
name: "User",
subject: userSchema.subject,
version: userSchema.version,
}],
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
],
});
const productSchema = new redpanda.Schema("product_schema", {
clusterId: testCluster.id,
subject: `${topicName}-product-value`,
schemaType: schemaType,
schema: productSchemaDefinition,
compatibility: compatibilityLevel,
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
],
});
const developer = new redpanda.Role("developer", {
name: roleName,
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: roleAllowDeletion,
});
const roleTopicRead = new redpanda.Acl("role_topic_read", {
resourceType: "TOPIC",
resourceName: testTopic.name,
resourcePatternType: "LITERAL",
principal: pulumi.interpolate`RedpandaRole:${developer.name}`,
host: "*",
operation: "READ",
permissionType: "ALLOW",
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: aclAllowDeletion,
});
const readProduct = new redpanda.SchemaRegistryAcl("read_product", {
clusterId: testCluster.id,
principal: pulumi.interpolate`User:${testUser.name}`,
resourceType: "SUBJECT",
resourceName: "product-",
patternType: "PREFIXED",
host: "*",
operation: "READ",
permission: "ALLOW",
allowDeletion: srAclAllowDeletion,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
],
});
const writeOrders = new redpanda.SchemaRegistryAcl("write_orders", {
clusterId: testCluster.id,
principal: pulumi.interpolate`User:${testUser.name}`,
resourceType: "SUBJECT",
resourceName: "orders-value",
patternType: "LITERAL",
host: "*",
operation: "WRITE",
permission: "ALLOW",
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
],
});
const describeTestTopic = new redpanda.SchemaRegistryAcl("describe_test_topic", {
clusterId: testCluster.id,
principal: pulumi.interpolate`User:${testUser.name}`,
resourceType: "SUBJECT",
resourceName: `${topicName}-`,
patternType: "PREFIXED",
host: "*",
operation: "DESCRIBE",
permission: "ALLOW",
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
],
});
const developerAssignment = new redpanda.RoleAssignment("developer_assignment", {
roleName: developer.name,
principal: pulumi.interpolate`User:${testUser.name}`,
clusterApiUrl: testCluster.clusterApiUrl,
}, {
dependsOn: [testUser],
});
export const userSchemaInfo = {
id: userSchema.schemaId,
subject: userSchema.subject,
version: userSchema.version,
type: userSchema.schemaType,
};
export const userEventSchemaInfo = {
id: userEventSchema.schemaId,
subject: userEventSchema.subject,
version: userEventSchema.version,
type: userEventSchema.schemaType,
references: userEventSchema.references,
};
export const productSchemaInfo = {
id: productSchema.schemaId,
subject: productSchema.subject,
version: productSchema.version,
type: productSchema.schemaType,
compatibility: productSchema.compatibility,
};
import pulumi
import json
import pulumi_redpanda as redpanda
test = redpanda.ResourceGroup("test", name=resource_group_name)
test_network = redpanda.Network("test",
name=network_name,
resource_group_id=test.id,
cloud_provider=cloud_provider,
region=region,
cluster_type="dedicated",
cidr_block="10.0.0.0/20",
timeouts={
"create": "20m",
"delete": "20m",
})
test_cluster = redpanda.Cluster("test",
name=cluster_name,
resource_group_id=test.id,
network_id=test_network.id,
cloud_provider=cloud_provider,
region=region,
cluster_type="dedicated",
connection_type="public",
throughput_tier=throughput_tier,
zones=zones,
allow_deletion=cluster_allow_deletion,
cluster_configuration={
"custom_properties_json": json.dumps({
"enable_shadow_linking": cluster_enable_shadow_linking,
"schema_registry_enable_authorization": True,
}),
},
maintenance_window_config={
"day_hour": {
"day_of_week": maintenance_day_of_week,
"hour_of_day": maintenance_hour_of_day,
},
},
tags=cluster_tags,
timeouts={
"create": "90m",
})
test_user = redpanda.User("test",
name=user_name,
password=user_pw,
mechanism=mechanism,
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=user_allow_deletion)
test_topic = redpanda.Topic("test",
name=topic_name,
partition_count=partition_count,
replication_factor=replication_factor,
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=True,
configuration=topic_configuration if topic_configuration != None else {
"cleanup.policy": "delete",
"retention.ms": topic_retention_ms,
},
opts = pulumi.ResourceOptions(depends_on=[test_user]))
# Bootstrap SR ACL grants for the provider's own Bearer-token principal.
# SUBJECT grant authorizes POST /subjects/<subj>/versions; REGISTRY grant
# authorizes the franz-go follow-up GET /schemas/ids/<id>/versions.
provider_bootstrap_subject = redpanda.SchemaRegistryAcl("provider_bootstrap_subject",
cluster_id=test_cluster.id,
principal="User:*",
resource_type="SUBJECT",
resource_name_=topic_name,
pattern_type="PREFIXED",
host="*",
operation="ALL",
permission="ALLOW",
allow_deletion=True)
provider_bootstrap_registry = redpanda.SchemaRegistryAcl("provider_bootstrap_registry",
cluster_id=test_cluster.id,
principal="User:*",
resource_type="REGISTRY",
resource_name_="*",
pattern_type="LITERAL",
host="*",
operation="ALL",
permission="ALLOW",
allow_deletion=True)
cluster_admin = redpanda.Acl("cluster_admin",
resource_type="CLUSTER",
resource_name_="kafka-cluster",
resource_pattern_type="LITERAL",
principal=test_user.name.apply(lambda name: f"User:{name}"),
host="*",
operation="ALL",
permission_type="ALLOW",
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=acl_allow_deletion)
schema_registry_admin = redpanda.Acl("schema_registry_admin",
resource_type="CLUSTER",
resource_name_="kafka-cluster",
resource_pattern_type="LITERAL",
principal=test_user.name.apply(lambda name: f"User:{name}"),
host="*",
operation="ALTER",
permission_type="ALLOW",
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=acl_allow_deletion)
cluster_action = redpanda.Acl("cluster_action",
resource_type="CLUSTER",
resource_name_="kafka-cluster",
resource_pattern_type="LITERAL",
principal=test_user.name.apply(lambda name: f"User:{name}"),
host="*",
operation="CLUSTER_ACTION",
permission_type="ALLOW",
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=acl_allow_deletion)
topic_access = redpanda.Acl("topic_access",
resource_type="TOPIC",
resource_name_=test_topic.name,
resource_pattern_type="LITERAL",
principal=test_user.name.apply(lambda name: f"User:{name}"),
host="*",
operation="ALL",
permission_type="ALLOW",
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=acl_allow_deletion)
all_test_topic = redpanda.SchemaRegistryAcl("all_test_topic",
cluster_id=test_cluster.id,
principal=test_user.name.apply(lambda name: f"User:{name}"),
resource_type="SUBJECT",
resource_name_=f"{topic_name}-",
pattern_type="PREFIXED",
host="*",
operation="ALL",
permission="ALLOW",
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
]))
describe_registry = redpanda.SchemaRegistryAcl("describe_registry",
cluster_id=test_cluster.id,
principal=test_user.name.apply(lambda name: f"User:{name}"),
resource_type="REGISTRY",
resource_name_="*",
pattern_type="LITERAL",
host="*",
operation="DESCRIBE",
permission="ALLOW",
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
]))
alter_configs_registry = redpanda.SchemaRegistryAcl("alter_configs_registry",
cluster_id=test_cluster.id,
principal=test_user.name.apply(lambda name: f"User:{name}"),
resource_type="REGISTRY",
resource_name_="*",
pattern_type="LITERAL",
host="*",
operation="ALTER_CONFIGS",
permission="ALLOW",
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
]))
read_registry = redpanda.SchemaRegistryAcl("read_registry",
cluster_id=test_cluster.id,
principal=test_user.name.apply(lambda name: f"User:{name}"),
resource_type="REGISTRY",
resource_name_="*",
pattern_type="LITERAL",
host="*",
operation="READ",
permission="ALLOW",
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
]))
write_registry = redpanda.SchemaRegistryAcl("write_registry",
cluster_id=test_cluster.id,
principal=test_user.name.apply(lambda name: f"User:{name}"),
resource_type="REGISTRY",
resource_name_="*",
pattern_type="LITERAL",
host="*",
operation="WRITE",
permission="ALLOW",
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
]))
user_schema = redpanda.Schema("user_schema",
cluster_id=test_cluster.id,
subject=f"{topic_name}-value",
schema_type=schema_type,
schema=user_schema_definition,
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
cluster_action,
topic_access,
provider_bootstrap_subject,
provider_bootstrap_registry,
all_test_topic,
describe_registry,
alter_configs_registry,
read_registry,
write_registry,
]))
user_event_schema = redpanda.Schema("user_event_schema",
cluster_id=test_cluster.id,
subject=f"{topic_name}-events-value",
schema_type=schema_type,
schema=user_event_schema_definition,
allow_deletion=True,
references=[{
"name": "User",
"subject": user_schema.subject,
"version": user_schema.version,
}],
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
cluster_action,
topic_access,
provider_bootstrap_subject,
provider_bootstrap_registry,
all_test_topic,
describe_registry,
alter_configs_registry,
read_registry,
write_registry,
]))
product_schema = redpanda.Schema("product_schema",
cluster_id=test_cluster.id,
subject=f"{topic_name}-product-value",
schema_type=schema_type,
schema=product_schema_definition,
compatibility=compatibility_level,
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
cluster_action,
topic_access,
provider_bootstrap_subject,
provider_bootstrap_registry,
all_test_topic,
describe_registry,
alter_configs_registry,
read_registry,
write_registry,
]))
developer = redpanda.Role("developer",
name=role_name,
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=role_allow_deletion)
role_topic_read = redpanda.Acl("role_topic_read",
resource_type="TOPIC",
resource_name_=test_topic.name,
resource_pattern_type="LITERAL",
principal=developer.name.apply(lambda name: f"RedpandaRole:{name}"),
host="*",
operation="READ",
permission_type="ALLOW",
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=acl_allow_deletion)
read_product = redpanda.SchemaRegistryAcl("read_product",
cluster_id=test_cluster.id,
principal=test_user.name.apply(lambda name: f"User:{name}"),
resource_type="SUBJECT",
resource_name_="product-",
pattern_type="PREFIXED",
host="*",
operation="READ",
permission="ALLOW",
allow_deletion=sr_acl_allow_deletion,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
]))
write_orders = redpanda.SchemaRegistryAcl("write_orders",
cluster_id=test_cluster.id,
principal=test_user.name.apply(lambda name: f"User:{name}"),
resource_type="SUBJECT",
resource_name_="orders-value",
pattern_type="LITERAL",
host="*",
operation="WRITE",
permission="ALLOW",
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
]))
describe_test_topic = redpanda.SchemaRegistryAcl("describe_test_topic",
cluster_id=test_cluster.id,
principal=test_user.name.apply(lambda name: f"User:{name}"),
resource_type="SUBJECT",
resource_name_=f"{topic_name}-",
pattern_type="PREFIXED",
host="*",
operation="DESCRIBE",
permission="ALLOW",
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
]))
developer_assignment = redpanda.RoleAssignment("developer_assignment",
role_name=developer.name,
principal=test_user.name.apply(lambda name: f"User:{name}"),
cluster_api_url=test_cluster.cluster_api_url,
opts = pulumi.ResourceOptions(depends_on=[test_user]))
pulumi.export("userSchemaInfo", {
"id": user_schema.schema_id,
"subject": user_schema.subject,
"version": user_schema.version,
"type": user_schema.schema_type,
})
pulumi.export("userEventSchemaInfo", {
"id": user_event_schema.schema_id,
"subject": user_event_schema.subject,
"version": user_event_schema.version,
"type": user_event_schema.schema_type,
"references": user_event_schema.references,
})
pulumi.export("productSchemaInfo", {
"id": product_schema.schema_id,
"subject": product_schema.subject,
"version": product_schema.version,
"type": product_schema.schema_type,
"compatibility": product_schema.compatibility,
})
package main
import (
"encoding/json"
"fmt"
"github.com/pulumi/pulumi-terraform-provider/sdks/go/redpanda/v2/redpanda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
test, err := redpanda.NewResourceGroup(ctx, "test", &redpanda.ResourceGroupArgs{
Name: pulumi.Any(resourceGroupName),
})
if err != nil {
return err
}
testNetwork, err := redpanda.NewNetwork(ctx, "test", &redpanda.NetworkArgs{
Name: pulumi.Any(networkName),
ResourceGroupId: test.ID(),
CloudProvider: pulumi.Any(cloudProvider),
Region: pulumi.Any(region),
ClusterType: pulumi.String("dedicated"),
CidrBlock: pulumi.String("10.0.0.0/20"),
Timeouts: &redpanda.NetworkTimeoutsArgs{
Create: pulumi.String("20m"),
Delete: pulumi.String("20m"),
},
})
if err != nil {
return err
}
tmpJSON0, err := json.Marshal(map[string]interface{}{
"enable_shadow_linking": clusterEnableShadowLinking,
"schema_registry_enable_authorization": true,
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
testCluster, err := redpanda.NewCluster(ctx, "test", &redpanda.ClusterArgs{
Name: pulumi.Any(clusterName),
ResourceGroupId: test.ID(),
NetworkId: testNetwork.ID(),
CloudProvider: pulumi.Any(cloudProvider),
Region: pulumi.Any(region),
ClusterType: pulumi.String("dedicated"),
ConnectionType: pulumi.String("public"),
ThroughputTier: pulumi.Any(throughputTier),
Zones: pulumi.Any(zones),
AllowDeletion: pulumi.Any(clusterAllowDeletion),
ClusterConfiguration: &redpanda.ClusterClusterConfigurationArgs{
CustomPropertiesJson: pulumi.String(json0),
},
MaintenanceWindowConfig: &redpanda.ClusterMaintenanceWindowConfigArgs{
DayHour: &redpanda.ClusterMaintenanceWindowConfigDayHourArgs{
DayOfWeek: pulumi.Any(maintenanceDayOfWeek),
HourOfDay: pulumi.Any(maintenanceHourOfDay),
},
},
Tags: pulumi.Any(clusterTags),
Timeouts: &redpanda.ClusterTimeoutsArgs{
Create: pulumi.String("90m"),
},
})
if err != nil {
return err
}
testUser, err := redpanda.NewUser(ctx, "test", &redpanda.UserArgs{
Name: pulumi.Any(userName),
Password: pulumi.Any(userPw),
Mechanism: pulumi.Any(mechanism),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(userAllowDeletion),
})
if err != nil {
return err
}
var tmp0 pulumi.StringMap
if topicConfiguration != nil {
tmp0 = pulumi.Any(topicConfiguration)
} else {
tmp0 = pulumi.StringMap{
"cleanup.policy": pulumi.String("delete"),
"retention.ms": pulumi.Any(topicRetentionMs),
}
}
testTopic, err := redpanda.NewTopic(ctx, "test", &redpanda.TopicArgs{
Name: pulumi.Any(topicName),
PartitionCount: pulumi.Any(partitionCount),
ReplicationFactor: pulumi.Any(replicationFactor),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Bool(true),
Configuration: pulumi.StringMap(tmp0),
}, pulumi.DependsOn([]pulumi.Resource{
testUser,
}))
if err != nil {
return err
}
// Bootstrap SR ACL grants for the provider's own Bearer-token principal.
// SUBJECT grant authorizes POST /subjects/<subj>/versions; REGISTRY grant
// authorizes the franz-go follow-up GET /schemas/ids/<id>/versions.
providerBootstrapSubject, err := redpanda.NewSchemaRegistryAcl(ctx, "provider_bootstrap_subject", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: pulumi.String("User:*"),
ResourceType: pulumi.String("SUBJECT"),
ResourceName: pulumi.Any(topicName),
PatternType: pulumi.String("PREFIXED"),
Host: pulumi.String("*"),
Operation: pulumi.String("ALL"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
})
if err != nil {
return err
}
providerBootstrapRegistry, err := redpanda.NewSchemaRegistryAcl(ctx, "provider_bootstrap_registry", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: pulumi.String("User:*"),
ResourceType: pulumi.String("REGISTRY"),
ResourceName: pulumi.String("*"),
PatternType: pulumi.String("LITERAL"),
Host: pulumi.String("*"),
Operation: pulumi.String("ALL"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
})
if err != nil {
return err
}
clusterAdmin, err := redpanda.NewAcl(ctx, "cluster_admin", &redpanda.AclArgs{
ResourceType: pulumi.String("CLUSTER"),
ResourceName: pulumi.String("kafka-cluster"),
ResourcePatternType: pulumi.String("LITERAL"),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
Host: pulumi.String("*"),
Operation: pulumi.String("ALL"),
PermissionType: pulumi.String("ALLOW"),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(aclAllowDeletion),
})
if err != nil {
return err
}
schemaRegistryAdmin, err := redpanda.NewAcl(ctx, "schema_registry_admin", &redpanda.AclArgs{
ResourceType: pulumi.String("CLUSTER"),
ResourceName: pulumi.String("kafka-cluster"),
ResourcePatternType: pulumi.String("LITERAL"),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
Host: pulumi.String("*"),
Operation: pulumi.String("ALTER"),
PermissionType: pulumi.String("ALLOW"),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(aclAllowDeletion),
})
if err != nil {
return err
}
clusterAction, err := redpanda.NewAcl(ctx, "cluster_action", &redpanda.AclArgs{
ResourceType: pulumi.String("CLUSTER"),
ResourceName: pulumi.String("kafka-cluster"),
ResourcePatternType: pulumi.String("LITERAL"),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
Host: pulumi.String("*"),
Operation: pulumi.String("CLUSTER_ACTION"),
PermissionType: pulumi.String("ALLOW"),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(aclAllowDeletion),
})
if err != nil {
return err
}
topicAccess, err := redpanda.NewAcl(ctx, "topic_access", &redpanda.AclArgs{
ResourceType: pulumi.String("TOPIC"),
ResourceName: testTopic.Name,
ResourcePatternType: pulumi.String("LITERAL"),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
Host: pulumi.String("*"),
Operation: pulumi.String("ALL"),
PermissionType: pulumi.String("ALLOW"),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(aclAllowDeletion),
})
if err != nil {
return err
}
allTestTopic, err := redpanda.NewSchemaRegistryAcl(ctx, "all_test_topic", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ResourceType: pulumi.String("SUBJECT"),
ResourceName: pulumi.Sprintf("%v-", topicName),
PatternType: pulumi.String("PREFIXED"),
Host: pulumi.String("*"),
Operation: pulumi.String("ALL"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
}))
if err != nil {
return err
}
describeRegistry, err := redpanda.NewSchemaRegistryAcl(ctx, "describe_registry", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ResourceType: pulumi.String("REGISTRY"),
ResourceName: pulumi.String("*"),
PatternType: pulumi.String("LITERAL"),
Host: pulumi.String("*"),
Operation: pulumi.String("DESCRIBE"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
}))
if err != nil {
return err
}
alterConfigsRegistry, err := redpanda.NewSchemaRegistryAcl(ctx, "alter_configs_registry", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ResourceType: pulumi.String("REGISTRY"),
ResourceName: pulumi.String("*"),
PatternType: pulumi.String("LITERAL"),
Host: pulumi.String("*"),
Operation: pulumi.String("ALTER_CONFIGS"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
}))
if err != nil {
return err
}
readRegistry, err := redpanda.NewSchemaRegistryAcl(ctx, "read_registry", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ResourceType: pulumi.String("REGISTRY"),
ResourceName: pulumi.String("*"),
PatternType: pulumi.String("LITERAL"),
Host: pulumi.String("*"),
Operation: pulumi.String("READ"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
}))
if err != nil {
return err
}
writeRegistry, err := redpanda.NewSchemaRegistryAcl(ctx, "write_registry", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ResourceType: pulumi.String("REGISTRY"),
ResourceName: pulumi.String("*"),
PatternType: pulumi.String("LITERAL"),
Host: pulumi.String("*"),
Operation: pulumi.String("WRITE"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
}))
if err != nil {
return err
}
userSchema, err := redpanda.NewSchema(ctx, "user_schema", &redpanda.SchemaArgs{
ClusterId: testCluster.ID(),
Subject: pulumi.Sprintf("%v-value", topicName),
SchemaType: pulumi.Any(schemaType),
Schema: pulumi.Any(userSchemaDefinition),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
}))
if err != nil {
return err
}
userEventSchema, err := redpanda.NewSchema(ctx, "user_event_schema", &redpanda.SchemaArgs{
ClusterId: testCluster.ID(),
Subject: pulumi.Sprintf("%v-events-value", topicName),
SchemaType: pulumi.Any(schemaType),
Schema: pulumi.Any(userEventSchemaDefinition),
AllowDeletion: pulumi.Bool(true),
References: redpanda.SchemaReferenceArray{
&redpanda.SchemaReferenceArgs{
Name: pulumi.String("User"),
Subject: userSchema.Subject,
Version: userSchema.Version,
},
},
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
}))
if err != nil {
return err
}
productSchema, err := redpanda.NewSchema(ctx, "product_schema", &redpanda.SchemaArgs{
ClusterId: testCluster.ID(),
Subject: pulumi.Sprintf("%v-product-value", topicName),
SchemaType: pulumi.Any(schemaType),
Schema: pulumi.Any(productSchemaDefinition),
Compatibility: pulumi.Any(compatibilityLevel),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
}))
if err != nil {
return err
}
developer, err := redpanda.NewRole(ctx, "developer", &redpanda.RoleArgs{
Name: pulumi.Any(roleName),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(roleAllowDeletion),
})
if err != nil {
return err
}
_, err = redpanda.NewAcl(ctx, "role_topic_read", &redpanda.AclArgs{
ResourceType: pulumi.String("TOPIC"),
ResourceName: testTopic.Name,
ResourcePatternType: pulumi.String("LITERAL"),
Principal: developer.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("RedpandaRole:%v", name), nil
}).(pulumi.StringOutput),
Host: pulumi.String("*"),
Operation: pulumi.String("READ"),
PermissionType: pulumi.String("ALLOW"),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(aclAllowDeletion),
})
if err != nil {
return err
}
_, err = redpanda.NewSchemaRegistryAcl(ctx, "read_product", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ResourceType: pulumi.String("SUBJECT"),
ResourceName: pulumi.String("product-"),
PatternType: pulumi.String("PREFIXED"),
Host: pulumi.String("*"),
Operation: pulumi.String("READ"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Any(srAclAllowDeletion),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
}))
if err != nil {
return err
}
_, err = redpanda.NewSchemaRegistryAcl(ctx, "write_orders", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ResourceType: pulumi.String("SUBJECT"),
ResourceName: pulumi.String("orders-value"),
PatternType: pulumi.String("LITERAL"),
Host: pulumi.String("*"),
Operation: pulumi.String("WRITE"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
}))
if err != nil {
return err
}
_, err = redpanda.NewSchemaRegistryAcl(ctx, "describe_test_topic", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ResourceType: pulumi.String("SUBJECT"),
ResourceName: pulumi.Sprintf("%v-", topicName),
PatternType: pulumi.String("PREFIXED"),
Host: pulumi.String("*"),
Operation: pulumi.String("DESCRIBE"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
}))
if err != nil {
return err
}
_, err = redpanda.NewRoleAssignment(ctx, "developer_assignment", &redpanda.RoleAssignmentArgs{
RoleName: developer.Name,
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ClusterApiUrl: testCluster.ClusterApiUrl,
}, pulumi.DependsOn([]pulumi.Resource{
testUser,
}))
if err != nil {
return err
}
ctx.Export("userSchemaInfo", pulumi.Map{
"id": userSchema.SchemaId,
"subject": userSchema.Subject,
"version": userSchema.Version,
"type": userSchema.SchemaType,
})
ctx.Export("userEventSchemaInfo", pulumi.Map{
"id": userEventSchema.SchemaId,
"subject": userEventSchema.Subject,
"version": userEventSchema.Version,
"type": userEventSchema.SchemaType,
"references": userEventSchema.References,
})
ctx.Export("productSchemaInfo", pulumi.Map{
"id": productSchema.SchemaId,
"subject": productSchema.Subject,
"version": productSchema.Version,
"type": productSchema.SchemaType,
"compatibility": productSchema.Compatibility,
})
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Redpanda = Pulumi.Redpanda;
return await Deployment.RunAsync(() =>
{
var test = new Redpanda.ResourceGroup("test", new()
{
Name = resourceGroupName,
});
var testNetwork = new Redpanda.Network("test", new()
{
Name = networkName,
ResourceGroupId = test.Id,
CloudProvider = cloudProvider,
Region = region,
ClusterType = "dedicated",
CidrBlock = "10.0.0.0/20",
Timeouts = new Redpanda.Inputs.NetworkTimeoutsArgs
{
Create = "20m",
Delete = "20m",
},
});
var testCluster = new Redpanda.Cluster("test", new()
{
Name = clusterName,
ResourceGroupId = test.Id,
NetworkId = testNetwork.Id,
CloudProvider = cloudProvider,
Region = region,
ClusterType = "dedicated",
ConnectionType = "public",
ThroughputTier = throughputTier,
Zones = zones,
AllowDeletion = clusterAllowDeletion,
ClusterConfiguration = new Redpanda.Inputs.ClusterClusterConfigurationArgs
{
CustomPropertiesJson = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["enable_shadow_linking"] = clusterEnableShadowLinking,
["schema_registry_enable_authorization"] = true,
}),
},
MaintenanceWindowConfig = new Redpanda.Inputs.ClusterMaintenanceWindowConfigArgs
{
DayHour = new Redpanda.Inputs.ClusterMaintenanceWindowConfigDayHourArgs
{
DayOfWeek = maintenanceDayOfWeek,
HourOfDay = maintenanceHourOfDay,
},
},
Tags = clusterTags,
Timeouts = new Redpanda.Inputs.ClusterTimeoutsArgs
{
Create = "90m",
},
});
var testUser = new Redpanda.User("test", new()
{
Name = userName,
Password = userPw,
Mechanism = mechanism,
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = userAllowDeletion,
});
var testTopic = new Redpanda.Topic("test", new()
{
Name = topicName,
PartitionCount = partitionCount,
ReplicationFactor = replicationFactor,
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = true,
Configuration = topicConfiguration != null ? topicConfiguration :
{
{ "cleanup.policy", "delete" },
{ "retention.ms", topicRetentionMs },
},
}, new CustomResourceOptions
{
DependsOn =
{
testUser,
},
});
// Bootstrap SR ACL grants for the provider's own Bearer-token principal.
// SUBJECT grant authorizes POST /subjects/<subj>/versions; REGISTRY grant
// authorizes the franz-go follow-up GET /schemas/ids/<id>/versions.
var providerBootstrapSubject = new Redpanda.SchemaRegistryAcl("provider_bootstrap_subject", new()
{
ClusterId = testCluster.Id,
Principal = "User:*",
ResourceType = "SUBJECT",
ResourceName = topicName,
PatternType = "PREFIXED",
Host = "*",
Operation = "ALL",
Permission = "ALLOW",
AllowDeletion = true,
});
var providerBootstrapRegistry = new Redpanda.SchemaRegistryAcl("provider_bootstrap_registry", new()
{
ClusterId = testCluster.Id,
Principal = "User:*",
ResourceType = "REGISTRY",
ResourceName = "*",
PatternType = "LITERAL",
Host = "*",
Operation = "ALL",
Permission = "ALLOW",
AllowDeletion = true,
});
var clusterAdmin = new Redpanda.Acl("cluster_admin", new()
{
ResourceType = "CLUSTER",
ResourceName = "kafka-cluster",
ResourcePatternType = "LITERAL",
Principal = testUser.Name.Apply(name => $"User:{name}"),
Host = "*",
Operation = "ALL",
PermissionType = "ALLOW",
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = aclAllowDeletion,
});
var schemaRegistryAdmin = new Redpanda.Acl("schema_registry_admin", new()
{
ResourceType = "CLUSTER",
ResourceName = "kafka-cluster",
ResourcePatternType = "LITERAL",
Principal = testUser.Name.Apply(name => $"User:{name}"),
Host = "*",
Operation = "ALTER",
PermissionType = "ALLOW",
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = aclAllowDeletion,
});
var clusterAction = new Redpanda.Acl("cluster_action", new()
{
ResourceType = "CLUSTER",
ResourceName = "kafka-cluster",
ResourcePatternType = "LITERAL",
Principal = testUser.Name.Apply(name => $"User:{name}"),
Host = "*",
Operation = "CLUSTER_ACTION",
PermissionType = "ALLOW",
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = aclAllowDeletion,
});
var topicAccess = new Redpanda.Acl("topic_access", new()
{
ResourceType = "TOPIC",
ResourceName = testTopic.Name,
ResourcePatternType = "LITERAL",
Principal = testUser.Name.Apply(name => $"User:{name}"),
Host = "*",
Operation = "ALL",
PermissionType = "ALLOW",
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = aclAllowDeletion,
});
var allTestTopic = new Redpanda.SchemaRegistryAcl("all_test_topic", new()
{
ClusterId = testCluster.Id,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ResourceType = "SUBJECT",
ResourceName = $"{topicName}-",
PatternType = "PREFIXED",
Host = "*",
Operation = "ALL",
Permission = "ALLOW",
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
},
});
var describeRegistry = new Redpanda.SchemaRegistryAcl("describe_registry", new()
{
ClusterId = testCluster.Id,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ResourceType = "REGISTRY",
ResourceName = "*",
PatternType = "LITERAL",
Host = "*",
Operation = "DESCRIBE",
Permission = "ALLOW",
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
},
});
var alterConfigsRegistry = new Redpanda.SchemaRegistryAcl("alter_configs_registry", new()
{
ClusterId = testCluster.Id,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ResourceType = "REGISTRY",
ResourceName = "*",
PatternType = "LITERAL",
Host = "*",
Operation = "ALTER_CONFIGS",
Permission = "ALLOW",
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
},
});
var readRegistry = new Redpanda.SchemaRegistryAcl("read_registry", new()
{
ClusterId = testCluster.Id,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ResourceType = "REGISTRY",
ResourceName = "*",
PatternType = "LITERAL",
Host = "*",
Operation = "READ",
Permission = "ALLOW",
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
},
});
var writeRegistry = new Redpanda.SchemaRegistryAcl("write_registry", new()
{
ClusterId = testCluster.Id,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ResourceType = "REGISTRY",
ResourceName = "*",
PatternType = "LITERAL",
Host = "*",
Operation = "WRITE",
Permission = "ALLOW",
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
},
});
var userSchema = new Redpanda.Schema("user_schema", new()
{
ClusterId = testCluster.Id,
Subject = $"{topicName}-value",
SchemaType = schemaType,
Schema = userSchemaDefinition,
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
},
});
var userEventSchema = new Redpanda.Schema("user_event_schema", new()
{
ClusterId = testCluster.Id,
Subject = $"{topicName}-events-value",
SchemaType = schemaType,
Schema = userEventSchemaDefinition,
AllowDeletion = true,
References = new[]
{
new Redpanda.Inputs.SchemaReferenceArgs
{
Name = "User",
Subject = userSchema.Subject,
Version = userSchema.Version,
},
},
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
},
});
var productSchema = new Redpanda.Schema("product_schema", new()
{
ClusterId = testCluster.Id,
Subject = $"{topicName}-product-value",
SchemaType = schemaType,
Schema = productSchemaDefinition,
Compatibility = compatibilityLevel,
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
},
});
var developer = new Redpanda.Role("developer", new()
{
Name = roleName,
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = roleAllowDeletion,
});
var roleTopicRead = new Redpanda.Acl("role_topic_read", new()
{
ResourceType = "TOPIC",
ResourceName = testTopic.Name,
ResourcePatternType = "LITERAL",
Principal = developer.Name.Apply(name => $"RedpandaRole:{name}"),
Host = "*",
Operation = "READ",
PermissionType = "ALLOW",
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = aclAllowDeletion,
});
var readProduct = new Redpanda.SchemaRegistryAcl("read_product", new()
{
ClusterId = testCluster.Id,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ResourceType = "SUBJECT",
ResourceName = "product-",
PatternType = "PREFIXED",
Host = "*",
Operation = "READ",
Permission = "ALLOW",
AllowDeletion = srAclAllowDeletion,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
},
});
var writeOrders = new Redpanda.SchemaRegistryAcl("write_orders", new()
{
ClusterId = testCluster.Id,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ResourceType = "SUBJECT",
ResourceName = "orders-value",
PatternType = "LITERAL",
Host = "*",
Operation = "WRITE",
Permission = "ALLOW",
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
},
});
var describeTestTopic = new Redpanda.SchemaRegistryAcl("describe_test_topic", new()
{
ClusterId = testCluster.Id,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ResourceType = "SUBJECT",
ResourceName = $"{topicName}-",
PatternType = "PREFIXED",
Host = "*",
Operation = "DESCRIBE",
Permission = "ALLOW",
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
},
});
var developerAssignment = new Redpanda.RoleAssignment("developer_assignment", new()
{
RoleName = developer.Name,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ClusterApiUrl = testCluster.ClusterApiUrl,
}, new CustomResourceOptions
{
DependsOn =
{
testUser,
},
});
return new Dictionary<string, object?>
{
["userSchemaInfo"] =
{
{ "id", userSchema.SchemaId },
{ "subject", userSchema.Subject },
{ "version", userSchema.Version },
{ "type", userSchema.SchemaType },
},
["userEventSchemaInfo"] =
{
{ "id", userEventSchema.SchemaId },
{ "subject", userEventSchema.Subject },
{ "version", userEventSchema.Version },
{ "type", userEventSchema.SchemaType },
{ "references", userEventSchema.References },
},
["productSchemaInfo"] =
{
{ "id", productSchema.SchemaId },
{ "subject", productSchema.Subject },
{ "version", productSchema.Version },
{ "type", productSchema.SchemaType },
{ "compatibility", productSchema.Compatibility },
},
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.redpanda.ResourceGroup;
import com.pulumi.redpanda.ResourceGroupArgs;
import com.pulumi.redpanda.Network;
import com.pulumi.redpanda.NetworkArgs;
import com.pulumi.redpanda.inputs.NetworkTimeoutsArgs;
import com.pulumi.redpanda.Cluster;
import com.pulumi.redpanda.ClusterArgs;
import com.pulumi.redpanda.inputs.ClusterClusterConfigurationArgs;
import com.pulumi.redpanda.inputs.ClusterMaintenanceWindowConfigArgs;
import com.pulumi.redpanda.inputs.ClusterMaintenanceWindowConfigDayHourArgs;
import com.pulumi.redpanda.inputs.ClusterTimeoutsArgs;
import com.pulumi.redpanda.User;
import com.pulumi.redpanda.UserArgs;
import com.pulumi.redpanda.Topic;
import com.pulumi.redpanda.TopicArgs;
import com.pulumi.redpanda.SchemaRegistryAcl;
import com.pulumi.redpanda.SchemaRegistryAclArgs;
import com.pulumi.redpanda.Acl;
import com.pulumi.redpanda.AclArgs;
import com.pulumi.redpanda.Schema;
import com.pulumi.redpanda.SchemaArgs;
import com.pulumi.redpanda.inputs.SchemaReferenceArgs;
import com.pulumi.redpanda.Role;
import com.pulumi.redpanda.RoleArgs;
import com.pulumi.redpanda.RoleAssignment;
import com.pulumi.redpanda.RoleAssignmentArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new ResourceGroup("test", ResourceGroupArgs.builder()
.name(resourceGroupName)
.build());
var testNetwork = new Network("testNetwork", NetworkArgs.builder()
.name(networkName)
.resourceGroupId(test.id())
.cloudProvider(cloudProvider)
.region(region)
.clusterType("dedicated")
.cidrBlock("10.0.0.0/20")
.timeouts(NetworkTimeoutsArgs.builder()
.create("20m")
.delete("20m")
.build())
.build());
var testCluster = new Cluster("testCluster", ClusterArgs.builder()
.name(clusterName)
.resourceGroupId(test.id())
.networkId(testNetwork.id())
.cloudProvider(cloudProvider)
.region(region)
.clusterType("dedicated")
.connectionType("public")
.throughputTier(throughputTier)
.zones(zones)
.allowDeletion(clusterAllowDeletion)
.clusterConfiguration(ClusterClusterConfigurationArgs.builder()
.customPropertiesJson(serializeJson(
jsonObject(
jsonProperty("enable_shadow_linking", clusterEnableShadowLinking),
jsonProperty("schema_registry_enable_authorization", true)
)))
.build())
.maintenanceWindowConfig(ClusterMaintenanceWindowConfigArgs.builder()
.dayHour(ClusterMaintenanceWindowConfigDayHourArgs.builder()
.dayOfWeek(maintenanceDayOfWeek)
.hourOfDay(maintenanceHourOfDay)
.build())
.build())
.tags(clusterTags)
.timeouts(ClusterTimeoutsArgs.builder()
.create("90m")
.build())
.build());
var testUser = new User("testUser", UserArgs.builder()
.name(userName)
.password(userPw)
.mechanism(mechanism)
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(userAllowDeletion)
.build());
var testTopic = new Topic("testTopic", TopicArgs.builder()
.name(topicName)
.partitionCount(partitionCount)
.replicationFactor(replicationFactor)
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(true)
.configuration(topicConfiguration != null ? topicConfiguration : Map.ofEntries(
Map.entry("cleanup.policy", "delete"),
Map.entry("retention.ms", topicRetentionMs)
))
.build(), CustomResourceOptions.builder()
.dependsOn(testUser)
.build());
// Bootstrap SR ACL grants for the provider's own Bearer-token principal.
// SUBJECT grant authorizes POST /subjects/<subj>/versions; REGISTRY grant
// authorizes the franz-go follow-up GET /schemas/ids/<id>/versions.
var providerBootstrapSubject = new SchemaRegistryAcl("providerBootstrapSubject", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal("User:*")
.resourceType("SUBJECT")
.resourceName(topicName)
.patternType("PREFIXED")
.host("*")
.operation("ALL")
.permission("ALLOW")
.allowDeletion(true)
.build());
var providerBootstrapRegistry = new SchemaRegistryAcl("providerBootstrapRegistry", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal("User:*")
.resourceType("REGISTRY")
.resourceName("*")
.patternType("LITERAL")
.host("*")
.operation("ALL")
.permission("ALLOW")
.allowDeletion(true)
.build());
var clusterAdmin = new Acl("clusterAdmin", AclArgs.builder()
.resourceType("CLUSTER")
.resourceName("kafka-cluster")
.resourcePatternType("LITERAL")
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.host("*")
.operation("ALL")
.permissionType("ALLOW")
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(aclAllowDeletion)
.build());
var schemaRegistryAdmin = new Acl("schemaRegistryAdmin", AclArgs.builder()
.resourceType("CLUSTER")
.resourceName("kafka-cluster")
.resourcePatternType("LITERAL")
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.host("*")
.operation("ALTER")
.permissionType("ALLOW")
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(aclAllowDeletion)
.build());
var clusterAction = new Acl("clusterAction", AclArgs.builder()
.resourceType("CLUSTER")
.resourceName("kafka-cluster")
.resourcePatternType("LITERAL")
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.host("*")
.operation("CLUSTER_ACTION")
.permissionType("ALLOW")
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(aclAllowDeletion)
.build());
var topicAccess = new Acl("topicAccess", AclArgs.builder()
.resourceType("TOPIC")
.resourceName(testTopic.name())
.resourcePatternType("LITERAL")
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.host("*")
.operation("ALL")
.permissionType("ALLOW")
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(aclAllowDeletion)
.build());
var allTestTopic = new SchemaRegistryAcl("allTestTopic", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.resourceType("SUBJECT")
.resourceName(String.format("%s-", topicName))
.patternType("PREFIXED")
.host("*")
.operation("ALL")
.permission("ALLOW")
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin)
.build());
var describeRegistry = new SchemaRegistryAcl("describeRegistry", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.resourceType("REGISTRY")
.resourceName("*")
.patternType("LITERAL")
.host("*")
.operation("DESCRIBE")
.permission("ALLOW")
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin)
.build());
var alterConfigsRegistry = new SchemaRegistryAcl("alterConfigsRegistry", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.resourceType("REGISTRY")
.resourceName("*")
.patternType("LITERAL")
.host("*")
.operation("ALTER_CONFIGS")
.permission("ALLOW")
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin)
.build());
var readRegistry = new SchemaRegistryAcl("readRegistry", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.resourceType("REGISTRY")
.resourceName("*")
.patternType("LITERAL")
.host("*")
.operation("READ")
.permission("ALLOW")
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin)
.build());
var writeRegistry = new SchemaRegistryAcl("writeRegistry", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.resourceType("REGISTRY")
.resourceName("*")
.patternType("LITERAL")
.host("*")
.operation("WRITE")
.permission("ALLOW")
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin)
.build());
var userSchema = new Schema("userSchema", SchemaArgs.builder()
.clusterId(testCluster.id())
.subject(String.format("%s-value", topicName))
.schemaType(schemaType)
.schema(userSchemaDefinition)
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry)
.build());
var userEventSchema = new Schema("userEventSchema", SchemaArgs.builder()
.clusterId(testCluster.id())
.subject(String.format("%s-events-value", topicName))
.schemaType(schemaType)
.schema(userEventSchemaDefinition)
.allowDeletion(true)
.references(SchemaReferenceArgs.builder()
.name("User")
.subject(userSchema.subject())
.version(userSchema.version())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry)
.build());
var productSchema = new Schema("productSchema", SchemaArgs.builder()
.clusterId(testCluster.id())
.subject(String.format("%s-product-value", topicName))
.schemaType(schemaType)
.schema(productSchemaDefinition)
.compatibility(compatibilityLevel)
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry)
.build());
var developer = new Role("developer", RoleArgs.builder()
.name(roleName)
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(roleAllowDeletion)
.build());
var roleTopicRead = new Acl("roleTopicRead", AclArgs.builder()
.resourceType("TOPIC")
.resourceName(testTopic.name())
.resourcePatternType("LITERAL")
.principal(developer.name().applyValue(_name -> String.format("RedpandaRole:%s", _name)))
.host("*")
.operation("READ")
.permissionType("ALLOW")
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(aclAllowDeletion)
.build());
var readProduct = new SchemaRegistryAcl("readProduct", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.resourceType("SUBJECT")
.resourceName("product-")
.patternType("PREFIXED")
.host("*")
.operation("READ")
.permission("ALLOW")
.allowDeletion(srAclAllowDeletion)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin)
.build());
var writeOrders = new SchemaRegistryAcl("writeOrders", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.resourceType("SUBJECT")
.resourceName("orders-value")
.patternType("LITERAL")
.host("*")
.operation("WRITE")
.permission("ALLOW")
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin)
.build());
var describeTestTopic = new SchemaRegistryAcl("describeTestTopic", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.resourceType("SUBJECT")
.resourceName(String.format("%s-", topicName))
.patternType("PREFIXED")
.host("*")
.operation("DESCRIBE")
.permission("ALLOW")
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin)
.build());
var developerAssignment = new RoleAssignment("developerAssignment", RoleAssignmentArgs.builder()
.roleName(developer.name())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.clusterApiUrl(testCluster.clusterApiUrl())
.build(), CustomResourceOptions.builder()
.dependsOn(testUser)
.build());
ctx.export("userSchemaInfo", Map.ofEntries(
Map.entry("id", userSchema.schemaId()),
Map.entry("subject", userSchema.subject()),
Map.entry("version", userSchema.version()),
Map.entry("type", userSchema.schemaType())
));
ctx.export("userEventSchemaInfo", Map.ofEntries(
Map.entry("id", userEventSchema.schemaId()),
Map.entry("subject", userEventSchema.subject()),
Map.entry("version", userEventSchema.version()),
Map.entry("type", userEventSchema.schemaType()),
Map.entry("references", userEventSchema.references())
));
ctx.export("productSchemaInfo", Map.ofEntries(
Map.entry("id", productSchema.schemaId()),
Map.entry("subject", productSchema.subject()),
Map.entry("version", productSchema.version()),
Map.entry("type", productSchema.schemaType()),
Map.entry("compatibility", productSchema.compatibility())
));
}
}
Example coming soon!
Example coming soon!
On Azure
import * as pulumi from "@pulumi/pulumi";
import * as redpanda from "@pulumi/redpanda";
const test = new redpanda.ResourceGroup("test", {name: resourceGroupName});
const testNetwork = new redpanda.Network("test", {
name: networkName,
resourceGroupId: test.id,
cloudProvider: cloudProvider,
region: region,
clusterType: "dedicated",
cidrBlock: "10.0.0.0/20",
timeouts: {
create: "20m",
"delete": "20m",
},
});
const testCluster = new redpanda.Cluster("test", {
name: clusterName,
resourceGroupId: test.id,
networkId: testNetwork.id,
cloudProvider: cloudProvider,
region: region,
clusterType: "dedicated",
connectionType: "public",
throughputTier: throughputTier,
zones: zones,
allowDeletion: clusterAllowDeletion,
clusterConfiguration: {
customPropertiesJson: JSON.stringify({
"auto.create.topics.enable": false,
schema_registry_enable_authorization: true,
}),
},
tags: clusterTags,
timeouts: {
create: "90m",
},
});
const testUser = new redpanda.User("test", {
name: userName,
password: userPw,
mechanism: mechanism,
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: userAllowDeletion,
});
const testTopic = new redpanda.Topic("test", {
name: topicName,
partitionCount: partitionCount,
replicationFactor: replicationFactor,
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: true,
configuration: {
"cleanup.policy": "delete",
"retention.ms": topicRetentionMs,
},
});
// Bootstrap SR ACL grants for the provider's own Bearer-token principal.
// SUBJECT grant authorizes POST /subjects/<subj>/versions; REGISTRY grant
// authorizes the franz-go follow-up GET /schemas/ids/<id>/versions.
const providerBootstrapSubject = new redpanda.SchemaRegistryAcl("provider_bootstrap_subject", {
clusterId: testCluster.id,
principal: "User:*",
resourceType: "SUBJECT",
resourceName: topicName,
patternType: "PREFIXED",
host: "*",
operation: "ALL",
permission: "ALLOW",
allowDeletion: true,
});
const providerBootstrapRegistry = new redpanda.SchemaRegistryAcl("provider_bootstrap_registry", {
clusterId: testCluster.id,
principal: "User:*",
resourceType: "REGISTRY",
resourceName: "*",
patternType: "LITERAL",
host: "*",
operation: "ALL",
permission: "ALLOW",
allowDeletion: true,
});
const clusterAdmin = new redpanda.Acl("cluster_admin", {
resourceType: "CLUSTER",
resourceName: "kafka-cluster",
resourcePatternType: "LITERAL",
principal: pulumi.interpolate`User:${testUser.name}`,
host: "*",
operation: "ALL",
permissionType: "ALLOW",
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: aclAllowDeletion,
});
const schemaRegistryAdmin = new redpanda.Acl("schema_registry_admin", {
resourceType: "CLUSTER",
resourceName: "kafka-cluster",
resourcePatternType: "LITERAL",
principal: pulumi.interpolate`User:${testUser.name}`,
host: "*",
operation: "ALTER",
permissionType: "ALLOW",
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: aclAllowDeletion,
});
const clusterAction = new redpanda.Acl("cluster_action", {
resourceType: "CLUSTER",
resourceName: "kafka-cluster",
resourcePatternType: "LITERAL",
principal: pulumi.interpolate`User:${testUser.name}`,
host: "*",
operation: "CLUSTER_ACTION",
permissionType: "ALLOW",
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: aclAllowDeletion,
});
const topicAccess = new redpanda.Acl("topic_access", {
resourceType: "TOPIC",
resourceName: testTopic.name,
resourcePatternType: "LITERAL",
principal: pulumi.interpolate`User:${testUser.name}`,
host: "*",
operation: "ALL",
permissionType: "ALLOW",
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: aclAllowDeletion,
});
const allTestTopic = new redpanda.SchemaRegistryAcl("all_test_topic", {
clusterId: testCluster.id,
principal: pulumi.interpolate`User:${testUser.name}`,
resourceType: "SUBJECT",
resourceName: `${topicName}-`,
patternType: "PREFIXED",
host: "*",
operation: "ALL",
permission: "ALLOW",
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
],
});
const describeRegistry = new redpanda.SchemaRegistryAcl("describe_registry", {
clusterId: testCluster.id,
principal: pulumi.interpolate`User:${testUser.name}`,
resourceType: "REGISTRY",
resourceName: "*",
patternType: "LITERAL",
host: "*",
operation: "DESCRIBE",
permission: "ALLOW",
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
],
});
const alterConfigsRegistry = new redpanda.SchemaRegistryAcl("alter_configs_registry", {
clusterId: testCluster.id,
principal: pulumi.interpolate`User:${testUser.name}`,
resourceType: "REGISTRY",
resourceName: "*",
patternType: "LITERAL",
host: "*",
operation: "ALTER_CONFIGS",
permission: "ALLOW",
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
],
});
const readRegistry = new redpanda.SchemaRegistryAcl("read_registry", {
clusterId: testCluster.id,
principal: pulumi.interpolate`User:${testUser.name}`,
resourceType: "REGISTRY",
resourceName: "*",
patternType: "LITERAL",
host: "*",
operation: "READ",
permission: "ALLOW",
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
],
});
const writeRegistry = new redpanda.SchemaRegistryAcl("write_registry", {
clusterId: testCluster.id,
principal: pulumi.interpolate`User:${testUser.name}`,
resourceType: "REGISTRY",
resourceName: "*",
patternType: "LITERAL",
host: "*",
operation: "WRITE",
permission: "ALLOW",
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
],
});
const userSchema = new redpanda.Schema("user_schema", {
clusterId: testCluster.id,
subject: `${topicName}-value`,
schemaType: schemaType,
schema: userSchemaDefinition,
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
],
});
const userEventSchema = new redpanda.Schema("user_event_schema", {
clusterId: testCluster.id,
subject: `${topicName}-events-value`,
schemaType: schemaType,
schema: userEventSchemaDefinition,
allowDeletion: true,
references: [{
name: "User",
subject: userSchema.subject,
version: userSchema.version,
}],
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
],
});
const productSchema = new redpanda.Schema("product_schema", {
clusterId: testCluster.id,
subject: `${topicName}-product-value`,
schemaType: schemaType,
schema: productSchemaDefinition,
compatibility: compatibilityLevel,
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
],
});
const developer = new redpanda.Role("developer", {
name: roleName,
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: roleAllowDeletion,
});
const roleTopicRead = new redpanda.Acl("role_topic_read", {
resourceType: "TOPIC",
resourceName: testTopic.name,
resourcePatternType: "LITERAL",
principal: pulumi.interpolate`RedpandaRole:${developer.name}`,
host: "*",
operation: "READ",
permissionType: "ALLOW",
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: aclAllowDeletion,
});
const readProduct = new redpanda.SchemaRegistryAcl("read_product", {
clusterId: testCluster.id,
principal: pulumi.interpolate`User:${testUser.name}`,
resourceType: "SUBJECT",
resourceName: "product-",
patternType: "PREFIXED",
host: "*",
operation: "READ",
permission: "ALLOW",
allowDeletion: srAclAllowDeletion,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
],
});
const writeOrders = new redpanda.SchemaRegistryAcl("write_orders", {
clusterId: testCluster.id,
principal: pulumi.interpolate`User:${testUser.name}`,
resourceType: "SUBJECT",
resourceName: "orders-value",
patternType: "LITERAL",
host: "*",
operation: "WRITE",
permission: "ALLOW",
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
],
});
const describeTestTopic = new redpanda.SchemaRegistryAcl("describe_test_topic", {
clusterId: testCluster.id,
principal: pulumi.interpolate`User:${testUser.name}`,
resourceType: "SUBJECT",
resourceName: `${topicName}-`,
patternType: "PREFIXED",
host: "*",
operation: "DESCRIBE",
permission: "ALLOW",
allowDeletion: true,
}, {
dependsOn: [
clusterAdmin,
schemaRegistryAdmin,
],
});
const developerAssignment = new redpanda.RoleAssignment("developer_assignment", {
roleName: developer.name,
principal: pulumi.interpolate`User:${testUser.name}`,
clusterApiUrl: testCluster.clusterApiUrl,
}, {
dependsOn: [testUser],
});
const testPipeline = new redpanda.Pipeline("test", {
clusterApiUrl: testCluster.clusterApiUrl,
displayName: pipelineName,
description: pipelineDescription,
configYaml: pipelineConfigYaml,
state: pipelineState,
allowDeletion: pipelineAllowDeletion,
resources: {
memoryShares: pipelineMemoryShares,
cpuShares: pipelineCpuShares,
},
tags: {
environment: "test",
"managed-by": "terraform",
},
});
export const pipelineInfo = {
id: testPipeline.id,
name: testPipeline.displayName,
state: testPipeline.state,
url: testPipeline.url,
};
export const userSchemaInfo = {
id: userSchema.schemaId,
subject: userSchema.subject,
version: userSchema.version,
type: userSchema.schemaType,
};
export const userEventSchemaInfo = {
id: userEventSchema.schemaId,
subject: userEventSchema.subject,
version: userEventSchema.version,
type: userEventSchema.schemaType,
references: userEventSchema.references,
};
export const productSchemaInfo = {
id: productSchema.schemaId,
subject: productSchema.subject,
version: productSchema.version,
type: productSchema.schemaType,
compatibility: productSchema.compatibility,
};
import pulumi
import json
import pulumi_redpanda as redpanda
test = redpanda.ResourceGroup("test", name=resource_group_name)
test_network = redpanda.Network("test",
name=network_name,
resource_group_id=test.id,
cloud_provider=cloud_provider,
region=region,
cluster_type="dedicated",
cidr_block="10.0.0.0/20",
timeouts={
"create": "20m",
"delete": "20m",
})
test_cluster = redpanda.Cluster("test",
name=cluster_name,
resource_group_id=test.id,
network_id=test_network.id,
cloud_provider=cloud_provider,
region=region,
cluster_type="dedicated",
connection_type="public",
throughput_tier=throughput_tier,
zones=zones,
allow_deletion=cluster_allow_deletion,
cluster_configuration={
"custom_properties_json": json.dumps({
"auto.create.topics.enable": False,
"schema_registry_enable_authorization": True,
}),
},
tags=cluster_tags,
timeouts={
"create": "90m",
})
test_user = redpanda.User("test",
name=user_name,
password=user_pw,
mechanism=mechanism,
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=user_allow_deletion)
test_topic = redpanda.Topic("test",
name=topic_name,
partition_count=partition_count,
replication_factor=replication_factor,
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=True,
configuration={
"cleanup.policy": "delete",
"retention.ms": topic_retention_ms,
})
# Bootstrap SR ACL grants for the provider's own Bearer-token principal.
# SUBJECT grant authorizes POST /subjects/<subj>/versions; REGISTRY grant
# authorizes the franz-go follow-up GET /schemas/ids/<id>/versions.
provider_bootstrap_subject = redpanda.SchemaRegistryAcl("provider_bootstrap_subject",
cluster_id=test_cluster.id,
principal="User:*",
resource_type="SUBJECT",
resource_name_=topic_name,
pattern_type="PREFIXED",
host="*",
operation="ALL",
permission="ALLOW",
allow_deletion=True)
provider_bootstrap_registry = redpanda.SchemaRegistryAcl("provider_bootstrap_registry",
cluster_id=test_cluster.id,
principal="User:*",
resource_type="REGISTRY",
resource_name_="*",
pattern_type="LITERAL",
host="*",
operation="ALL",
permission="ALLOW",
allow_deletion=True)
cluster_admin = redpanda.Acl("cluster_admin",
resource_type="CLUSTER",
resource_name_="kafka-cluster",
resource_pattern_type="LITERAL",
principal=test_user.name.apply(lambda name: f"User:{name}"),
host="*",
operation="ALL",
permission_type="ALLOW",
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=acl_allow_deletion)
schema_registry_admin = redpanda.Acl("schema_registry_admin",
resource_type="CLUSTER",
resource_name_="kafka-cluster",
resource_pattern_type="LITERAL",
principal=test_user.name.apply(lambda name: f"User:{name}"),
host="*",
operation="ALTER",
permission_type="ALLOW",
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=acl_allow_deletion)
cluster_action = redpanda.Acl("cluster_action",
resource_type="CLUSTER",
resource_name_="kafka-cluster",
resource_pattern_type="LITERAL",
principal=test_user.name.apply(lambda name: f"User:{name}"),
host="*",
operation="CLUSTER_ACTION",
permission_type="ALLOW",
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=acl_allow_deletion)
topic_access = redpanda.Acl("topic_access",
resource_type="TOPIC",
resource_name_=test_topic.name,
resource_pattern_type="LITERAL",
principal=test_user.name.apply(lambda name: f"User:{name}"),
host="*",
operation="ALL",
permission_type="ALLOW",
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=acl_allow_deletion)
all_test_topic = redpanda.SchemaRegistryAcl("all_test_topic",
cluster_id=test_cluster.id,
principal=test_user.name.apply(lambda name: f"User:{name}"),
resource_type="SUBJECT",
resource_name_=f"{topic_name}-",
pattern_type="PREFIXED",
host="*",
operation="ALL",
permission="ALLOW",
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
]))
describe_registry = redpanda.SchemaRegistryAcl("describe_registry",
cluster_id=test_cluster.id,
principal=test_user.name.apply(lambda name: f"User:{name}"),
resource_type="REGISTRY",
resource_name_="*",
pattern_type="LITERAL",
host="*",
operation="DESCRIBE",
permission="ALLOW",
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
]))
alter_configs_registry = redpanda.SchemaRegistryAcl("alter_configs_registry",
cluster_id=test_cluster.id,
principal=test_user.name.apply(lambda name: f"User:{name}"),
resource_type="REGISTRY",
resource_name_="*",
pattern_type="LITERAL",
host="*",
operation="ALTER_CONFIGS",
permission="ALLOW",
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
]))
read_registry = redpanda.SchemaRegistryAcl("read_registry",
cluster_id=test_cluster.id,
principal=test_user.name.apply(lambda name: f"User:{name}"),
resource_type="REGISTRY",
resource_name_="*",
pattern_type="LITERAL",
host="*",
operation="READ",
permission="ALLOW",
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
]))
write_registry = redpanda.SchemaRegistryAcl("write_registry",
cluster_id=test_cluster.id,
principal=test_user.name.apply(lambda name: f"User:{name}"),
resource_type="REGISTRY",
resource_name_="*",
pattern_type="LITERAL",
host="*",
operation="WRITE",
permission="ALLOW",
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
]))
user_schema = redpanda.Schema("user_schema",
cluster_id=test_cluster.id,
subject=f"{topic_name}-value",
schema_type=schema_type,
schema=user_schema_definition,
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
cluster_action,
topic_access,
provider_bootstrap_subject,
provider_bootstrap_registry,
all_test_topic,
describe_registry,
alter_configs_registry,
read_registry,
write_registry,
]))
user_event_schema = redpanda.Schema("user_event_schema",
cluster_id=test_cluster.id,
subject=f"{topic_name}-events-value",
schema_type=schema_type,
schema=user_event_schema_definition,
allow_deletion=True,
references=[{
"name": "User",
"subject": user_schema.subject,
"version": user_schema.version,
}],
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
cluster_action,
topic_access,
provider_bootstrap_subject,
provider_bootstrap_registry,
all_test_topic,
describe_registry,
alter_configs_registry,
read_registry,
write_registry,
]))
product_schema = redpanda.Schema("product_schema",
cluster_id=test_cluster.id,
subject=f"{topic_name}-product-value",
schema_type=schema_type,
schema=product_schema_definition,
compatibility=compatibility_level,
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
cluster_action,
topic_access,
provider_bootstrap_subject,
provider_bootstrap_registry,
all_test_topic,
describe_registry,
alter_configs_registry,
read_registry,
write_registry,
]))
developer = redpanda.Role("developer",
name=role_name,
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=role_allow_deletion)
role_topic_read = redpanda.Acl("role_topic_read",
resource_type="TOPIC",
resource_name_=test_topic.name,
resource_pattern_type="LITERAL",
principal=developer.name.apply(lambda name: f"RedpandaRole:{name}"),
host="*",
operation="READ",
permission_type="ALLOW",
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=acl_allow_deletion)
read_product = redpanda.SchemaRegistryAcl("read_product",
cluster_id=test_cluster.id,
principal=test_user.name.apply(lambda name: f"User:{name}"),
resource_type="SUBJECT",
resource_name_="product-",
pattern_type="PREFIXED",
host="*",
operation="READ",
permission="ALLOW",
allow_deletion=sr_acl_allow_deletion,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
]))
write_orders = redpanda.SchemaRegistryAcl("write_orders",
cluster_id=test_cluster.id,
principal=test_user.name.apply(lambda name: f"User:{name}"),
resource_type="SUBJECT",
resource_name_="orders-value",
pattern_type="LITERAL",
host="*",
operation="WRITE",
permission="ALLOW",
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
]))
describe_test_topic = redpanda.SchemaRegistryAcl("describe_test_topic",
cluster_id=test_cluster.id,
principal=test_user.name.apply(lambda name: f"User:{name}"),
resource_type="SUBJECT",
resource_name_=f"{topic_name}-",
pattern_type="PREFIXED",
host="*",
operation="DESCRIBE",
permission="ALLOW",
allow_deletion=True,
opts = pulumi.ResourceOptions(depends_on=[
cluster_admin,
schema_registry_admin,
]))
developer_assignment = redpanda.RoleAssignment("developer_assignment",
role_name=developer.name,
principal=test_user.name.apply(lambda name: f"User:{name}"),
cluster_api_url=test_cluster.cluster_api_url,
opts = pulumi.ResourceOptions(depends_on=[test_user]))
test_pipeline = redpanda.Pipeline("test",
cluster_api_url=test_cluster.cluster_api_url,
display_name=pipeline_name,
description=pipeline_description,
config_yaml=pipeline_config_yaml,
state=pipeline_state,
allow_deletion=pipeline_allow_deletion,
resources={
"memory_shares": pipeline_memory_shares,
"cpu_shares": pipeline_cpu_shares,
},
tags={
"environment": "test",
"managed-by": "terraform",
})
pulumi.export("pipelineInfo", {
"id": test_pipeline.id,
"name": test_pipeline.display_name,
"state": test_pipeline.state,
"url": test_pipeline.url,
})
pulumi.export("userSchemaInfo", {
"id": user_schema.schema_id,
"subject": user_schema.subject,
"version": user_schema.version,
"type": user_schema.schema_type,
})
pulumi.export("userEventSchemaInfo", {
"id": user_event_schema.schema_id,
"subject": user_event_schema.subject,
"version": user_event_schema.version,
"type": user_event_schema.schema_type,
"references": user_event_schema.references,
})
pulumi.export("productSchemaInfo", {
"id": product_schema.schema_id,
"subject": product_schema.subject,
"version": product_schema.version,
"type": product_schema.schema_type,
"compatibility": product_schema.compatibility,
})
package main
import (
"encoding/json"
"fmt"
"github.com/pulumi/pulumi-terraform-provider/sdks/go/redpanda/v2/redpanda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
test, err := redpanda.NewResourceGroup(ctx, "test", &redpanda.ResourceGroupArgs{
Name: pulumi.Any(resourceGroupName),
})
if err != nil {
return err
}
testNetwork, err := redpanda.NewNetwork(ctx, "test", &redpanda.NetworkArgs{
Name: pulumi.Any(networkName),
ResourceGroupId: test.ID(),
CloudProvider: pulumi.Any(cloudProvider),
Region: pulumi.Any(region),
ClusterType: pulumi.String("dedicated"),
CidrBlock: pulumi.String("10.0.0.0/20"),
Timeouts: &redpanda.NetworkTimeoutsArgs{
Create: pulumi.String("20m"),
Delete: pulumi.String("20m"),
},
})
if err != nil {
return err
}
tmpJSON0, err := json.Marshal(map[string]interface{}{
"auto.create.topics.enable": false,
"schema_registry_enable_authorization": true,
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
testCluster, err := redpanda.NewCluster(ctx, "test", &redpanda.ClusterArgs{
Name: pulumi.Any(clusterName),
ResourceGroupId: test.ID(),
NetworkId: testNetwork.ID(),
CloudProvider: pulumi.Any(cloudProvider),
Region: pulumi.Any(region),
ClusterType: pulumi.String("dedicated"),
ConnectionType: pulumi.String("public"),
ThroughputTier: pulumi.Any(throughputTier),
Zones: pulumi.Any(zones),
AllowDeletion: pulumi.Any(clusterAllowDeletion),
ClusterConfiguration: &redpanda.ClusterClusterConfigurationArgs{
CustomPropertiesJson: pulumi.String(json0),
},
Tags: pulumi.Any(clusterTags),
Timeouts: &redpanda.ClusterTimeoutsArgs{
Create: pulumi.String("90m"),
},
})
if err != nil {
return err
}
testUser, err := redpanda.NewUser(ctx, "test", &redpanda.UserArgs{
Name: pulumi.Any(userName),
Password: pulumi.Any(userPw),
Mechanism: pulumi.Any(mechanism),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(userAllowDeletion),
})
if err != nil {
return err
}
testTopic, err := redpanda.NewTopic(ctx, "test", &redpanda.TopicArgs{
Name: pulumi.Any(topicName),
PartitionCount: pulumi.Any(partitionCount),
ReplicationFactor: pulumi.Any(replicationFactor),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Bool(true),
Configuration: pulumi.StringMap{
"cleanup.policy": pulumi.String("delete"),
"retention.ms": pulumi.Any(topicRetentionMs),
},
})
if err != nil {
return err
}
// Bootstrap SR ACL grants for the provider's own Bearer-token principal.
// SUBJECT grant authorizes POST /subjects/<subj>/versions; REGISTRY grant
// authorizes the franz-go follow-up GET /schemas/ids/<id>/versions.
providerBootstrapSubject, err := redpanda.NewSchemaRegistryAcl(ctx, "provider_bootstrap_subject", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: pulumi.String("User:*"),
ResourceType: pulumi.String("SUBJECT"),
ResourceName: pulumi.Any(topicName),
PatternType: pulumi.String("PREFIXED"),
Host: pulumi.String("*"),
Operation: pulumi.String("ALL"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
})
if err != nil {
return err
}
providerBootstrapRegistry, err := redpanda.NewSchemaRegistryAcl(ctx, "provider_bootstrap_registry", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: pulumi.String("User:*"),
ResourceType: pulumi.String("REGISTRY"),
ResourceName: pulumi.String("*"),
PatternType: pulumi.String("LITERAL"),
Host: pulumi.String("*"),
Operation: pulumi.String("ALL"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
})
if err != nil {
return err
}
clusterAdmin, err := redpanda.NewAcl(ctx, "cluster_admin", &redpanda.AclArgs{
ResourceType: pulumi.String("CLUSTER"),
ResourceName: pulumi.String("kafka-cluster"),
ResourcePatternType: pulumi.String("LITERAL"),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
Host: pulumi.String("*"),
Operation: pulumi.String("ALL"),
PermissionType: pulumi.String("ALLOW"),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(aclAllowDeletion),
})
if err != nil {
return err
}
schemaRegistryAdmin, err := redpanda.NewAcl(ctx, "schema_registry_admin", &redpanda.AclArgs{
ResourceType: pulumi.String("CLUSTER"),
ResourceName: pulumi.String("kafka-cluster"),
ResourcePatternType: pulumi.String("LITERAL"),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
Host: pulumi.String("*"),
Operation: pulumi.String("ALTER"),
PermissionType: pulumi.String("ALLOW"),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(aclAllowDeletion),
})
if err != nil {
return err
}
clusterAction, err := redpanda.NewAcl(ctx, "cluster_action", &redpanda.AclArgs{
ResourceType: pulumi.String("CLUSTER"),
ResourceName: pulumi.String("kafka-cluster"),
ResourcePatternType: pulumi.String("LITERAL"),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
Host: pulumi.String("*"),
Operation: pulumi.String("CLUSTER_ACTION"),
PermissionType: pulumi.String("ALLOW"),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(aclAllowDeletion),
})
if err != nil {
return err
}
topicAccess, err := redpanda.NewAcl(ctx, "topic_access", &redpanda.AclArgs{
ResourceType: pulumi.String("TOPIC"),
ResourceName: testTopic.Name,
ResourcePatternType: pulumi.String("LITERAL"),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
Host: pulumi.String("*"),
Operation: pulumi.String("ALL"),
PermissionType: pulumi.String("ALLOW"),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(aclAllowDeletion),
})
if err != nil {
return err
}
allTestTopic, err := redpanda.NewSchemaRegistryAcl(ctx, "all_test_topic", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ResourceType: pulumi.String("SUBJECT"),
ResourceName: pulumi.Sprintf("%v-", topicName),
PatternType: pulumi.String("PREFIXED"),
Host: pulumi.String("*"),
Operation: pulumi.String("ALL"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
}))
if err != nil {
return err
}
describeRegistry, err := redpanda.NewSchemaRegistryAcl(ctx, "describe_registry", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ResourceType: pulumi.String("REGISTRY"),
ResourceName: pulumi.String("*"),
PatternType: pulumi.String("LITERAL"),
Host: pulumi.String("*"),
Operation: pulumi.String("DESCRIBE"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
}))
if err != nil {
return err
}
alterConfigsRegistry, err := redpanda.NewSchemaRegistryAcl(ctx, "alter_configs_registry", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ResourceType: pulumi.String("REGISTRY"),
ResourceName: pulumi.String("*"),
PatternType: pulumi.String("LITERAL"),
Host: pulumi.String("*"),
Operation: pulumi.String("ALTER_CONFIGS"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
}))
if err != nil {
return err
}
readRegistry, err := redpanda.NewSchemaRegistryAcl(ctx, "read_registry", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ResourceType: pulumi.String("REGISTRY"),
ResourceName: pulumi.String("*"),
PatternType: pulumi.String("LITERAL"),
Host: pulumi.String("*"),
Operation: pulumi.String("READ"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
}))
if err != nil {
return err
}
writeRegistry, err := redpanda.NewSchemaRegistryAcl(ctx, "write_registry", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ResourceType: pulumi.String("REGISTRY"),
ResourceName: pulumi.String("*"),
PatternType: pulumi.String("LITERAL"),
Host: pulumi.String("*"),
Operation: pulumi.String("WRITE"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
}))
if err != nil {
return err
}
userSchema, err := redpanda.NewSchema(ctx, "user_schema", &redpanda.SchemaArgs{
ClusterId: testCluster.ID(),
Subject: pulumi.Sprintf("%v-value", topicName),
SchemaType: pulumi.Any(schemaType),
Schema: pulumi.Any(userSchemaDefinition),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
}))
if err != nil {
return err
}
userEventSchema, err := redpanda.NewSchema(ctx, "user_event_schema", &redpanda.SchemaArgs{
ClusterId: testCluster.ID(),
Subject: pulumi.Sprintf("%v-events-value", topicName),
SchemaType: pulumi.Any(schemaType),
Schema: pulumi.Any(userEventSchemaDefinition),
AllowDeletion: pulumi.Bool(true),
References: redpanda.SchemaReferenceArray{
&redpanda.SchemaReferenceArgs{
Name: pulumi.String("User"),
Subject: userSchema.Subject,
Version: userSchema.Version,
},
},
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
}))
if err != nil {
return err
}
productSchema, err := redpanda.NewSchema(ctx, "product_schema", &redpanda.SchemaArgs{
ClusterId: testCluster.ID(),
Subject: pulumi.Sprintf("%v-product-value", topicName),
SchemaType: pulumi.Any(schemaType),
Schema: pulumi.Any(productSchemaDefinition),
Compatibility: pulumi.Any(compatibilityLevel),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
}))
if err != nil {
return err
}
developer, err := redpanda.NewRole(ctx, "developer", &redpanda.RoleArgs{
Name: pulumi.Any(roleName),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(roleAllowDeletion),
})
if err != nil {
return err
}
_, err = redpanda.NewAcl(ctx, "role_topic_read", &redpanda.AclArgs{
ResourceType: pulumi.String("TOPIC"),
ResourceName: testTopic.Name,
ResourcePatternType: pulumi.String("LITERAL"),
Principal: developer.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("RedpandaRole:%v", name), nil
}).(pulumi.StringOutput),
Host: pulumi.String("*"),
Operation: pulumi.String("READ"),
PermissionType: pulumi.String("ALLOW"),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(aclAllowDeletion),
})
if err != nil {
return err
}
_, err = redpanda.NewSchemaRegistryAcl(ctx, "read_product", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ResourceType: pulumi.String("SUBJECT"),
ResourceName: pulumi.String("product-"),
PatternType: pulumi.String("PREFIXED"),
Host: pulumi.String("*"),
Operation: pulumi.String("READ"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Any(srAclAllowDeletion),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
}))
if err != nil {
return err
}
_, err = redpanda.NewSchemaRegistryAcl(ctx, "write_orders", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ResourceType: pulumi.String("SUBJECT"),
ResourceName: pulumi.String("orders-value"),
PatternType: pulumi.String("LITERAL"),
Host: pulumi.String("*"),
Operation: pulumi.String("WRITE"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
}))
if err != nil {
return err
}
_, err = redpanda.NewSchemaRegistryAcl(ctx, "describe_test_topic", &redpanda.SchemaRegistryAclArgs{
ClusterId: testCluster.ID(),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ResourceType: pulumi.String("SUBJECT"),
ResourceName: pulumi.Sprintf("%v-", topicName),
PatternType: pulumi.String("PREFIXED"),
Host: pulumi.String("*"),
Operation: pulumi.String("DESCRIBE"),
Permission: pulumi.String("ALLOW"),
AllowDeletion: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
clusterAdmin,
schemaRegistryAdmin,
}))
if err != nil {
return err
}
_, err = redpanda.NewRoleAssignment(ctx, "developer_assignment", &redpanda.RoleAssignmentArgs{
RoleName: developer.Name,
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
ClusterApiUrl: testCluster.ClusterApiUrl,
}, pulumi.DependsOn([]pulumi.Resource{
testUser,
}))
if err != nil {
return err
}
testPipeline, err := redpanda.NewPipeline(ctx, "test", &redpanda.PipelineArgs{
ClusterApiUrl: testCluster.ClusterApiUrl,
DisplayName: pulumi.Any(pipelineName),
Description: pulumi.Any(pipelineDescription),
ConfigYaml: pulumi.Any(pipelineConfigYaml),
State: pulumi.Any(pipelineState),
AllowDeletion: pulumi.Any(pipelineAllowDeletion),
Resources: &redpanda.PipelineResourcesArgs{
MemoryShares: pulumi.Any(pipelineMemoryShares),
CpuShares: pulumi.Any(pipelineCpuShares),
},
Tags: pulumi.StringMap{
"environment": pulumi.String("test"),
"managed-by": pulumi.String("terraform"),
},
})
if err != nil {
return err
}
ctx.Export("pipelineInfo", pulumi.StringMap{
"id": testPipeline.ID(),
"name": testPipeline.DisplayName,
"state": testPipeline.State,
"url": testPipeline.Url,
})
ctx.Export("userSchemaInfo", pulumi.Map{
"id": userSchema.SchemaId,
"subject": userSchema.Subject,
"version": userSchema.Version,
"type": userSchema.SchemaType,
})
ctx.Export("userEventSchemaInfo", pulumi.Map{
"id": userEventSchema.SchemaId,
"subject": userEventSchema.Subject,
"version": userEventSchema.Version,
"type": userEventSchema.SchemaType,
"references": userEventSchema.References,
})
ctx.Export("productSchemaInfo", pulumi.Map{
"id": productSchema.SchemaId,
"subject": productSchema.Subject,
"version": productSchema.Version,
"type": productSchema.SchemaType,
"compatibility": productSchema.Compatibility,
})
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Redpanda = Pulumi.Redpanda;
return await Deployment.RunAsync(() =>
{
var test = new Redpanda.ResourceGroup("test", new()
{
Name = resourceGroupName,
});
var testNetwork = new Redpanda.Network("test", new()
{
Name = networkName,
ResourceGroupId = test.Id,
CloudProvider = cloudProvider,
Region = region,
ClusterType = "dedicated",
CidrBlock = "10.0.0.0/20",
Timeouts = new Redpanda.Inputs.NetworkTimeoutsArgs
{
Create = "20m",
Delete = "20m",
},
});
var testCluster = new Redpanda.Cluster("test", new()
{
Name = clusterName,
ResourceGroupId = test.Id,
NetworkId = testNetwork.Id,
CloudProvider = cloudProvider,
Region = region,
ClusterType = "dedicated",
ConnectionType = "public",
ThroughputTier = throughputTier,
Zones = zones,
AllowDeletion = clusterAllowDeletion,
ClusterConfiguration = new Redpanda.Inputs.ClusterClusterConfigurationArgs
{
CustomPropertiesJson = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["auto.create.topics.enable"] = false,
["schema_registry_enable_authorization"] = true,
}),
},
Tags = clusterTags,
Timeouts = new Redpanda.Inputs.ClusterTimeoutsArgs
{
Create = "90m",
},
});
var testUser = new Redpanda.User("test", new()
{
Name = userName,
Password = userPw,
Mechanism = mechanism,
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = userAllowDeletion,
});
var testTopic = new Redpanda.Topic("test", new()
{
Name = topicName,
PartitionCount = partitionCount,
ReplicationFactor = replicationFactor,
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = true,
Configuration =
{
{ "cleanup.policy", "delete" },
{ "retention.ms", topicRetentionMs },
},
});
// Bootstrap SR ACL grants for the provider's own Bearer-token principal.
// SUBJECT grant authorizes POST /subjects/<subj>/versions; REGISTRY grant
// authorizes the franz-go follow-up GET /schemas/ids/<id>/versions.
var providerBootstrapSubject = new Redpanda.SchemaRegistryAcl("provider_bootstrap_subject", new()
{
ClusterId = testCluster.Id,
Principal = "User:*",
ResourceType = "SUBJECT",
ResourceName = topicName,
PatternType = "PREFIXED",
Host = "*",
Operation = "ALL",
Permission = "ALLOW",
AllowDeletion = true,
});
var providerBootstrapRegistry = new Redpanda.SchemaRegistryAcl("provider_bootstrap_registry", new()
{
ClusterId = testCluster.Id,
Principal = "User:*",
ResourceType = "REGISTRY",
ResourceName = "*",
PatternType = "LITERAL",
Host = "*",
Operation = "ALL",
Permission = "ALLOW",
AllowDeletion = true,
});
var clusterAdmin = new Redpanda.Acl("cluster_admin", new()
{
ResourceType = "CLUSTER",
ResourceName = "kafka-cluster",
ResourcePatternType = "LITERAL",
Principal = testUser.Name.Apply(name => $"User:{name}"),
Host = "*",
Operation = "ALL",
PermissionType = "ALLOW",
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = aclAllowDeletion,
});
var schemaRegistryAdmin = new Redpanda.Acl("schema_registry_admin", new()
{
ResourceType = "CLUSTER",
ResourceName = "kafka-cluster",
ResourcePatternType = "LITERAL",
Principal = testUser.Name.Apply(name => $"User:{name}"),
Host = "*",
Operation = "ALTER",
PermissionType = "ALLOW",
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = aclAllowDeletion,
});
var clusterAction = new Redpanda.Acl("cluster_action", new()
{
ResourceType = "CLUSTER",
ResourceName = "kafka-cluster",
ResourcePatternType = "LITERAL",
Principal = testUser.Name.Apply(name => $"User:{name}"),
Host = "*",
Operation = "CLUSTER_ACTION",
PermissionType = "ALLOW",
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = aclAllowDeletion,
});
var topicAccess = new Redpanda.Acl("topic_access", new()
{
ResourceType = "TOPIC",
ResourceName = testTopic.Name,
ResourcePatternType = "LITERAL",
Principal = testUser.Name.Apply(name => $"User:{name}"),
Host = "*",
Operation = "ALL",
PermissionType = "ALLOW",
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = aclAllowDeletion,
});
var allTestTopic = new Redpanda.SchemaRegistryAcl("all_test_topic", new()
{
ClusterId = testCluster.Id,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ResourceType = "SUBJECT",
ResourceName = $"{topicName}-",
PatternType = "PREFIXED",
Host = "*",
Operation = "ALL",
Permission = "ALLOW",
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
},
});
var describeRegistry = new Redpanda.SchemaRegistryAcl("describe_registry", new()
{
ClusterId = testCluster.Id,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ResourceType = "REGISTRY",
ResourceName = "*",
PatternType = "LITERAL",
Host = "*",
Operation = "DESCRIBE",
Permission = "ALLOW",
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
},
});
var alterConfigsRegistry = new Redpanda.SchemaRegistryAcl("alter_configs_registry", new()
{
ClusterId = testCluster.Id,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ResourceType = "REGISTRY",
ResourceName = "*",
PatternType = "LITERAL",
Host = "*",
Operation = "ALTER_CONFIGS",
Permission = "ALLOW",
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
},
});
var readRegistry = new Redpanda.SchemaRegistryAcl("read_registry", new()
{
ClusterId = testCluster.Id,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ResourceType = "REGISTRY",
ResourceName = "*",
PatternType = "LITERAL",
Host = "*",
Operation = "READ",
Permission = "ALLOW",
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
},
});
var writeRegistry = new Redpanda.SchemaRegistryAcl("write_registry", new()
{
ClusterId = testCluster.Id,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ResourceType = "REGISTRY",
ResourceName = "*",
PatternType = "LITERAL",
Host = "*",
Operation = "WRITE",
Permission = "ALLOW",
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
},
});
var userSchema = new Redpanda.Schema("user_schema", new()
{
ClusterId = testCluster.Id,
Subject = $"{topicName}-value",
SchemaType = schemaType,
Schema = userSchemaDefinition,
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
},
});
var userEventSchema = new Redpanda.Schema("user_event_schema", new()
{
ClusterId = testCluster.Id,
Subject = $"{topicName}-events-value",
SchemaType = schemaType,
Schema = userEventSchemaDefinition,
AllowDeletion = true,
References = new[]
{
new Redpanda.Inputs.SchemaReferenceArgs
{
Name = "User",
Subject = userSchema.Subject,
Version = userSchema.Version,
},
},
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
},
});
var productSchema = new Redpanda.Schema("product_schema", new()
{
ClusterId = testCluster.Id,
Subject = $"{topicName}-product-value",
SchemaType = schemaType,
Schema = productSchemaDefinition,
Compatibility = compatibilityLevel,
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry,
},
});
var developer = new Redpanda.Role("developer", new()
{
Name = roleName,
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = roleAllowDeletion,
});
var roleTopicRead = new Redpanda.Acl("role_topic_read", new()
{
ResourceType = "TOPIC",
ResourceName = testTopic.Name,
ResourcePatternType = "LITERAL",
Principal = developer.Name.Apply(name => $"RedpandaRole:{name}"),
Host = "*",
Operation = "READ",
PermissionType = "ALLOW",
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = aclAllowDeletion,
});
var readProduct = new Redpanda.SchemaRegistryAcl("read_product", new()
{
ClusterId = testCluster.Id,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ResourceType = "SUBJECT",
ResourceName = "product-",
PatternType = "PREFIXED",
Host = "*",
Operation = "READ",
Permission = "ALLOW",
AllowDeletion = srAclAllowDeletion,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
},
});
var writeOrders = new Redpanda.SchemaRegistryAcl("write_orders", new()
{
ClusterId = testCluster.Id,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ResourceType = "SUBJECT",
ResourceName = "orders-value",
PatternType = "LITERAL",
Host = "*",
Operation = "WRITE",
Permission = "ALLOW",
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
},
});
var describeTestTopic = new Redpanda.SchemaRegistryAcl("describe_test_topic", new()
{
ClusterId = testCluster.Id,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ResourceType = "SUBJECT",
ResourceName = $"{topicName}-",
PatternType = "PREFIXED",
Host = "*",
Operation = "DESCRIBE",
Permission = "ALLOW",
AllowDeletion = true,
}, new CustomResourceOptions
{
DependsOn =
{
clusterAdmin,
schemaRegistryAdmin,
},
});
var developerAssignment = new Redpanda.RoleAssignment("developer_assignment", new()
{
RoleName = developer.Name,
Principal = testUser.Name.Apply(name => $"User:{name}"),
ClusterApiUrl = testCluster.ClusterApiUrl,
}, new CustomResourceOptions
{
DependsOn =
{
testUser,
},
});
var testPipeline = new Redpanda.Pipeline("test", new()
{
ClusterApiUrl = testCluster.ClusterApiUrl,
DisplayName = pipelineName,
Description = pipelineDescription,
ConfigYaml = pipelineConfigYaml,
State = pipelineState,
AllowDeletion = pipelineAllowDeletion,
Resources = new Redpanda.Inputs.PipelineResourcesArgs
{
MemoryShares = pipelineMemoryShares,
CpuShares = pipelineCpuShares,
},
Tags =
{
{ "environment", "test" },
{ "managed-by", "terraform" },
},
});
return new Dictionary<string, object?>
{
["pipelineInfo"] =
{
{ "id", testPipeline.Id },
{ "name", testPipeline.DisplayName },
{ "state", testPipeline.State },
{ "url", testPipeline.Url },
},
["userSchemaInfo"] =
{
{ "id", userSchema.SchemaId },
{ "subject", userSchema.Subject },
{ "version", userSchema.Version },
{ "type", userSchema.SchemaType },
},
["userEventSchemaInfo"] =
{
{ "id", userEventSchema.SchemaId },
{ "subject", userEventSchema.Subject },
{ "version", userEventSchema.Version },
{ "type", userEventSchema.SchemaType },
{ "references", userEventSchema.References },
},
["productSchemaInfo"] =
{
{ "id", productSchema.SchemaId },
{ "subject", productSchema.Subject },
{ "version", productSchema.Version },
{ "type", productSchema.SchemaType },
{ "compatibility", productSchema.Compatibility },
},
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.redpanda.ResourceGroup;
import com.pulumi.redpanda.ResourceGroupArgs;
import com.pulumi.redpanda.Network;
import com.pulumi.redpanda.NetworkArgs;
import com.pulumi.redpanda.inputs.NetworkTimeoutsArgs;
import com.pulumi.redpanda.Cluster;
import com.pulumi.redpanda.ClusterArgs;
import com.pulumi.redpanda.inputs.ClusterClusterConfigurationArgs;
import com.pulumi.redpanda.inputs.ClusterTimeoutsArgs;
import com.pulumi.redpanda.User;
import com.pulumi.redpanda.UserArgs;
import com.pulumi.redpanda.Topic;
import com.pulumi.redpanda.TopicArgs;
import com.pulumi.redpanda.SchemaRegistryAcl;
import com.pulumi.redpanda.SchemaRegistryAclArgs;
import com.pulumi.redpanda.Acl;
import com.pulumi.redpanda.AclArgs;
import com.pulumi.redpanda.Schema;
import com.pulumi.redpanda.SchemaArgs;
import com.pulumi.redpanda.inputs.SchemaReferenceArgs;
import com.pulumi.redpanda.Role;
import com.pulumi.redpanda.RoleArgs;
import com.pulumi.redpanda.RoleAssignment;
import com.pulumi.redpanda.RoleAssignmentArgs;
import com.pulumi.redpanda.Pipeline;
import com.pulumi.redpanda.PipelineArgs;
import com.pulumi.redpanda.inputs.PipelineResourcesArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new ResourceGroup("test", ResourceGroupArgs.builder()
.name(resourceGroupName)
.build());
var testNetwork = new Network("testNetwork", NetworkArgs.builder()
.name(networkName)
.resourceGroupId(test.id())
.cloudProvider(cloudProvider)
.region(region)
.clusterType("dedicated")
.cidrBlock("10.0.0.0/20")
.timeouts(NetworkTimeoutsArgs.builder()
.create("20m")
.delete("20m")
.build())
.build());
var testCluster = new Cluster("testCluster", ClusterArgs.builder()
.name(clusterName)
.resourceGroupId(test.id())
.networkId(testNetwork.id())
.cloudProvider(cloudProvider)
.region(region)
.clusterType("dedicated")
.connectionType("public")
.throughputTier(throughputTier)
.zones(zones)
.allowDeletion(clusterAllowDeletion)
.clusterConfiguration(ClusterClusterConfigurationArgs.builder()
.customPropertiesJson(serializeJson(
jsonObject(
jsonProperty("auto.create.topics.enable", false),
jsonProperty("schema_registry_enable_authorization", true)
)))
.build())
.tags(clusterTags)
.timeouts(ClusterTimeoutsArgs.builder()
.create("90m")
.build())
.build());
var testUser = new User("testUser", UserArgs.builder()
.name(userName)
.password(userPw)
.mechanism(mechanism)
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(userAllowDeletion)
.build());
var testTopic = new Topic("testTopic", TopicArgs.builder()
.name(topicName)
.partitionCount(partitionCount)
.replicationFactor(replicationFactor)
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(true)
.configuration(Map.ofEntries(
Map.entry("cleanup.policy", "delete"),
Map.entry("retention.ms", topicRetentionMs)
))
.build());
// Bootstrap SR ACL grants for the provider's own Bearer-token principal.
// SUBJECT grant authorizes POST /subjects/<subj>/versions; REGISTRY grant
// authorizes the franz-go follow-up GET /schemas/ids/<id>/versions.
var providerBootstrapSubject = new SchemaRegistryAcl("providerBootstrapSubject", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal("User:*")
.resourceType("SUBJECT")
.resourceName(topicName)
.patternType("PREFIXED")
.host("*")
.operation("ALL")
.permission("ALLOW")
.allowDeletion(true)
.build());
var providerBootstrapRegistry = new SchemaRegistryAcl("providerBootstrapRegistry", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal("User:*")
.resourceType("REGISTRY")
.resourceName("*")
.patternType("LITERAL")
.host("*")
.operation("ALL")
.permission("ALLOW")
.allowDeletion(true)
.build());
var clusterAdmin = new Acl("clusterAdmin", AclArgs.builder()
.resourceType("CLUSTER")
.resourceName("kafka-cluster")
.resourcePatternType("LITERAL")
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.host("*")
.operation("ALL")
.permissionType("ALLOW")
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(aclAllowDeletion)
.build());
var schemaRegistryAdmin = new Acl("schemaRegistryAdmin", AclArgs.builder()
.resourceType("CLUSTER")
.resourceName("kafka-cluster")
.resourcePatternType("LITERAL")
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.host("*")
.operation("ALTER")
.permissionType("ALLOW")
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(aclAllowDeletion)
.build());
var clusterAction = new Acl("clusterAction", AclArgs.builder()
.resourceType("CLUSTER")
.resourceName("kafka-cluster")
.resourcePatternType("LITERAL")
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.host("*")
.operation("CLUSTER_ACTION")
.permissionType("ALLOW")
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(aclAllowDeletion)
.build());
var topicAccess = new Acl("topicAccess", AclArgs.builder()
.resourceType("TOPIC")
.resourceName(testTopic.name())
.resourcePatternType("LITERAL")
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.host("*")
.operation("ALL")
.permissionType("ALLOW")
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(aclAllowDeletion)
.build());
var allTestTopic = new SchemaRegistryAcl("allTestTopic", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.resourceType("SUBJECT")
.resourceName(String.format("%s-", topicName))
.patternType("PREFIXED")
.host("*")
.operation("ALL")
.permission("ALLOW")
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin)
.build());
var describeRegistry = new SchemaRegistryAcl("describeRegistry", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.resourceType("REGISTRY")
.resourceName("*")
.patternType("LITERAL")
.host("*")
.operation("DESCRIBE")
.permission("ALLOW")
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin)
.build());
var alterConfigsRegistry = new SchemaRegistryAcl("alterConfigsRegistry", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.resourceType("REGISTRY")
.resourceName("*")
.patternType("LITERAL")
.host("*")
.operation("ALTER_CONFIGS")
.permission("ALLOW")
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin)
.build());
var readRegistry = new SchemaRegistryAcl("readRegistry", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.resourceType("REGISTRY")
.resourceName("*")
.patternType("LITERAL")
.host("*")
.operation("READ")
.permission("ALLOW")
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin)
.build());
var writeRegistry = new SchemaRegistryAcl("writeRegistry", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.resourceType("REGISTRY")
.resourceName("*")
.patternType("LITERAL")
.host("*")
.operation("WRITE")
.permission("ALLOW")
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin)
.build());
var userSchema = new Schema("userSchema", SchemaArgs.builder()
.clusterId(testCluster.id())
.subject(String.format("%s-value", topicName))
.schemaType(schemaType)
.schema(userSchemaDefinition)
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry)
.build());
var userEventSchema = new Schema("userEventSchema", SchemaArgs.builder()
.clusterId(testCluster.id())
.subject(String.format("%s-events-value", topicName))
.schemaType(schemaType)
.schema(userEventSchemaDefinition)
.allowDeletion(true)
.references(SchemaReferenceArgs.builder()
.name("User")
.subject(userSchema.subject())
.version(userSchema.version())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry)
.build());
var productSchema = new Schema("productSchema", SchemaArgs.builder()
.clusterId(testCluster.id())
.subject(String.format("%s-product-value", topicName))
.schemaType(schemaType)
.schema(productSchemaDefinition)
.compatibility(compatibilityLevel)
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin,
clusterAction,
topicAccess,
providerBootstrapSubject,
providerBootstrapRegistry,
allTestTopic,
describeRegistry,
alterConfigsRegistry,
readRegistry,
writeRegistry)
.build());
var developer = new Role("developer", RoleArgs.builder()
.name(roleName)
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(roleAllowDeletion)
.build());
var roleTopicRead = new Acl("roleTopicRead", AclArgs.builder()
.resourceType("TOPIC")
.resourceName(testTopic.name())
.resourcePatternType("LITERAL")
.principal(developer.name().applyValue(_name -> String.format("RedpandaRole:%s", _name)))
.host("*")
.operation("READ")
.permissionType("ALLOW")
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(aclAllowDeletion)
.build());
var readProduct = new SchemaRegistryAcl("readProduct", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.resourceType("SUBJECT")
.resourceName("product-")
.patternType("PREFIXED")
.host("*")
.operation("READ")
.permission("ALLOW")
.allowDeletion(srAclAllowDeletion)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin)
.build());
var writeOrders = new SchemaRegistryAcl("writeOrders", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.resourceType("SUBJECT")
.resourceName("orders-value")
.patternType("LITERAL")
.host("*")
.operation("WRITE")
.permission("ALLOW")
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin)
.build());
var describeTestTopic = new SchemaRegistryAcl("describeTestTopic", SchemaRegistryAclArgs.builder()
.clusterId(testCluster.id())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.resourceType("SUBJECT")
.resourceName(String.format("%s-", topicName))
.patternType("PREFIXED")
.host("*")
.operation("DESCRIBE")
.permission("ALLOW")
.allowDeletion(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAdmin,
schemaRegistryAdmin)
.build());
var developerAssignment = new RoleAssignment("developerAssignment", RoleAssignmentArgs.builder()
.roleName(developer.name())
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.clusterApiUrl(testCluster.clusterApiUrl())
.build(), CustomResourceOptions.builder()
.dependsOn(testUser)
.build());
var testPipeline = new Pipeline("testPipeline", PipelineArgs.builder()
.clusterApiUrl(testCluster.clusterApiUrl())
.displayName(pipelineName)
.description(pipelineDescription)
.configYaml(pipelineConfigYaml)
.state(pipelineState)
.allowDeletion(pipelineAllowDeletion)
.resources(PipelineResourcesArgs.builder()
.memoryShares(pipelineMemoryShares)
.cpuShares(pipelineCpuShares)
.build())
.tags(Map.ofEntries(
Map.entry("environment", "test"),
Map.entry("managed-by", "terraform")
))
.build());
ctx.export("pipelineInfo", Map.ofEntries(
Map.entry("id", testPipeline.id()),
Map.entry("name", testPipeline.displayName()),
Map.entry("state", testPipeline.state()),
Map.entry("url", testPipeline.url())
));
ctx.export("userSchemaInfo", Map.ofEntries(
Map.entry("id", userSchema.schemaId()),
Map.entry("subject", userSchema.subject()),
Map.entry("version", userSchema.version()),
Map.entry("type", userSchema.schemaType())
));
ctx.export("userEventSchemaInfo", Map.ofEntries(
Map.entry("id", userEventSchema.schemaId()),
Map.entry("subject", userEventSchema.subject()),
Map.entry("version", userEventSchema.version()),
Map.entry("type", userEventSchema.schemaType()),
Map.entry("references", userEventSchema.references())
));
ctx.export("productSchemaInfo", Map.ofEntries(
Map.entry("id", productSchema.schemaId()),
Map.entry("subject", productSchema.subject()),
Map.entry("version", productSchema.version()),
Map.entry("type", productSchema.schemaType()),
Map.entry("compatibility", productSchema.compatibility())
));
}
}
resources:
test:
type: redpanda:ResourceGroup
properties:
name: ${resourceGroupName}
testNetwork:
type: redpanda:Network
name: test
properties:
name: ${networkName}
resourceGroupId: ${test.id}
cloudProvider: ${cloudProvider}
region: ${region}
clusterType: dedicated
cidrBlock: 10.0.0.0/20
timeouts:
create: 20m
delete: 20m
testCluster:
type: redpanda:Cluster
name: test
properties:
name: ${clusterName}
resourceGroupId: ${test.id}
networkId: ${testNetwork.id}
cloudProvider: ${cloudProvider}
region: ${region}
clusterType: dedicated
connectionType: public
throughputTier: ${throughputTier}
zones: ${zones}
allowDeletion: ${clusterAllowDeletion}
clusterConfiguration:
customPropertiesJson:
fn::toJSON:
auto.create.topics.enable: false
schema_registry_enable_authorization: true
tags: ${clusterTags}
timeouts:
create: 90m
testUser:
type: redpanda:User
name: test
properties:
name: ${userName}
password: ${userPw}
mechanism: ${mechanism}
clusterApiUrl: ${testCluster.clusterApiUrl}
allowDeletion: ${userAllowDeletion}
testTopic:
type: redpanda:Topic
name: test
properties:
name: ${topicName}
partitionCount: ${partitionCount}
replicationFactor: ${replicationFactor}
clusterApiUrl: ${testCluster.clusterApiUrl}
allowDeletion: true
configuration:
cleanup.policy: delete
retention.ms: ${topicRetentionMs}
# Bootstrap SR ACL grants for the provider's own Bearer-token principal.
# SUBJECT grant authorizes POST /subjects/<subj>/versions; REGISTRY grant
# authorizes the franz-go follow-up GET /schemas/ids/<id>/versions.
providerBootstrapSubject:
type: redpanda:SchemaRegistryAcl
name: provider_bootstrap_subject
properties:
clusterId: ${testCluster.id}
principal: User:*
resourceType: SUBJECT
resourceName: ${topicName}
patternType: PREFIXED
host: '*'
operation: ALL
permission: ALLOW
allowDeletion: true
providerBootstrapRegistry:
type: redpanda:SchemaRegistryAcl
name: provider_bootstrap_registry
properties:
clusterId: ${testCluster.id}
principal: User:*
resourceType: REGISTRY
resourceName: '*'
patternType: LITERAL
host: '*'
operation: ALL
permission: ALLOW
allowDeletion: true
userSchema:
type: redpanda:Schema
name: user_schema
properties:
clusterId: ${testCluster.id}
subject: ${topicName}-value
schemaType: ${schemaType}
schema: ${userSchemaDefinition}
allowDeletion: true
options:
dependsOn:
- ${clusterAdmin}
- ${schemaRegistryAdmin}
- ${clusterAction}
- ${topicAccess}
- ${providerBootstrapSubject}
- ${providerBootstrapRegistry}
- ${allTestTopic}
- ${describeRegistry}
- ${alterConfigsRegistry}
- ${readRegistry}
- ${writeRegistry}
userEventSchema:
type: redpanda:Schema
name: user_event_schema
properties:
clusterId: ${testCluster.id}
subject: ${topicName}-events-value
schemaType: ${schemaType}
schema: ${userEventSchemaDefinition}
allowDeletion: true
references:
- name: User
subject: ${userSchema.subject}
version: ${userSchema.version}
options:
dependsOn:
- ${clusterAdmin}
- ${schemaRegistryAdmin}
- ${clusterAction}
- ${topicAccess}
- ${providerBootstrapSubject}
- ${providerBootstrapRegistry}
- ${allTestTopic}
- ${describeRegistry}
- ${alterConfigsRegistry}
- ${readRegistry}
- ${writeRegistry}
productSchema:
type: redpanda:Schema
name: product_schema
properties:
clusterId: ${testCluster.id}
subject: ${topicName}-product-value
schemaType: ${schemaType}
schema: ${productSchemaDefinition}
compatibility: ${compatibilityLevel}
allowDeletion: true
options:
dependsOn:
- ${clusterAdmin}
- ${schemaRegistryAdmin}
- ${clusterAction}
- ${topicAccess}
- ${providerBootstrapSubject}
- ${providerBootstrapRegistry}
- ${allTestTopic}
- ${describeRegistry}
- ${alterConfigsRegistry}
- ${readRegistry}
- ${writeRegistry}
clusterAdmin:
type: redpanda:Acl
name: cluster_admin
properties:
resourceType: CLUSTER
resourceName: kafka-cluster
resourcePatternType: LITERAL
principal: User:${testUser.name}
host: '*'
operation: ALL
permissionType: ALLOW
clusterApiUrl: ${testCluster.clusterApiUrl}
allowDeletion: ${aclAllowDeletion}
schemaRegistryAdmin:
type: redpanda:Acl
name: schema_registry_admin
properties:
resourceType: CLUSTER
resourceName: kafka-cluster
resourcePatternType: LITERAL
principal: User:${testUser.name}
host: '*'
operation: ALTER
permissionType: ALLOW
clusterApiUrl: ${testCluster.clusterApiUrl}
allowDeletion: ${aclAllowDeletion}
clusterAction:
type: redpanda:Acl
name: cluster_action
properties:
resourceType: CLUSTER
resourceName: kafka-cluster
resourcePatternType: LITERAL
principal: User:${testUser.name}
host: '*'
operation: CLUSTER_ACTION
permissionType: ALLOW
clusterApiUrl: ${testCluster.clusterApiUrl}
allowDeletion: ${aclAllowDeletion}
topicAccess:
type: redpanda:Acl
name: topic_access
properties:
resourceType: TOPIC
resourceName: ${testTopic.name}
resourcePatternType: LITERAL
principal: User:${testUser.name}
host: '*'
operation: ALL
permissionType: ALLOW
clusterApiUrl: ${testCluster.clusterApiUrl}
allowDeletion: ${aclAllowDeletion}
roleTopicRead:
type: redpanda:Acl
name: role_topic_read
properties:
resourceType: TOPIC
resourceName: ${testTopic.name}
resourcePatternType: LITERAL
principal: RedpandaRole:${developer.name}
host: '*'
operation: READ
permissionType: ALLOW
clusterApiUrl: ${testCluster.clusterApiUrl}
allowDeletion: ${aclAllowDeletion}
readProduct:
type: redpanda:SchemaRegistryAcl
name: read_product
properties:
clusterId: ${testCluster.id}
principal: User:${testUser.name}
resourceType: SUBJECT
resourceName: product-
patternType: PREFIXED
host: '*'
operation: READ
permission: ALLOW
allowDeletion: ${srAclAllowDeletion}
options:
dependsOn:
- ${clusterAdmin}
- ${schemaRegistryAdmin}
writeOrders:
type: redpanda:SchemaRegistryAcl
name: write_orders
properties:
clusterId: ${testCluster.id}
principal: User:${testUser.name}
resourceType: SUBJECT
resourceName: orders-value
patternType: LITERAL
host: '*'
operation: WRITE
permission: ALLOW
allowDeletion: true
options:
dependsOn:
- ${clusterAdmin}
- ${schemaRegistryAdmin}
allTestTopic:
type: redpanda:SchemaRegistryAcl
name: all_test_topic
properties:
clusterId: ${testCluster.id}
principal: User:${testUser.name}
resourceType: SUBJECT
resourceName: ${topicName}-
patternType: PREFIXED
host: '*'
operation: ALL
permission: ALLOW
allowDeletion: true
options:
dependsOn:
- ${clusterAdmin}
- ${schemaRegistryAdmin}
describeTestTopic:
type: redpanda:SchemaRegistryAcl
name: describe_test_topic
properties:
clusterId: ${testCluster.id}
principal: User:${testUser.name}
resourceType: SUBJECT
resourceName: ${topicName}-
patternType: PREFIXED
host: '*'
operation: DESCRIBE
permission: ALLOW
allowDeletion: true
options:
dependsOn:
- ${clusterAdmin}
- ${schemaRegistryAdmin}
describeRegistry:
type: redpanda:SchemaRegistryAcl
name: describe_registry
properties:
clusterId: ${testCluster.id}
principal: User:${testUser.name}
resourceType: REGISTRY
resourceName: '*'
patternType: LITERAL
host: '*'
operation: DESCRIBE
permission: ALLOW
allowDeletion: true
options:
dependsOn:
- ${clusterAdmin}
- ${schemaRegistryAdmin}
alterConfigsRegistry:
type: redpanda:SchemaRegistryAcl
name: alter_configs_registry
properties:
clusterId: ${testCluster.id}
principal: User:${testUser.name}
resourceType: REGISTRY
resourceName: '*'
patternType: LITERAL
host: '*'
operation: ALTER_CONFIGS
permission: ALLOW
allowDeletion: true
options:
dependsOn:
- ${clusterAdmin}
- ${schemaRegistryAdmin}
readRegistry:
type: redpanda:SchemaRegistryAcl
name: read_registry
properties:
clusterId: ${testCluster.id}
principal: User:${testUser.name}
resourceType: REGISTRY
resourceName: '*'
patternType: LITERAL
host: '*'
operation: READ
permission: ALLOW
allowDeletion: true
options:
dependsOn:
- ${clusterAdmin}
- ${schemaRegistryAdmin}
writeRegistry:
type: redpanda:SchemaRegistryAcl
name: write_registry
properties:
clusterId: ${testCluster.id}
principal: User:${testUser.name}
resourceType: REGISTRY
resourceName: '*'
patternType: LITERAL
host: '*'
operation: WRITE
permission: ALLOW
allowDeletion: true
options:
dependsOn:
- ${clusterAdmin}
- ${schemaRegistryAdmin}
developer:
type: redpanda:Role
properties:
name: ${roleName}
clusterApiUrl: ${testCluster.clusterApiUrl}
allowDeletion: ${roleAllowDeletion}
developerAssignment:
type: redpanda:RoleAssignment
name: developer_assignment
properties:
roleName: ${developer.name}
principal: User:${testUser.name}
clusterApiUrl: ${testCluster.clusterApiUrl}
options:
dependsOn:
- ${testUser}
testPipeline:
type: redpanda:Pipeline
name: test
properties:
clusterApiUrl: ${testCluster.clusterApiUrl}
displayName: ${pipelineName}
description: ${pipelineDescription}
configYaml: ${pipelineConfigYaml}
state: ${pipelineState}
allowDeletion: ${pipelineAllowDeletion}
resources:
memoryShares: ${pipelineMemoryShares}
cpuShares: ${pipelineCpuShares}
tags:
environment: test
managed-by: terraform
outputs:
pipelineInfo:
id: ${testPipeline.id}
name: ${testPipeline.displayName}
state: ${testPipeline.state}
url: ${testPipeline.url}
userSchemaInfo:
id: ${userSchema.schemaId}
subject: ${userSchema.subject}
version: ${userSchema.version}
type: ${userSchema.schemaType}
userEventSchemaInfo:
id: ${userEventSchema.schemaId}
subject: ${userEventSchema.subject}
version: ${userEventSchema.version}
type: ${userEventSchema.schemaType}
references: ${userEventSchema.references}
productSchemaInfo:
id: ${productSchema.schemaId}
subject: ${productSchema.subject}
version: ${productSchema.version}
type: ${productSchema.schemaType}
compatibility: ${productSchema.compatibility}
Example coming soon!
BYOC
This configuration of cluster allows the end user to provide access to their cloud account to the provider so that it can create the necessary infrastructure in their account rather than in Redpanda’s Cloud.
Additional Requirements
To build a BYOC cluster you must provide credentials that enable the provider to authenticate to the relevant cloud provider. How this works will depend on which cloud provider you are using.
AWS BYOC
To create a BYOC AWS cluster you must provide an AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. The account must have fairly wide ranging permissions to create the necessary infrastructure.
import * as pulumi from "@pulumi/pulumi";
import * as redpanda from "@pulumi/redpanda";
const test = new redpanda.ResourceGroup("test", {name: resourceGroupName});
const testNetwork = new redpanda.Network("test", {
name: networkName,
resourceGroupId: test.id,
cloudProvider: cloudProvider,
region: region,
clusterType: "byoc",
cidrBlock: "10.0.0.0/20",
});
const testCluster = new redpanda.Cluster("test", {
name: clusterName,
resourceGroupId: test.id,
networkId: testNetwork.id,
cloudProvider: testNetwork.cloudProvider,
region: testNetwork.region,
clusterType: testNetwork.clusterType,
connectionType: "public",
throughputTier: throughputTier,
zones: zones,
allowDeletion: clusterAllowDeletion,
tags: clusterTags,
timeouts: {
create: "90m",
},
});
const testUser = new redpanda.User("test", {
name: userName,
password: userPw,
mechanism: mechanism,
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: userAllowDeletion,
});
const testTopic = new redpanda.Topic("test", {
name: topicName,
partitionCount: partitionCount,
replicationFactor: replicationFactor,
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: true,
configuration: topicConfiguration != null ? topicConfiguration : {
"cleanup.policy": "delete",
"retention.ms": topicRetentionMs,
},
});
const topicAccess = new redpanda.Acl("topic_access", {
resourceType: "TOPIC",
resourceName: testTopic.name,
resourcePatternType: "LITERAL",
principal: pulumi.interpolate`User:${testUser.name}`,
host: "*",
operation: "READ",
permissionType: "ALLOW",
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: aclAllowDeletion,
});
import pulumi
import pulumi_redpanda as redpanda
test = redpanda.ResourceGroup("test", name=resource_group_name)
test_network = redpanda.Network("test",
name=network_name,
resource_group_id=test.id,
cloud_provider=cloud_provider,
region=region,
cluster_type="byoc",
cidr_block="10.0.0.0/20")
test_cluster = redpanda.Cluster("test",
name=cluster_name,
resource_group_id=test.id,
network_id=test_network.id,
cloud_provider=test_network.cloud_provider,
region=test_network.region,
cluster_type=test_network.cluster_type,
connection_type="public",
throughput_tier=throughput_tier,
zones=zones,
allow_deletion=cluster_allow_deletion,
tags=cluster_tags,
timeouts={
"create": "90m",
})
test_user = redpanda.User("test",
name=user_name,
password=user_pw,
mechanism=mechanism,
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=user_allow_deletion)
test_topic = redpanda.Topic("test",
name=topic_name,
partition_count=partition_count,
replication_factor=replication_factor,
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=True,
configuration=topic_configuration if topic_configuration != None else {
"cleanup.policy": "delete",
"retention.ms": topic_retention_ms,
})
topic_access = redpanda.Acl("topic_access",
resource_type="TOPIC",
resource_name_=test_topic.name,
resource_pattern_type="LITERAL",
principal=test_user.name.apply(lambda name: f"User:{name}"),
host="*",
operation="READ",
permission_type="ALLOW",
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=acl_allow_deletion)
package main
import (
"fmt"
"github.com/pulumi/pulumi-terraform-provider/sdks/go/redpanda/v2/redpanda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
test, err := redpanda.NewResourceGroup(ctx, "test", &redpanda.ResourceGroupArgs{
Name: pulumi.Any(resourceGroupName),
})
if err != nil {
return err
}
testNetwork, err := redpanda.NewNetwork(ctx, "test", &redpanda.NetworkArgs{
Name: pulumi.Any(networkName),
ResourceGroupId: test.ID(),
CloudProvider: pulumi.Any(cloudProvider),
Region: pulumi.Any(region),
ClusterType: pulumi.String("byoc"),
CidrBlock: pulumi.String("10.0.0.0/20"),
})
if err != nil {
return err
}
testCluster, err := redpanda.NewCluster(ctx, "test", &redpanda.ClusterArgs{
Name: pulumi.Any(clusterName),
ResourceGroupId: test.ID(),
NetworkId: testNetwork.ID(),
CloudProvider: testNetwork.CloudProvider,
Region: testNetwork.Region,
ClusterType: testNetwork.ClusterType,
ConnectionType: pulumi.String("public"),
ThroughputTier: pulumi.Any(throughputTier),
Zones: pulumi.Any(zones),
AllowDeletion: pulumi.Any(clusterAllowDeletion),
Tags: pulumi.Any(clusterTags),
Timeouts: &redpanda.ClusterTimeoutsArgs{
Create: pulumi.String("90m"),
},
})
if err != nil {
return err
}
testUser, err := redpanda.NewUser(ctx, "test", &redpanda.UserArgs{
Name: pulumi.Any(userName),
Password: pulumi.Any(userPw),
Mechanism: pulumi.Any(mechanism),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(userAllowDeletion),
})
if err != nil {
return err
}
var tmp0 pulumi.StringMap
if topicConfiguration != nil {
tmp0 = pulumi.Any(topicConfiguration)
} else {
tmp0 = pulumi.StringMap{
"cleanup.policy": pulumi.String("delete"),
"retention.ms": pulumi.Any(topicRetentionMs),
}
}
testTopic, err := redpanda.NewTopic(ctx, "test", &redpanda.TopicArgs{
Name: pulumi.Any(topicName),
PartitionCount: pulumi.Any(partitionCount),
ReplicationFactor: pulumi.Any(replicationFactor),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Bool(true),
Configuration: pulumi.StringMap(tmp0),
})
if err != nil {
return err
}
_, err = redpanda.NewAcl(ctx, "topic_access", &redpanda.AclArgs{
ResourceType: pulumi.String("TOPIC"),
ResourceName: testTopic.Name,
ResourcePatternType: pulumi.String("LITERAL"),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
Host: pulumi.String("*"),
Operation: pulumi.String("READ"),
PermissionType: pulumi.String("ALLOW"),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(aclAllowDeletion),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Redpanda = Pulumi.Redpanda;
return await Deployment.RunAsync(() =>
{
var test = new Redpanda.ResourceGroup("test", new()
{
Name = resourceGroupName,
});
var testNetwork = new Redpanda.Network("test", new()
{
Name = networkName,
ResourceGroupId = test.Id,
CloudProvider = cloudProvider,
Region = region,
ClusterType = "byoc",
CidrBlock = "10.0.0.0/20",
});
var testCluster = new Redpanda.Cluster("test", new()
{
Name = clusterName,
ResourceGroupId = test.Id,
NetworkId = testNetwork.Id,
CloudProvider = testNetwork.CloudProvider,
Region = testNetwork.Region,
ClusterType = testNetwork.ClusterType,
ConnectionType = "public",
ThroughputTier = throughputTier,
Zones = zones,
AllowDeletion = clusterAllowDeletion,
Tags = clusterTags,
Timeouts = new Redpanda.Inputs.ClusterTimeoutsArgs
{
Create = "90m",
},
});
var testUser = new Redpanda.User("test", new()
{
Name = userName,
Password = userPw,
Mechanism = mechanism,
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = userAllowDeletion,
});
var testTopic = new Redpanda.Topic("test", new()
{
Name = topicName,
PartitionCount = partitionCount,
ReplicationFactor = replicationFactor,
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = true,
Configuration = topicConfiguration != null ? topicConfiguration :
{
{ "cleanup.policy", "delete" },
{ "retention.ms", topicRetentionMs },
},
});
var topicAccess = new Redpanda.Acl("topic_access", new()
{
ResourceType = "TOPIC",
ResourceName = testTopic.Name,
ResourcePatternType = "LITERAL",
Principal = testUser.Name.Apply(name => $"User:{name}"),
Host = "*",
Operation = "READ",
PermissionType = "ALLOW",
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = aclAllowDeletion,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.redpanda.ResourceGroup;
import com.pulumi.redpanda.ResourceGroupArgs;
import com.pulumi.redpanda.Network;
import com.pulumi.redpanda.NetworkArgs;
import com.pulumi.redpanda.Cluster;
import com.pulumi.redpanda.ClusterArgs;
import com.pulumi.redpanda.inputs.ClusterTimeoutsArgs;
import com.pulumi.redpanda.User;
import com.pulumi.redpanda.UserArgs;
import com.pulumi.redpanda.Topic;
import com.pulumi.redpanda.TopicArgs;
import com.pulumi.redpanda.Acl;
import com.pulumi.redpanda.AclArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new ResourceGroup("test", ResourceGroupArgs.builder()
.name(resourceGroupName)
.build());
var testNetwork = new Network("testNetwork", NetworkArgs.builder()
.name(networkName)
.resourceGroupId(test.id())
.cloudProvider(cloudProvider)
.region(region)
.clusterType("byoc")
.cidrBlock("10.0.0.0/20")
.build());
var testCluster = new Cluster("testCluster", ClusterArgs.builder()
.name(clusterName)
.resourceGroupId(test.id())
.networkId(testNetwork.id())
.cloudProvider(testNetwork.cloudProvider())
.region(testNetwork.region())
.clusterType(testNetwork.clusterType())
.connectionType("public")
.throughputTier(throughputTier)
.zones(zones)
.allowDeletion(clusterAllowDeletion)
.tags(clusterTags)
.timeouts(ClusterTimeoutsArgs.builder()
.create("90m")
.build())
.build());
var testUser = new User("testUser", UserArgs.builder()
.name(userName)
.password(userPw)
.mechanism(mechanism)
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(userAllowDeletion)
.build());
var testTopic = new Topic("testTopic", TopicArgs.builder()
.name(topicName)
.partitionCount(partitionCount)
.replicationFactor(replicationFactor)
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(true)
.configuration(topicConfiguration != null ? topicConfiguration : Map.ofEntries(
Map.entry("cleanup.policy", "delete"),
Map.entry("retention.ms", topicRetentionMs)
))
.build());
var topicAccess = new Acl("topicAccess", AclArgs.builder()
.resourceType("TOPIC")
.resourceName(testTopic.name())
.resourcePatternType("LITERAL")
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.host("*")
.operation("READ")
.permissionType("ALLOW")
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(aclAllowDeletion)
.build());
}
}
Example coming soon!
Example coming soon!
GCP BYOC
To create a GCP BYOC cluster you must provide a GCP_PROJECT_ID and GOOGLE_CREDENTIALS. We also accept the credentials encoded in base64 format if you use GOOGLE_CREDENTIALS_BASE64. The account must have fairly wide ranging permissions to create the necessary infrastructure.
import * as pulumi from "@pulumi/pulumi";
import * as redpanda from "@pulumi/redpanda";
const test = new redpanda.ResourceGroup("test", {name: resourceGroupName});
const testNetwork = new redpanda.Network("test", {
name: networkName,
resourceGroupId: test.id,
cloudProvider: cloudProvider,
region: region,
clusterType: "byoc",
cidrBlock: "10.0.0.0/20",
});
const testCluster = new redpanda.Cluster("test", {
name: clusterName,
resourceGroupId: test.id,
networkId: testNetwork.id,
cloudProvider: testNetwork.cloudProvider,
region: testNetwork.region,
clusterType: testNetwork.clusterType,
connectionType: "public",
throughputTier: throughputTier,
zones: zones,
allowDeletion: clusterAllowDeletion,
tags: clusterTags,
});
const testUser = new redpanda.User("test", {
name: userName,
password: userPw,
mechanism: mechanism,
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: userAllowDeletion,
});
const testTopic = new redpanda.Topic("test", {
name: topicName,
partitionCount: partitionCount,
replicationFactor: replicationFactor,
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: true,
configuration: topicConfiguration != null ? topicConfiguration : {
"cleanup.policy": "delete",
"retention.ms": topicRetentionMs,
},
});
const topicAccess = new redpanda.Acl("topic_access", {
resourceType: "TOPIC",
resourceName: testTopic.name,
resourcePatternType: "LITERAL",
principal: pulumi.interpolate`User:${testUser.name}`,
host: "*",
operation: "READ",
permissionType: "ALLOW",
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: aclAllowDeletion,
});
import pulumi
import pulumi_redpanda as redpanda
test = redpanda.ResourceGroup("test", name=resource_group_name)
test_network = redpanda.Network("test",
name=network_name,
resource_group_id=test.id,
cloud_provider=cloud_provider,
region=region,
cluster_type="byoc",
cidr_block="10.0.0.0/20")
test_cluster = redpanda.Cluster("test",
name=cluster_name,
resource_group_id=test.id,
network_id=test_network.id,
cloud_provider=test_network.cloud_provider,
region=test_network.region,
cluster_type=test_network.cluster_type,
connection_type="public",
throughput_tier=throughput_tier,
zones=zones,
allow_deletion=cluster_allow_deletion,
tags=cluster_tags)
test_user = redpanda.User("test",
name=user_name,
password=user_pw,
mechanism=mechanism,
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=user_allow_deletion)
test_topic = redpanda.Topic("test",
name=topic_name,
partition_count=partition_count,
replication_factor=replication_factor,
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=True,
configuration=topic_configuration if topic_configuration != None else {
"cleanup.policy": "delete",
"retention.ms": topic_retention_ms,
})
topic_access = redpanda.Acl("topic_access",
resource_type="TOPIC",
resource_name_=test_topic.name,
resource_pattern_type="LITERAL",
principal=test_user.name.apply(lambda name: f"User:{name}"),
host="*",
operation="READ",
permission_type="ALLOW",
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=acl_allow_deletion)
package main
import (
"fmt"
"github.com/pulumi/pulumi-terraform-provider/sdks/go/redpanda/v2/redpanda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
test, err := redpanda.NewResourceGroup(ctx, "test", &redpanda.ResourceGroupArgs{
Name: pulumi.Any(resourceGroupName),
})
if err != nil {
return err
}
testNetwork, err := redpanda.NewNetwork(ctx, "test", &redpanda.NetworkArgs{
Name: pulumi.Any(networkName),
ResourceGroupId: test.ID(),
CloudProvider: pulumi.Any(cloudProvider),
Region: pulumi.Any(region),
ClusterType: pulumi.String("byoc"),
CidrBlock: pulumi.String("10.0.0.0/20"),
})
if err != nil {
return err
}
testCluster, err := redpanda.NewCluster(ctx, "test", &redpanda.ClusterArgs{
Name: pulumi.Any(clusterName),
ResourceGroupId: test.ID(),
NetworkId: testNetwork.ID(),
CloudProvider: testNetwork.CloudProvider,
Region: testNetwork.Region,
ClusterType: testNetwork.ClusterType,
ConnectionType: pulumi.String("public"),
ThroughputTier: pulumi.Any(throughputTier),
Zones: pulumi.Any(zones),
AllowDeletion: pulumi.Any(clusterAllowDeletion),
Tags: pulumi.Any(clusterTags),
})
if err != nil {
return err
}
testUser, err := redpanda.NewUser(ctx, "test", &redpanda.UserArgs{
Name: pulumi.Any(userName),
Password: pulumi.Any(userPw),
Mechanism: pulumi.Any(mechanism),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(userAllowDeletion),
})
if err != nil {
return err
}
var tmp0 pulumi.StringMap
if topicConfiguration != nil {
tmp0 = pulumi.Any(topicConfiguration)
} else {
tmp0 = pulumi.StringMap{
"cleanup.policy": pulumi.String("delete"),
"retention.ms": pulumi.Any(topicRetentionMs),
}
}
testTopic, err := redpanda.NewTopic(ctx, "test", &redpanda.TopicArgs{
Name: pulumi.Any(topicName),
PartitionCount: pulumi.Any(partitionCount),
ReplicationFactor: pulumi.Any(replicationFactor),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Bool(true),
Configuration: pulumi.StringMap(tmp0),
})
if err != nil {
return err
}
_, err = redpanda.NewAcl(ctx, "topic_access", &redpanda.AclArgs{
ResourceType: pulumi.String("TOPIC"),
ResourceName: testTopic.Name,
ResourcePatternType: pulumi.String("LITERAL"),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
Host: pulumi.String("*"),
Operation: pulumi.String("READ"),
PermissionType: pulumi.String("ALLOW"),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(aclAllowDeletion),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Redpanda = Pulumi.Redpanda;
return await Deployment.RunAsync(() =>
{
var test = new Redpanda.ResourceGroup("test", new()
{
Name = resourceGroupName,
});
var testNetwork = new Redpanda.Network("test", new()
{
Name = networkName,
ResourceGroupId = test.Id,
CloudProvider = cloudProvider,
Region = region,
ClusterType = "byoc",
CidrBlock = "10.0.0.0/20",
});
var testCluster = new Redpanda.Cluster("test", new()
{
Name = clusterName,
ResourceGroupId = test.Id,
NetworkId = testNetwork.Id,
CloudProvider = testNetwork.CloudProvider,
Region = testNetwork.Region,
ClusterType = testNetwork.ClusterType,
ConnectionType = "public",
ThroughputTier = throughputTier,
Zones = zones,
AllowDeletion = clusterAllowDeletion,
Tags = clusterTags,
});
var testUser = new Redpanda.User("test", new()
{
Name = userName,
Password = userPw,
Mechanism = mechanism,
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = userAllowDeletion,
});
var testTopic = new Redpanda.Topic("test", new()
{
Name = topicName,
PartitionCount = partitionCount,
ReplicationFactor = replicationFactor,
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = true,
Configuration = topicConfiguration != null ? topicConfiguration :
{
{ "cleanup.policy", "delete" },
{ "retention.ms", topicRetentionMs },
},
});
var topicAccess = new Redpanda.Acl("topic_access", new()
{
ResourceType = "TOPIC",
ResourceName = testTopic.Name,
ResourcePatternType = "LITERAL",
Principal = testUser.Name.Apply(name => $"User:{name}"),
Host = "*",
Operation = "READ",
PermissionType = "ALLOW",
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = aclAllowDeletion,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.redpanda.ResourceGroup;
import com.pulumi.redpanda.ResourceGroupArgs;
import com.pulumi.redpanda.Network;
import com.pulumi.redpanda.NetworkArgs;
import com.pulumi.redpanda.Cluster;
import com.pulumi.redpanda.ClusterArgs;
import com.pulumi.redpanda.User;
import com.pulumi.redpanda.UserArgs;
import com.pulumi.redpanda.Topic;
import com.pulumi.redpanda.TopicArgs;
import com.pulumi.redpanda.Acl;
import com.pulumi.redpanda.AclArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new ResourceGroup("test", ResourceGroupArgs.builder()
.name(resourceGroupName)
.build());
var testNetwork = new Network("testNetwork", NetworkArgs.builder()
.name(networkName)
.resourceGroupId(test.id())
.cloudProvider(cloudProvider)
.region(region)
.clusterType("byoc")
.cidrBlock("10.0.0.0/20")
.build());
var testCluster = new Cluster("testCluster", ClusterArgs.builder()
.name(clusterName)
.resourceGroupId(test.id())
.networkId(testNetwork.id())
.cloudProvider(testNetwork.cloudProvider())
.region(testNetwork.region())
.clusterType(testNetwork.clusterType())
.connectionType("public")
.throughputTier(throughputTier)
.zones(zones)
.allowDeletion(clusterAllowDeletion)
.tags(clusterTags)
.build());
var testUser = new User("testUser", UserArgs.builder()
.name(userName)
.password(userPw)
.mechanism(mechanism)
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(userAllowDeletion)
.build());
var testTopic = new Topic("testTopic", TopicArgs.builder()
.name(topicName)
.partitionCount(partitionCount)
.replicationFactor(replicationFactor)
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(true)
.configuration(topicConfiguration != null ? topicConfiguration : Map.ofEntries(
Map.entry("cleanup.policy", "delete"),
Map.entry("retention.ms", topicRetentionMs)
))
.build());
var topicAccess = new Acl("topicAccess", AclArgs.builder()
.resourceType("TOPIC")
.resourceName(testTopic.name())
.resourcePatternType("LITERAL")
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.host("*")
.operation("READ")
.permissionType("ALLOW")
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(aclAllowDeletion)
.build());
}
}
Example coming soon!
Example coming soon!
Azure BYOC
To create a BYOC Azure cluster you must provide Azure credentials, be logged in to the Azure CLI, or specify an Azure authentication method. This provider supports the same authentication methods and environment variables as the official AzureRM provider. For example, to use a service principal and client certificate, you can pass the environment variables ARM_CLIENT_ID, ARM_CLIENT_SECRET, ARM_TENANT_ID, and ARM_SUBSCRIPTION_ID.
The account must have fairly wide ranging permissions to create the necessary infrastructure.
import * as pulumi from "@pulumi/pulumi";
import * as redpanda from "@pulumi/redpanda";
const test = new redpanda.ResourceGroup("test", {name: resourceGroupName});
const testNetwork = new redpanda.Network("test", {
name: networkName,
resourceGroupId: test.id,
cloudProvider: cloudProvider,
region: region,
clusterType: "byoc",
cidrBlock: "10.0.0.0/20",
});
const testCluster = new redpanda.Cluster("test", {
name: clusterName,
resourceGroupId: test.id,
networkId: testNetwork.id,
cloudProvider: testNetwork.cloudProvider,
region: testNetwork.region,
clusterType: testNetwork.clusterType,
connectionType: "public",
throughputTier: throughputTier,
zones: zones,
allowDeletion: clusterAllowDeletion,
tags: clusterTags,
});
const testUser = new redpanda.User("test", {
name: userName,
password: userPw,
mechanism: mechanism,
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: userAllowDeletion,
});
const testTopic = new redpanda.Topic("test", {
name: topicName,
partitionCount: partitionCount,
replicationFactor: replicationFactor,
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: true,
configuration: {
"cleanup.policy": "delete",
"retention.ms": topicRetentionMs,
},
});
const topicAccess = new redpanda.Acl("topic_access", {
resourceType: "TOPIC",
resourceName: testTopic.name,
resourcePatternType: "LITERAL",
principal: pulumi.interpolate`User:${testUser.name}`,
host: "*",
operation: "READ",
permissionType: "ALLOW",
clusterApiUrl: testCluster.clusterApiUrl,
allowDeletion: aclAllowDeletion,
});
import pulumi
import pulumi_redpanda as redpanda
test = redpanda.ResourceGroup("test", name=resource_group_name)
test_network = redpanda.Network("test",
name=network_name,
resource_group_id=test.id,
cloud_provider=cloud_provider,
region=region,
cluster_type="byoc",
cidr_block="10.0.0.0/20")
test_cluster = redpanda.Cluster("test",
name=cluster_name,
resource_group_id=test.id,
network_id=test_network.id,
cloud_provider=test_network.cloud_provider,
region=test_network.region,
cluster_type=test_network.cluster_type,
connection_type="public",
throughput_tier=throughput_tier,
zones=zones,
allow_deletion=cluster_allow_deletion,
tags=cluster_tags)
test_user = redpanda.User("test",
name=user_name,
password=user_pw,
mechanism=mechanism,
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=user_allow_deletion)
test_topic = redpanda.Topic("test",
name=topic_name,
partition_count=partition_count,
replication_factor=replication_factor,
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=True,
configuration={
"cleanup.policy": "delete",
"retention.ms": topic_retention_ms,
})
topic_access = redpanda.Acl("topic_access",
resource_type="TOPIC",
resource_name_=test_topic.name,
resource_pattern_type="LITERAL",
principal=test_user.name.apply(lambda name: f"User:{name}"),
host="*",
operation="READ",
permission_type="ALLOW",
cluster_api_url=test_cluster.cluster_api_url,
allow_deletion=acl_allow_deletion)
package main
import (
"fmt"
"github.com/pulumi/pulumi-terraform-provider/sdks/go/redpanda/v2/redpanda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
test, err := redpanda.NewResourceGroup(ctx, "test", &redpanda.ResourceGroupArgs{
Name: pulumi.Any(resourceGroupName),
})
if err != nil {
return err
}
testNetwork, err := redpanda.NewNetwork(ctx, "test", &redpanda.NetworkArgs{
Name: pulumi.Any(networkName),
ResourceGroupId: test.ID(),
CloudProvider: pulumi.Any(cloudProvider),
Region: pulumi.Any(region),
ClusterType: pulumi.String("byoc"),
CidrBlock: pulumi.String("10.0.0.0/20"),
})
if err != nil {
return err
}
testCluster, err := redpanda.NewCluster(ctx, "test", &redpanda.ClusterArgs{
Name: pulumi.Any(clusterName),
ResourceGroupId: test.ID(),
NetworkId: testNetwork.ID(),
CloudProvider: testNetwork.CloudProvider,
Region: testNetwork.Region,
ClusterType: testNetwork.ClusterType,
ConnectionType: pulumi.String("public"),
ThroughputTier: pulumi.Any(throughputTier),
Zones: pulumi.Any(zones),
AllowDeletion: pulumi.Any(clusterAllowDeletion),
Tags: pulumi.Any(clusterTags),
})
if err != nil {
return err
}
testUser, err := redpanda.NewUser(ctx, "test", &redpanda.UserArgs{
Name: pulumi.Any(userName),
Password: pulumi.Any(userPw),
Mechanism: pulumi.Any(mechanism),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(userAllowDeletion),
})
if err != nil {
return err
}
testTopic, err := redpanda.NewTopic(ctx, "test", &redpanda.TopicArgs{
Name: pulumi.Any(topicName),
PartitionCount: pulumi.Any(partitionCount),
ReplicationFactor: pulumi.Any(replicationFactor),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Bool(true),
Configuration: pulumi.StringMap{
"cleanup.policy": pulumi.String("delete"),
"retention.ms": pulumi.Any(topicRetentionMs),
},
})
if err != nil {
return err
}
_, err = redpanda.NewAcl(ctx, "topic_access", &redpanda.AclArgs{
ResourceType: pulumi.String("TOPIC"),
ResourceName: testTopic.Name,
ResourcePatternType: pulumi.String("LITERAL"),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
Host: pulumi.String("*"),
Operation: pulumi.String("READ"),
PermissionType: pulumi.String("ALLOW"),
ClusterApiUrl: testCluster.ClusterApiUrl,
AllowDeletion: pulumi.Any(aclAllowDeletion),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Redpanda = Pulumi.Redpanda;
return await Deployment.RunAsync(() =>
{
var test = new Redpanda.ResourceGroup("test", new()
{
Name = resourceGroupName,
});
var testNetwork = new Redpanda.Network("test", new()
{
Name = networkName,
ResourceGroupId = test.Id,
CloudProvider = cloudProvider,
Region = region,
ClusterType = "byoc",
CidrBlock = "10.0.0.0/20",
});
var testCluster = new Redpanda.Cluster("test", new()
{
Name = clusterName,
ResourceGroupId = test.Id,
NetworkId = testNetwork.Id,
CloudProvider = testNetwork.CloudProvider,
Region = testNetwork.Region,
ClusterType = testNetwork.ClusterType,
ConnectionType = "public",
ThroughputTier = throughputTier,
Zones = zones,
AllowDeletion = clusterAllowDeletion,
Tags = clusterTags,
});
var testUser = new Redpanda.User("test", new()
{
Name = userName,
Password = userPw,
Mechanism = mechanism,
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = userAllowDeletion,
});
var testTopic = new Redpanda.Topic("test", new()
{
Name = topicName,
PartitionCount = partitionCount,
ReplicationFactor = replicationFactor,
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = true,
Configuration =
{
{ "cleanup.policy", "delete" },
{ "retention.ms", topicRetentionMs },
},
});
var topicAccess = new Redpanda.Acl("topic_access", new()
{
ResourceType = "TOPIC",
ResourceName = testTopic.Name,
ResourcePatternType = "LITERAL",
Principal = testUser.Name.Apply(name => $"User:{name}"),
Host = "*",
Operation = "READ",
PermissionType = "ALLOW",
ClusterApiUrl = testCluster.ClusterApiUrl,
AllowDeletion = aclAllowDeletion,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.redpanda.ResourceGroup;
import com.pulumi.redpanda.ResourceGroupArgs;
import com.pulumi.redpanda.Network;
import com.pulumi.redpanda.NetworkArgs;
import com.pulumi.redpanda.Cluster;
import com.pulumi.redpanda.ClusterArgs;
import com.pulumi.redpanda.User;
import com.pulumi.redpanda.UserArgs;
import com.pulumi.redpanda.Topic;
import com.pulumi.redpanda.TopicArgs;
import com.pulumi.redpanda.Acl;
import com.pulumi.redpanda.AclArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new ResourceGroup("test", ResourceGroupArgs.builder()
.name(resourceGroupName)
.build());
var testNetwork = new Network("testNetwork", NetworkArgs.builder()
.name(networkName)
.resourceGroupId(test.id())
.cloudProvider(cloudProvider)
.region(region)
.clusterType("byoc")
.cidrBlock("10.0.0.0/20")
.build());
var testCluster = new Cluster("testCluster", ClusterArgs.builder()
.name(clusterName)
.resourceGroupId(test.id())
.networkId(testNetwork.id())
.cloudProvider(testNetwork.cloudProvider())
.region(testNetwork.region())
.clusterType(testNetwork.clusterType())
.connectionType("public")
.throughputTier(throughputTier)
.zones(zones)
.allowDeletion(clusterAllowDeletion)
.tags(clusterTags)
.build());
var testUser = new User("testUser", UserArgs.builder()
.name(userName)
.password(userPw)
.mechanism(mechanism)
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(userAllowDeletion)
.build());
var testTopic = new Topic("testTopic", TopicArgs.builder()
.name(topicName)
.partitionCount(partitionCount)
.replicationFactor(replicationFactor)
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(true)
.configuration(Map.ofEntries(
Map.entry("cleanup.policy", "delete"),
Map.entry("retention.ms", topicRetentionMs)
))
.build());
var topicAccess = new Acl("topicAccess", AclArgs.builder()
.resourceType("TOPIC")
.resourceName(testTopic.name())
.resourcePatternType("LITERAL")
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.host("*")
.operation("READ")
.permissionType("ALLOW")
.clusterApiUrl(testCluster.clusterApiUrl())
.allowDeletion(aclAllowDeletion)
.build());
}
}
resources:
test:
type: redpanda:ResourceGroup
properties:
name: ${resourceGroupName}
testNetwork:
type: redpanda:Network
name: test
properties:
name: ${networkName}
resourceGroupId: ${test.id}
cloudProvider: ${cloudProvider}
region: ${region}
clusterType: byoc
cidrBlock: 10.0.0.0/20
testCluster:
type: redpanda:Cluster
name: test
properties:
name: ${clusterName}
resourceGroupId: ${test.id}
networkId: ${testNetwork.id}
cloudProvider: ${testNetwork.cloudProvider}
region: ${testNetwork.region}
clusterType: ${testNetwork.clusterType}
connectionType: public
throughputTier: ${throughputTier}
zones: ${zones}
allowDeletion: ${clusterAllowDeletion}
tags: ${clusterTags}
testUser:
type: redpanda:User
name: test
properties:
name: ${userName}
password: ${userPw}
mechanism: ${mechanism}
clusterApiUrl: ${testCluster.clusterApiUrl}
allowDeletion: ${userAllowDeletion}
testTopic:
type: redpanda:Topic
name: test
properties:
name: ${topicName}
partitionCount: ${partitionCount}
replicationFactor: ${replicationFactor}
clusterApiUrl: ${testCluster.clusterApiUrl}
allowDeletion: true
configuration:
cleanup.policy: delete
retention.ms: ${topicRetentionMs}
topicAccess:
type: redpanda:Acl
name: topic_access
properties:
resourceType: TOPIC
resourceName: ${testTopic.name}
resourcePatternType: LITERAL
principal: User:${testUser.name}
host: '*'
operation: READ
permissionType: ALLOW
clusterApiUrl: ${testCluster.clusterApiUrl}
allowDeletion: ${aclAllowDeletion}
Example coming soon!
BYOVPC
This accepts a network and other elements created by the end user inside their cloud provider account (currently limited to AWS) and builds a Redpanda Cluster inside it.
There is a module provided for convenience of the end user here that handles the necessary setup. It contains outputs for the inputs the provider requires.
Example Usage of a data source BYOC to manage users and ACLs
import * as pulumi from "@pulumi/pulumi";
import * as redpanda from "@pulumi/redpanda";
const test = redpanda.getCluster({
id: clusterId,
});
const testTopic = new redpanda.Topic("test", {
name: topicName,
partitionCount: partitionCount,
replicationFactor: replicationFactor,
clusterApiUrl: test.then(test => test.clusterApiUrl),
allowDeletion: true,
configuration: topicConfig,
});
const testUser = new redpanda.User("test", {
name: userName,
password: userPw,
mechanism: mechanism,
clusterApiUrl: test.then(test => test.clusterApiUrl),
allowDeletion: userAllowDeletion,
});
const testAcl = new redpanda.Acl("test", {
resourceType: "CLUSTER",
resourceName: "kafka-cluster",
resourcePatternType: "LITERAL",
principal: pulumi.interpolate`User:${testUser.name}`,
host: "*",
operation: "ALTER",
permissionType: "ALLOW",
clusterApiUrl: test.then(test => test.clusterApiUrl),
allowDeletion: aclAllowDeletion,
});
import pulumi
import pulumi_redpanda as redpanda
test = redpanda.get_cluster(id=cluster_id)
test_topic = redpanda.Topic("test",
name=topic_name,
partition_count=partition_count,
replication_factor=replication_factor,
cluster_api_url=test.cluster_api_url,
allow_deletion=True,
configuration=topic_config)
test_user = redpanda.User("test",
name=user_name,
password=user_pw,
mechanism=mechanism,
cluster_api_url=test.cluster_api_url,
allow_deletion=user_allow_deletion)
test_acl = redpanda.Acl("test",
resource_type="CLUSTER",
resource_name_="kafka-cluster",
resource_pattern_type="LITERAL",
principal=test_user.name.apply(lambda name: f"User:{name}"),
host="*",
operation="ALTER",
permission_type="ALLOW",
cluster_api_url=test.cluster_api_url,
allow_deletion=acl_allow_deletion)
package main
import (
"fmt"
"github.com/pulumi/pulumi-terraform-provider/sdks/go/redpanda/v2/redpanda"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
test, err := redpanda.LookupCluster(ctx, &redpanda.LookupClusterArgs{
Id: clusterId,
}, nil)
if err != nil {
return err
}
_, err = redpanda.NewTopic(ctx, "test", &redpanda.TopicArgs{
Name: pulumi.Any(topicName),
PartitionCount: pulumi.Any(partitionCount),
ReplicationFactor: pulumi.Any(replicationFactor),
ClusterApiUrl: pulumi.String(test.ClusterApiUrl),
AllowDeletion: pulumi.Bool(true),
Configuration: pulumi.Any(topicConfig),
})
if err != nil {
return err
}
testUser, err := redpanda.NewUser(ctx, "test", &redpanda.UserArgs{
Name: pulumi.Any(userName),
Password: pulumi.Any(userPw),
Mechanism: pulumi.Any(mechanism),
ClusterApiUrl: pulumi.String(test.ClusterApiUrl),
AllowDeletion: pulumi.Any(userAllowDeletion),
})
if err != nil {
return err
}
_, err = redpanda.NewAcl(ctx, "test", &redpanda.AclArgs{
ResourceType: pulumi.String("CLUSTER"),
ResourceName: pulumi.String("kafka-cluster"),
ResourcePatternType: pulumi.String("LITERAL"),
Principal: testUser.Name.ApplyT(func(name string) (string, error) {
return fmt.Sprintf("User:%v", name), nil
}).(pulumi.StringOutput),
Host: pulumi.String("*"),
Operation: pulumi.String("ALTER"),
PermissionType: pulumi.String("ALLOW"),
ClusterApiUrl: pulumi.String(test.ClusterApiUrl),
AllowDeletion: pulumi.Any(aclAllowDeletion),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Redpanda = Pulumi.Redpanda;
return await Deployment.RunAsync(() =>
{
var test = Redpanda.GetCluster.Invoke(new()
{
Id = clusterId,
});
var testTopic = new Redpanda.Topic("test", new()
{
Name = topicName,
PartitionCount = partitionCount,
ReplicationFactor = replicationFactor,
ClusterApiUrl = test.Apply(getClusterResult => getClusterResult.ClusterApiUrl),
AllowDeletion = true,
Configuration = topicConfig,
});
var testUser = new Redpanda.User("test", new()
{
Name = userName,
Password = userPw,
Mechanism = mechanism,
ClusterApiUrl = test.Apply(getClusterResult => getClusterResult.ClusterApiUrl),
AllowDeletion = userAllowDeletion,
});
var testAcl = new Redpanda.Acl("test", new()
{
ResourceType = "CLUSTER",
ResourceName = "kafka-cluster",
ResourcePatternType = "LITERAL",
Principal = testUser.Name.Apply(name => $"User:{name}"),
Host = "*",
Operation = "ALTER",
PermissionType = "ALLOW",
ClusterApiUrl = test.Apply(getClusterResult => getClusterResult.ClusterApiUrl),
AllowDeletion = aclAllowDeletion,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.redpanda.RedpandaFunctions;
import com.pulumi.redpanda.inputs.GetClusterArgs;
import com.pulumi.redpanda.Topic;
import com.pulumi.redpanda.TopicArgs;
import com.pulumi.redpanda.User;
import com.pulumi.redpanda.UserArgs;
import com.pulumi.redpanda.Acl;
import com.pulumi.redpanda.AclArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var test = RedpandaFunctions.getCluster(GetClusterArgs.builder()
.id(clusterId)
.build());
var testTopic = new Topic("testTopic", TopicArgs.builder()
.name(topicName)
.partitionCount(partitionCount)
.replicationFactor(replicationFactor)
.clusterApiUrl(test.clusterApiUrl())
.allowDeletion(true)
.configuration(topicConfig)
.build());
var testUser = new User("testUser", UserArgs.builder()
.name(userName)
.password(userPw)
.mechanism(mechanism)
.clusterApiUrl(test.clusterApiUrl())
.allowDeletion(userAllowDeletion)
.build());
var testAcl = new Acl("testAcl", AclArgs.builder()
.resourceType("CLUSTER")
.resourceName("kafka-cluster")
.resourcePatternType("LITERAL")
.principal(testUser.name().applyValue(_name -> String.format("User:%s", _name)))
.host("*")
.operation("ALTER")
.permissionType("ALLOW")
.clusterApiUrl(test.clusterApiUrl())
.allowDeletion(aclAllowDeletion)
.build());
}
}
resources:
testTopic:
type: redpanda:Topic
name: test
properties:
name: ${topicName}
partitionCount: ${partitionCount}
replicationFactor: ${replicationFactor}
clusterApiUrl: ${test.clusterApiUrl}
allowDeletion: true
configuration: ${topicConfig}
testUser:
type: redpanda:User
name: test
properties:
name: ${userName}
password: ${userPw}
mechanism: ${mechanism}
clusterApiUrl: ${test.clusterApiUrl}
allowDeletion: ${userAllowDeletion}
testAcl:
type: redpanda:Acl
name: test
properties:
resourceType: CLUSTER
resourceName: kafka-cluster
resourcePatternType: LITERAL
principal: User:${testUser.name}
host: '*'
operation: ALTER
permissionType: ALLOW
clusterApiUrl: ${test.clusterApiUrl}
allowDeletion: ${aclAllowDeletion}
variables:
test:
fn::invoke:
function: redpanda:getCluster
arguments:
id: ${clusterId}
Example coming soon!
API Reference
For more information, see the Redpanda Cloud Control Plane API documentation.
Create Cluster Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Cluster(name: string, args: ClusterArgs, opts?: CustomResourceOptions);@overload
def Cluster(resource_name: str,
args: ClusterArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Cluster(resource_name: str,
opts: Optional[ResourceOptions] = None,
connection_type: Optional[str] = None,
zones: Optional[Sequence[str]] = None,
throughput_tier: Optional[str] = None,
resource_group_id: Optional[str] = None,
cloud_provider: Optional[str] = None,
region: Optional[str] = None,
network_id: Optional[str] = None,
cluster_type: Optional[str] = None,
read_replica_cluster_ids: Optional[Sequence[str]] = None,
customer_managed_resources: Optional[ClusterCustomerManagedResourcesArgs] = None,
gcp_global_access_api_gateway_enabled: Optional[bool] = None,
gcp_private_service_connect: Optional[ClusterGcpPrivateServiceConnectArgs] = None,
http_proxy: Optional[ClusterHttpProxyArgs] = None,
kafka_api: Optional[ClusterKafkaApiArgs] = None,
kafka_connect: Optional[ClusterKafkaConnectArgs] = None,
maintenance_window_config: Optional[ClusterMaintenanceWindowConfigArgs] = None,
name: Optional[str] = None,
cluster_configuration: Optional[ClusterClusterConfigurationArgs] = None,
allow_deletion: Optional[bool] = None,
redpanda_node_count: Optional[float] = None,
redpanda_version: Optional[str] = None,
cloud_storage: Optional[ClusterCloudStorageArgs] = None,
azure_private_link: Optional[ClusterAzurePrivateLinkArgs] = None,
rpsql: Optional[ClusterRpsqlArgs] = None,
schema_registry: Optional[ClusterSchemaRegistryArgs] = None,
tags: Optional[Mapping[str, str]] = None,
aws_private_link: Optional[ClusterAwsPrivateLinkArgs] = None,
timeouts: Optional[ClusterTimeoutsArgs] = None,
api_gateway_access: Optional[str] = None)func NewCluster(ctx *Context, name string, args ClusterArgs, opts ...ResourceOption) (*Cluster, error)public Cluster(string name, ClusterArgs args, CustomResourceOptions? opts = null)
public Cluster(String name, ClusterArgs args)
public Cluster(String name, ClusterArgs args, CustomResourceOptions options)
type: redpanda:Cluster
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
resource "redpanda_cluster" "name" {
# resource properties
}Parameters
- name string
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var clusterResource = new Redpanda.Cluster("clusterResource", new()
{
ConnectionType = "string",
Zones = new[]
{
"string",
},
ThroughputTier = "string",
ResourceGroupId = "string",
CloudProvider = "string",
Region = "string",
NetworkId = "string",
ClusterType = "string",
ReadReplicaClusterIds = new[]
{
"string",
},
CustomerManagedResources = new Redpanda.Inputs.ClusterCustomerManagedResourcesArgs
{
Aws = new Redpanda.Inputs.ClusterCustomerManagedResourcesAwsArgs
{
NodeSecurityGroup = new Redpanda.Inputs.ClusterCustomerManagedResourcesAwsNodeSecurityGroupArgs
{
Arn = "string",
},
PermissionsBoundaryPolicy = new Redpanda.Inputs.ClusterCustomerManagedResourcesAwsPermissionsBoundaryPolicyArgs
{
Arn = "string",
},
ClusterSecurityGroup = new Redpanda.Inputs.ClusterCustomerManagedResourcesAwsClusterSecurityGroupArgs
{
Arn = "string",
},
ConnectorsNodeGroupInstanceProfile = new Redpanda.Inputs.ClusterCustomerManagedResourcesAwsConnectorsNodeGroupInstanceProfileArgs
{
Arn = "string",
},
ConnectorsSecurityGroup = new Redpanda.Inputs.ClusterCustomerManagedResourcesAwsConnectorsSecurityGroupArgs
{
Arn = "string",
},
K8sClusterRole = new Redpanda.Inputs.ClusterCustomerManagedResourcesAwsK8sClusterRoleArgs
{
Arn = "string",
},
CloudStorageBucket = new Redpanda.Inputs.ClusterCustomerManagedResourcesAwsCloudStorageBucketArgs
{
Arn = "string",
},
UtilitySecurityGroup = new Redpanda.Inputs.ClusterCustomerManagedResourcesAwsUtilitySecurityGroupArgs
{
Arn = "string",
},
AgentInstanceProfile = new Redpanda.Inputs.ClusterCustomerManagedResourcesAwsAgentInstanceProfileArgs
{
Arn = "string",
},
UtilityNodeGroupInstanceProfile = new Redpanda.Inputs.ClusterCustomerManagedResourcesAwsUtilityNodeGroupInstanceProfileArgs
{
Arn = "string",
},
RedpandaAgentSecurityGroup = new Redpanda.Inputs.ClusterCustomerManagedResourcesAwsRedpandaAgentSecurityGroupArgs
{
Arn = "string",
},
RedpandaNodeGroupInstanceProfile = new Redpanda.Inputs.ClusterCustomerManagedResourcesAwsRedpandaNodeGroupInstanceProfileArgs
{
Arn = "string",
},
RedpandaNodeGroupSecurityGroup = new Redpanda.Inputs.ClusterCustomerManagedResourcesAwsRedpandaNodeGroupSecurityGroupArgs
{
Arn = "string",
},
RedpandaConnectNodeGroupInstanceProfile = new Redpanda.Inputs.ClusterCustomerManagedResourcesAwsRedpandaConnectNodeGroupInstanceProfileArgs
{
Arn = "string",
},
RedpandaConnectSecurityGroup = new Redpanda.Inputs.ClusterCustomerManagedResourcesAwsRedpandaConnectSecurityGroupArgs
{
Arn = "string",
},
},
Gcp = new Redpanda.Inputs.ClusterCustomerManagedResourcesGcpArgs
{
AgentServiceAccount = new Redpanda.Inputs.ClusterCustomerManagedResourcesGcpAgentServiceAccountArgs
{
Email = "string",
},
ConnectorServiceAccount = new Redpanda.Inputs.ClusterCustomerManagedResourcesGcpConnectorServiceAccountArgs
{
Email = "string",
},
ConsoleServiceAccount = new Redpanda.Inputs.ClusterCustomerManagedResourcesGcpConsoleServiceAccountArgs
{
Email = "string",
},
GkeServiceAccount = new Redpanda.Inputs.ClusterCustomerManagedResourcesGcpGkeServiceAccountArgs
{
Email = "string",
},
RedpandaClusterServiceAccount = new Redpanda.Inputs.ClusterCustomerManagedResourcesGcpRedpandaClusterServiceAccountArgs
{
Email = "string",
},
Subnet = new Redpanda.Inputs.ClusterCustomerManagedResourcesGcpSubnetArgs
{
K8sMasterIpv4Range = "string",
Name = "string",
SecondaryIpv4RangePods = new Redpanda.Inputs.ClusterCustomerManagedResourcesGcpSubnetSecondaryIpv4RangePodsArgs
{
Name = "string",
},
SecondaryIpv4RangeServices = new Redpanda.Inputs.ClusterCustomerManagedResourcesGcpSubnetSecondaryIpv4RangeServicesArgs
{
Name = "string",
},
},
TieredStorageBucket = new Redpanda.Inputs.ClusterCustomerManagedResourcesGcpTieredStorageBucketArgs
{
Name = "string",
},
PscNatSubnetName = "string",
},
},
GcpGlobalAccessApiGatewayEnabled = false,
GcpPrivateServiceConnect = new Redpanda.Inputs.ClusterGcpPrivateServiceConnectArgs
{
ConsumerAcceptLists = new[]
{
new Redpanda.Inputs.ClusterGcpPrivateServiceConnectConsumerAcceptListArgs
{
Source = "string",
},
},
Enabled = false,
GlobalAccessEnabled = false,
Status = new Redpanda.Inputs.ClusterGcpPrivateServiceConnectStatusArgs
{
ConnectedEndpoints = new[]
{
new Redpanda.Inputs.ClusterGcpPrivateServiceConnectStatusConnectedEndpointArgs
{
ConnectionId = "string",
ConsumerNetwork = "string",
Endpoint = "string",
Status = "string",
},
},
DnsARecords = new[]
{
"string",
},
KafkaApiNodeBasePort = 0,
KafkaApiSeedPort = 0,
RedpandaProxyNodeBasePort = 0,
RedpandaProxySeedPort = 0,
SchemaRegistrySeedPort = 0,
SeedHostname = "string",
ServiceAttachment = "string",
},
},
HttpProxy = new Redpanda.Inputs.ClusterHttpProxyArgs
{
AllUrls = new Redpanda.Inputs.ClusterHttpProxyAllUrlsArgs
{
Mtls = "string",
PrivateLinkMtls = "string",
PrivateLinkSasl = "string",
Sasl = "string",
},
Mtls = new Redpanda.Inputs.ClusterHttpProxyMtlsArgs
{
CaCertificatesPems = new[]
{
"string",
},
Enabled = false,
PrincipalMappingRules = new[]
{
"string",
},
},
Sasl = new Redpanda.Inputs.ClusterHttpProxySaslArgs
{
Enabled = false,
},
Url = "string",
},
KafkaApi = new Redpanda.Inputs.ClusterKafkaApiArgs
{
AllSeedBrokers = new Redpanda.Inputs.ClusterKafkaApiAllSeedBrokersArgs
{
Mtls = "string",
PrivateLinkMtls = "string",
PrivateLinkSasl = "string",
Sasl = "string",
},
Mtls = new Redpanda.Inputs.ClusterKafkaApiMtlsArgs
{
CaCertificatesPems = new[]
{
"string",
},
Enabled = false,
PrincipalMappingRules = new[]
{
"string",
},
},
Sasl = new Redpanda.Inputs.ClusterKafkaApiSaslArgs
{
Enabled = false,
},
SeedBrokers = new[]
{
"string",
},
},
KafkaConnect = new Redpanda.Inputs.ClusterKafkaConnectArgs
{
Enabled = false,
},
MaintenanceWindowConfig = new Redpanda.Inputs.ClusterMaintenanceWindowConfigArgs
{
Anytime = false,
DayHour = new Redpanda.Inputs.ClusterMaintenanceWindowConfigDayHourArgs
{
DayOfWeek = "string",
HourOfDay = 0,
},
Unspecified = false,
},
Name = "string",
ClusterConfiguration = new Redpanda.Inputs.ClusterClusterConfigurationArgs
{
CustomPropertiesJson = "string",
},
AllowDeletion = false,
RedpandaNodeCount = 0,
RedpandaVersion = "string",
CloudStorage = new Redpanda.Inputs.ClusterCloudStorageArgs
{
Aws = new Redpanda.Inputs.ClusterCloudStorageAwsArgs
{
Arn = "string",
},
Azure = new Redpanda.Inputs.ClusterCloudStorageAzureArgs
{
ContainerName = "string",
StorageAccountName = "string",
},
Gcp = new Redpanda.Inputs.ClusterCloudStorageGcpArgs
{
Name = "string",
},
SkipDestroy = false,
},
AzurePrivateLink = new Redpanda.Inputs.ClusterAzurePrivateLinkArgs
{
AllowedSubscriptions = new[]
{
"string",
},
ConnectConsole = false,
Enabled = false,
Status = new Redpanda.Inputs.ClusterAzurePrivateLinkStatusArgs
{
ApprovedSubscriptions = new[]
{
"string",
},
ConsolePort = 0,
DnsARecord = "string",
KafkaApiNodeBasePort = 0,
KafkaApiSeedPort = 0,
PrivateEndpointConnections = new[]
{
new Redpanda.Inputs.ClusterAzurePrivateLinkStatusPrivateEndpointConnectionArgs
{
ConnectionId = "string",
ConnectionName = "string",
PrivateEndpointId = "string",
PrivateEndpointName = "string",
Status = "string",
},
},
RedpandaProxyNodeBasePort = 0,
RedpandaProxySeedPort = 0,
SchemaRegistrySeedPort = 0,
ServiceId = "string",
ServiceName = "string",
},
},
Rpsql = new Redpanda.Inputs.ClusterRpsqlArgs
{
Enabled = false,
Replicas = 0,
Url = "string",
},
SchemaRegistry = new Redpanda.Inputs.ClusterSchemaRegistryArgs
{
AllUrls = new Redpanda.Inputs.ClusterSchemaRegistryAllUrlsArgs
{
Mtls = "string",
PrivateLinkMtls = "string",
PrivateLinkSasl = "string",
Sasl = "string",
},
Mtls = new Redpanda.Inputs.ClusterSchemaRegistryMtlsArgs
{
CaCertificatesPems = new[]
{
"string",
},
Enabled = false,
PrincipalMappingRules = new[]
{
"string",
},
},
Url = "string",
},
Tags =
{
{ "string", "string" },
},
AwsPrivateLink = new Redpanda.Inputs.ClusterAwsPrivateLinkArgs
{
AllowedPrincipals = new[]
{
"string",
},
ConnectConsole = false,
Enabled = false,
Status = new Redpanda.Inputs.ClusterAwsPrivateLinkStatusArgs
{
ConsolePort = 0,
KafkaApiNodeBasePort = 0,
KafkaApiSeedPort = 0,
RedpandaProxyNodeBasePort = 0,
RedpandaProxySeedPort = 0,
SchemaRegistrySeedPort = 0,
ServiceId = "string",
ServiceName = "string",
ServiceState = "string",
VpcEndpointConnections = new[]
{
new Redpanda.Inputs.ClusterAwsPrivateLinkStatusVpcEndpointConnectionArgs
{
ConnectionId = "string",
DnsEntries = new[]
{
new Redpanda.Inputs.ClusterAwsPrivateLinkStatusVpcEndpointConnectionDnsEntryArgs
{
DnsName = "string",
HostedZoneId = "string",
},
},
Id = "string",
LoadBalancerArns = new[]
{
"string",
},
Owner = "string",
State = "string",
},
},
},
SupportedRegions = new[]
{
"string",
},
},
Timeouts = new Redpanda.Inputs.ClusterTimeoutsArgs
{
Create = "string",
Delete = "string",
Update = "string",
},
ApiGatewayAccess = "string",
});
example, err := redpanda.NewCluster(ctx, "clusterResource", &redpanda.ClusterArgs{
ConnectionType: pulumi.String("string"),
Zones: pulumi.StringArray{
pulumi.String("string"),
},
ThroughputTier: pulumi.String("string"),
ResourceGroupId: pulumi.String("string"),
CloudProvider: pulumi.String("string"),
Region: pulumi.String("string"),
NetworkId: pulumi.String("string"),
ClusterType: pulumi.String("string"),
ReadReplicaClusterIds: pulumi.StringArray{
pulumi.String("string"),
},
CustomerManagedResources: &redpanda.ClusterCustomerManagedResourcesArgs{
Aws: &redpanda.ClusterCustomerManagedResourcesAwsArgs{
NodeSecurityGroup: &redpanda.ClusterCustomerManagedResourcesAwsNodeSecurityGroupArgs{
Arn: pulumi.String("string"),
},
PermissionsBoundaryPolicy: &redpanda.ClusterCustomerManagedResourcesAwsPermissionsBoundaryPolicyArgs{
Arn: pulumi.String("string"),
},
ClusterSecurityGroup: &redpanda.ClusterCustomerManagedResourcesAwsClusterSecurityGroupArgs{
Arn: pulumi.String("string"),
},
ConnectorsNodeGroupInstanceProfile: &redpanda.ClusterCustomerManagedResourcesAwsConnectorsNodeGroupInstanceProfileArgs{
Arn: pulumi.String("string"),
},
ConnectorsSecurityGroup: &redpanda.ClusterCustomerManagedResourcesAwsConnectorsSecurityGroupArgs{
Arn: pulumi.String("string"),
},
K8sClusterRole: &redpanda.ClusterCustomerManagedResourcesAwsK8sClusterRoleArgs{
Arn: pulumi.String("string"),
},
CloudStorageBucket: &redpanda.ClusterCustomerManagedResourcesAwsCloudStorageBucketArgs{
Arn: pulumi.String("string"),
},
UtilitySecurityGroup: &redpanda.ClusterCustomerManagedResourcesAwsUtilitySecurityGroupArgs{
Arn: pulumi.String("string"),
},
AgentInstanceProfile: &redpanda.ClusterCustomerManagedResourcesAwsAgentInstanceProfileArgs{
Arn: pulumi.String("string"),
},
UtilityNodeGroupInstanceProfile: &redpanda.ClusterCustomerManagedResourcesAwsUtilityNodeGroupInstanceProfileArgs{
Arn: pulumi.String("string"),
},
RedpandaAgentSecurityGroup: &redpanda.ClusterCustomerManagedResourcesAwsRedpandaAgentSecurityGroupArgs{
Arn: pulumi.String("string"),
},
RedpandaNodeGroupInstanceProfile: &redpanda.ClusterCustomerManagedResourcesAwsRedpandaNodeGroupInstanceProfileArgs{
Arn: pulumi.String("string"),
},
RedpandaNodeGroupSecurityGroup: &redpanda.ClusterCustomerManagedResourcesAwsRedpandaNodeGroupSecurityGroupArgs{
Arn: pulumi.String("string"),
},
RedpandaConnectNodeGroupInstanceProfile: &redpanda.ClusterCustomerManagedResourcesAwsRedpandaConnectNodeGroupInstanceProfileArgs{
Arn: pulumi.String("string"),
},
RedpandaConnectSecurityGroup: &redpanda.ClusterCustomerManagedResourcesAwsRedpandaConnectSecurityGroupArgs{
Arn: pulumi.String("string"),
},
},
Gcp: &redpanda.ClusterCustomerManagedResourcesGcpArgs{
AgentServiceAccount: &redpanda.ClusterCustomerManagedResourcesGcpAgentServiceAccountArgs{
Email: pulumi.String("string"),
},
ConnectorServiceAccount: &redpanda.ClusterCustomerManagedResourcesGcpConnectorServiceAccountArgs{
Email: pulumi.String("string"),
},
ConsoleServiceAccount: &redpanda.ClusterCustomerManagedResourcesGcpConsoleServiceAccountArgs{
Email: pulumi.String("string"),
},
GkeServiceAccount: &redpanda.ClusterCustomerManagedResourcesGcpGkeServiceAccountArgs{
Email: pulumi.String("string"),
},
RedpandaClusterServiceAccount: &redpanda.ClusterCustomerManagedResourcesGcpRedpandaClusterServiceAccountArgs{
Email: pulumi.String("string"),
},
Subnet: &redpanda.ClusterCustomerManagedResourcesGcpSubnetArgs{
K8sMasterIpv4Range: pulumi.String("string"),
Name: pulumi.String("string"),
SecondaryIpv4RangePods: &redpanda.ClusterCustomerManagedResourcesGcpSubnetSecondaryIpv4RangePodsArgs{
Name: pulumi.String("string"),
},
SecondaryIpv4RangeServices: &redpanda.ClusterCustomerManagedResourcesGcpSubnetSecondaryIpv4RangeServicesArgs{
Name: pulumi.String("string"),
},
},
TieredStorageBucket: &redpanda.ClusterCustomerManagedResourcesGcpTieredStorageBucketArgs{
Name: pulumi.String("string"),
},
PscNatSubnetName: pulumi.String("string"),
},
},
GcpGlobalAccessApiGatewayEnabled: pulumi.Bool(false),
GcpPrivateServiceConnect: &redpanda.ClusterGcpPrivateServiceConnectArgs{
ConsumerAcceptLists: redpanda.ClusterGcpPrivateServiceConnectConsumerAcceptListArray{
&redpanda.ClusterGcpPrivateServiceConnectConsumerAcceptListArgs{
Source: pulumi.String("string"),
},
},
Enabled: pulumi.Bool(false),
GlobalAccessEnabled: pulumi.Bool(false),
Status: &redpanda.ClusterGcpPrivateServiceConnectStatusArgs{
ConnectedEndpoints: redpanda.ClusterGcpPrivateServiceConnectStatusConnectedEndpointArray{
&redpanda.ClusterGcpPrivateServiceConnectStatusConnectedEndpointArgs{
ConnectionId: pulumi.String("string"),
ConsumerNetwork: pulumi.String("string"),
Endpoint: pulumi.String("string"),
Status: pulumi.String("string"),
},
},
DnsARecords: pulumi.StringArray{
pulumi.String("string"),
},
KafkaApiNodeBasePort: pulumi.Float64(0),
KafkaApiSeedPort: pulumi.Float64(0),
RedpandaProxyNodeBasePort: pulumi.Float64(0),
RedpandaProxySeedPort: pulumi.Float64(0),
SchemaRegistrySeedPort: pulumi.Float64(0),
SeedHostname: pulumi.String("string"),
ServiceAttachment: pulumi.String("string"),
},
},
HttpProxy: &redpanda.ClusterHttpProxyArgs{
AllUrls: &redpanda.ClusterHttpProxyAllUrlsArgs{
Mtls: pulumi.String("string"),
PrivateLinkMtls: pulumi.String("string"),
PrivateLinkSasl: pulumi.String("string"),
Sasl: pulumi.String("string"),
},
Mtls: &redpanda.ClusterHttpProxyMtlsArgs{
CaCertificatesPems: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
PrincipalMappingRules: pulumi.StringArray{
pulumi.String("string"),
},
},
Sasl: &redpanda.ClusterHttpProxySaslArgs{
Enabled: pulumi.Bool(false),
},
Url: pulumi.String("string"),
},
KafkaApi: &redpanda.ClusterKafkaApiArgs{
AllSeedBrokers: &redpanda.ClusterKafkaApiAllSeedBrokersArgs{
Mtls: pulumi.String("string"),
PrivateLinkMtls: pulumi.String("string"),
PrivateLinkSasl: pulumi.String("string"),
Sasl: pulumi.String("string"),
},
Mtls: &redpanda.ClusterKafkaApiMtlsArgs{
CaCertificatesPems: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
PrincipalMappingRules: pulumi.StringArray{
pulumi.String("string"),
},
},
Sasl: &redpanda.ClusterKafkaApiSaslArgs{
Enabled: pulumi.Bool(false),
},
SeedBrokers: pulumi.StringArray{
pulumi.String("string"),
},
},
KafkaConnect: &redpanda.ClusterKafkaConnectArgs{
Enabled: pulumi.Bool(false),
},
MaintenanceWindowConfig: &redpanda.ClusterMaintenanceWindowConfigArgs{
Anytime: pulumi.Bool(false),
DayHour: &redpanda.ClusterMaintenanceWindowConfigDayHourArgs{
DayOfWeek: pulumi.String("string"),
HourOfDay: pulumi.Float64(0),
},
Unspecified: pulumi.Bool(false),
},
Name: pulumi.String("string"),
ClusterConfiguration: &redpanda.ClusterClusterConfigurationArgs{
CustomPropertiesJson: pulumi.String("string"),
},
AllowDeletion: pulumi.Bool(false),
RedpandaNodeCount: pulumi.Float64(0),
RedpandaVersion: pulumi.String("string"),
CloudStorage: &redpanda.ClusterCloudStorageArgs{
Aws: &redpanda.ClusterCloudStorageAwsArgs{
Arn: pulumi.String("string"),
},
Azure: &redpanda.ClusterCloudStorageAzureArgs{
ContainerName: pulumi.String("string"),
StorageAccountName: pulumi.String("string"),
},
Gcp: &redpanda.ClusterCloudStorageGcpArgs{
Name: pulumi.String("string"),
},
SkipDestroy: pulumi.Bool(false),
},
AzurePrivateLink: &redpanda.ClusterAzurePrivateLinkArgs{
AllowedSubscriptions: pulumi.StringArray{
pulumi.String("string"),
},
ConnectConsole: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
Status: &redpanda.ClusterAzurePrivateLinkStatusArgs{
ApprovedSubscriptions: pulumi.StringArray{
pulumi.String("string"),
},
ConsolePort: pulumi.Float64(0),
DnsARecord: pulumi.String("string"),
KafkaApiNodeBasePort: pulumi.Float64(0),
KafkaApiSeedPort: pulumi.Float64(0),
PrivateEndpointConnections: redpanda.ClusterAzurePrivateLinkStatusPrivateEndpointConnectionArray{
&redpanda.ClusterAzurePrivateLinkStatusPrivateEndpointConnectionArgs{
ConnectionId: pulumi.String("string"),
ConnectionName: pulumi.String("string"),
PrivateEndpointId: pulumi.String("string"),
PrivateEndpointName: pulumi.String("string"),
Status: pulumi.String("string"),
},
},
RedpandaProxyNodeBasePort: pulumi.Float64(0),
RedpandaProxySeedPort: pulumi.Float64(0),
SchemaRegistrySeedPort: pulumi.Float64(0),
ServiceId: pulumi.String("string"),
ServiceName: pulumi.String("string"),
},
},
Rpsql: &redpanda.ClusterRpsqlArgs{
Enabled: pulumi.Bool(false),
Replicas: pulumi.Float64(0),
Url: pulumi.String("string"),
},
SchemaRegistry: &redpanda.ClusterSchemaRegistryArgs{
AllUrls: &redpanda.ClusterSchemaRegistryAllUrlsArgs{
Mtls: pulumi.String("string"),
PrivateLinkMtls: pulumi.String("string"),
PrivateLinkSasl: pulumi.String("string"),
Sasl: pulumi.String("string"),
},
Mtls: &redpanda.ClusterSchemaRegistryMtlsArgs{
CaCertificatesPems: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
PrincipalMappingRules: pulumi.StringArray{
pulumi.String("string"),
},
},
Url: pulumi.String("string"),
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
AwsPrivateLink: &redpanda.ClusterAwsPrivateLinkArgs{
AllowedPrincipals: pulumi.StringArray{
pulumi.String("string"),
},
ConnectConsole: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
Status: &redpanda.ClusterAwsPrivateLinkStatusArgs{
ConsolePort: pulumi.Float64(0),
KafkaApiNodeBasePort: pulumi.Float64(0),
KafkaApiSeedPort: pulumi.Float64(0),
RedpandaProxyNodeBasePort: pulumi.Float64(0),
RedpandaProxySeedPort: pulumi.Float64(0),
SchemaRegistrySeedPort: pulumi.Float64(0),
ServiceId: pulumi.String("string"),
ServiceName: pulumi.String("string"),
ServiceState: pulumi.String("string"),
VpcEndpointConnections: redpanda.ClusterAwsPrivateLinkStatusVpcEndpointConnectionArray{
&redpanda.ClusterAwsPrivateLinkStatusVpcEndpointConnectionArgs{
ConnectionId: pulumi.String("string"),
DnsEntries: redpanda.ClusterAwsPrivateLinkStatusVpcEndpointConnectionDnsEntryArray{
&redpanda.ClusterAwsPrivateLinkStatusVpcEndpointConnectionDnsEntryArgs{
DnsName: pulumi.String("string"),
HostedZoneId: pulumi.String("string"),
},
},
Id: pulumi.String("string"),
LoadBalancerArns: pulumi.StringArray{
pulumi.String("string"),
},
Owner: pulumi.String("string"),
State: pulumi.String("string"),
},
},
},
SupportedRegions: pulumi.StringArray{
pulumi.String("string"),
},
},
Timeouts: &redpanda.ClusterTimeoutsArgs{
Create: pulumi.String("string"),
Delete: pulumi.String("string"),
Update: pulumi.String("string"),
},
ApiGatewayAccess: pulumi.String("string"),
})
resource "redpanda_cluster" "clusterResource" {
connection_type = "string"
zones = ["string"]
throughput_tier = "string"
resource_group_id = "string"
cloud_provider = "string"
region = "string"
network_id = "string"
cluster_type = "string"
read_replica_cluster_ids = ["string"]
customer_managed_resources = {
aws = {
node_security_group = {
arn = "string"
}
permissions_boundary_policy = {
arn = "string"
}
cluster_security_group = {
arn = "string"
}
connectors_node_group_instance_profile = {
arn = "string"
}
connectors_security_group = {
arn = "string"
}
k8s_cluster_role = {
arn = "string"
}
cloud_storage_bucket = {
arn = "string"
}
utility_security_group = {
arn = "string"
}
agent_instance_profile = {
arn = "string"
}
utility_node_group_instance_profile = {
arn = "string"
}
redpanda_agent_security_group = {
arn = "string"
}
redpanda_node_group_instance_profile = {
arn = "string"
}
redpanda_node_group_security_group = {
arn = "string"
}
redpanda_connect_node_group_instance_profile = {
arn = "string"
}
redpanda_connect_security_group = {
arn = "string"
}
}
gcp = {
agent_service_account = {
email = "string"
}
connector_service_account = {
email = "string"
}
console_service_account = {
email = "string"
}
gke_service_account = {
email = "string"
}
redpanda_cluster_service_account = {
email = "string"
}
subnet = {
k8s_master_ipv4_range = "string"
name = "string"
secondary_ipv4_range_pods = {
name = "string"
}
secondary_ipv4_range_services = {
name = "string"
}
}
tiered_storage_bucket = {
name = "string"
}
psc_nat_subnet_name = "string"
}
}
gcp_global_access_api_gateway_enabled = false
gcp_private_service_connect = {
consumer_accept_lists = [{
"source" = "string"
}]
enabled = false
global_access_enabled = false
status = {
connected_endpoints = [{
"connectionId" = "string"
"consumerNetwork" = "string"
"endpoint" = "string"
"status" = "string"
}]
dns_a_records = ["string"]
kafka_api_node_base_port = 0
kafka_api_seed_port = 0
redpanda_proxy_node_base_port = 0
redpanda_proxy_seed_port = 0
schema_registry_seed_port = 0
seed_hostname = "string"
service_attachment = "string"
}
}
http_proxy = {
all_urls = {
mtls = "string"
private_link_mtls = "string"
private_link_sasl = "string"
sasl = "string"
}
mtls = {
ca_certificates_pems = ["string"]
enabled = false
principal_mapping_rules = ["string"]
}
sasl = {
enabled = false
}
url = "string"
}
kafka_api = {
all_seed_brokers = {
mtls = "string"
private_link_mtls = "string"
private_link_sasl = "string"
sasl = "string"
}
mtls = {
ca_certificates_pems = ["string"]
enabled = false
principal_mapping_rules = ["string"]
}
sasl = {
enabled = false
}
seed_brokers = ["string"]
}
kafka_connect = {
enabled = false
}
maintenance_window_config = {
anytime = false
day_hour = {
day_of_week = "string"
hour_of_day = 0
}
unspecified = false
}
name = "string"
cluster_configuration = {
custom_properties_json = "string"
}
allow_deletion = false
redpanda_node_count = 0
redpanda_version = "string"
cloud_storage = {
aws = {
arn = "string"
}
azure = {
container_name = "string"
storage_account_name = "string"
}
gcp = {
name = "string"
}
skip_destroy = false
}
azure_private_link = {
allowed_subscriptions = ["string"]
connect_console = false
enabled = false
status = {
approved_subscriptions = ["string"]
console_port = 0
dns_a_record = "string"
kafka_api_node_base_port = 0
kafka_api_seed_port = 0
private_endpoint_connections = [{
"connectionId" = "string"
"connectionName" = "string"
"privateEndpointId" = "string"
"privateEndpointName" = "string"
"status" = "string"
}]
redpanda_proxy_node_base_port = 0
redpanda_proxy_seed_port = 0
schema_registry_seed_port = 0
service_id = "string"
service_name = "string"
}
}
rpsql = {
enabled = false
replicas = 0
url = "string"
}
schema_registry = {
all_urls = {
mtls = "string"
private_link_mtls = "string"
private_link_sasl = "string"
sasl = "string"
}
mtls = {
ca_certificates_pems = ["string"]
enabled = false
principal_mapping_rules = ["string"]
}
url = "string"
}
tags = {
"string" = "string"
}
aws_private_link = {
allowed_principals = ["string"]
connect_console = false
enabled = false
status = {
console_port = 0
kafka_api_node_base_port = 0
kafka_api_seed_port = 0
redpanda_proxy_node_base_port = 0
redpanda_proxy_seed_port = 0
schema_registry_seed_port = 0
service_id = "string"
service_name = "string"
service_state = "string"
vpc_endpoint_connections = [{
"connectionId" = "string"
"dnsEntries" = [{
"dnsName" = "string"
"hostedZoneId" = "string"
}]
"id" = "string"
"loadBalancerArns" = ["string"]
"owner" = "string"
"state" = "string"
}]
}
supported_regions = ["string"]
}
timeouts = {
create = "string"
delete = "string"
update = "string"
}
api_gateway_access = "string"
}
var clusterResource = new Cluster("clusterResource", ClusterArgs.builder()
.connectionType("string")
.zones("string")
.throughputTier("string")
.resourceGroupId("string")
.cloudProvider("string")
.region("string")
.networkId("string")
.clusterType("string")
.readReplicaClusterIds("string")
.customerManagedResources(ClusterCustomerManagedResourcesArgs.builder()
.aws(ClusterCustomerManagedResourcesAwsArgs.builder()
.nodeSecurityGroup(ClusterCustomerManagedResourcesAwsNodeSecurityGroupArgs.builder()
.arn("string")
.build())
.permissionsBoundaryPolicy(ClusterCustomerManagedResourcesAwsPermissionsBoundaryPolicyArgs.builder()
.arn("string")
.build())
.clusterSecurityGroup(ClusterCustomerManagedResourcesAwsClusterSecurityGroupArgs.builder()
.arn("string")
.build())
.connectorsNodeGroupInstanceProfile(ClusterCustomerManagedResourcesAwsConnectorsNodeGroupInstanceProfileArgs.builder()
.arn("string")
.build())
.connectorsSecurityGroup(ClusterCustomerManagedResourcesAwsConnectorsSecurityGroupArgs.builder()
.arn("string")
.build())
.k8sClusterRole(ClusterCustomerManagedResourcesAwsK8sClusterRoleArgs.builder()
.arn("string")
.build())
.cloudStorageBucket(ClusterCustomerManagedResourcesAwsCloudStorageBucketArgs.builder()
.arn("string")
.build())
.utilitySecurityGroup(ClusterCustomerManagedResourcesAwsUtilitySecurityGroupArgs.builder()
.arn("string")
.build())
.agentInstanceProfile(ClusterCustomerManagedResourcesAwsAgentInstanceProfileArgs.builder()
.arn("string")
.build())
.utilityNodeGroupInstanceProfile(ClusterCustomerManagedResourcesAwsUtilityNodeGroupInstanceProfileArgs.builder()
.arn("string")
.build())
.redpandaAgentSecurityGroup(ClusterCustomerManagedResourcesAwsRedpandaAgentSecurityGroupArgs.builder()
.arn("string")
.build())
.redpandaNodeGroupInstanceProfile(ClusterCustomerManagedResourcesAwsRedpandaNodeGroupInstanceProfileArgs.builder()
.arn("string")
.build())
.redpandaNodeGroupSecurityGroup(ClusterCustomerManagedResourcesAwsRedpandaNodeGroupSecurityGroupArgs.builder()
.arn("string")
.build())
.redpandaConnectNodeGroupInstanceProfile(ClusterCustomerManagedResourcesAwsRedpandaConnectNodeGroupInstanceProfileArgs.builder()
.arn("string")
.build())
.redpandaConnectSecurityGroup(ClusterCustomerManagedResourcesAwsRedpandaConnectSecurityGroupArgs.builder()
.arn("string")
.build())
.build())
.gcp(ClusterCustomerManagedResourcesGcpArgs.builder()
.agentServiceAccount(ClusterCustomerManagedResourcesGcpAgentServiceAccountArgs.builder()
.email("string")
.build())
.connectorServiceAccount(ClusterCustomerManagedResourcesGcpConnectorServiceAccountArgs.builder()
.email("string")
.build())
.consoleServiceAccount(ClusterCustomerManagedResourcesGcpConsoleServiceAccountArgs.builder()
.email("string")
.build())
.gkeServiceAccount(ClusterCustomerManagedResourcesGcpGkeServiceAccountArgs.builder()
.email("string")
.build())
.redpandaClusterServiceAccount(ClusterCustomerManagedResourcesGcpRedpandaClusterServiceAccountArgs.builder()
.email("string")
.build())
.subnet(ClusterCustomerManagedResourcesGcpSubnetArgs.builder()
.k8sMasterIpv4Range("string")
.name("string")
.secondaryIpv4RangePods(ClusterCustomerManagedResourcesGcpSubnetSecondaryIpv4RangePodsArgs.builder()
.name("string")
.build())
.secondaryIpv4RangeServices(ClusterCustomerManagedResourcesGcpSubnetSecondaryIpv4RangeServicesArgs.builder()
.name("string")
.build())
.build())
.tieredStorageBucket(ClusterCustomerManagedResourcesGcpTieredStorageBucketArgs.builder()
.name("string")
.build())
.pscNatSubnetName("string")
.build())
.build())
.gcpGlobalAccessApiGatewayEnabled(false)
.gcpPrivateServiceConnect(ClusterGcpPrivateServiceConnectArgs.builder()
.consumerAcceptLists(ClusterGcpPrivateServiceConnectConsumerAcceptListArgs.builder()
.source("string")
.build())
.enabled(false)
.globalAccessEnabled(false)
.status(ClusterGcpPrivateServiceConnectStatusArgs.builder()
.connectedEndpoints(ClusterGcpPrivateServiceConnectStatusConnectedEndpointArgs.builder()
.connectionId("string")
.consumerNetwork("string")
.endpoint("string")
.status("string")
.build())
.dnsARecords("string")
.kafkaApiNodeBasePort(0.0)
.kafkaApiSeedPort(0.0)
.redpandaProxyNodeBasePort(0.0)
.redpandaProxySeedPort(0.0)
.schemaRegistrySeedPort(0.0)
.seedHostname("string")
.serviceAttachment("string")
.build())
.build())
.httpProxy(ClusterHttpProxyArgs.builder()
.allUrls(ClusterHttpProxyAllUrlsArgs.builder()
.mtls("string")
.privateLinkMtls("string")
.privateLinkSasl("string")
.sasl("string")
.build())
.mtls(ClusterHttpProxyMtlsArgs.builder()
.caCertificatesPems("string")
.enabled(false)
.principalMappingRules("string")
.build())
.sasl(ClusterHttpProxySaslArgs.builder()
.enabled(false)
.build())
.url("string")
.build())
.kafkaApi(ClusterKafkaApiArgs.builder()
.allSeedBrokers(ClusterKafkaApiAllSeedBrokersArgs.builder()
.mtls("string")
.privateLinkMtls("string")
.privateLinkSasl("string")
.sasl("string")
.build())
.mtls(ClusterKafkaApiMtlsArgs.builder()
.caCertificatesPems("string")
.enabled(false)
.principalMappingRules("string")
.build())
.sasl(ClusterKafkaApiSaslArgs.builder()
.enabled(false)
.build())
.seedBrokers("string")
.build())
.kafkaConnect(ClusterKafkaConnectArgs.builder()
.enabled(false)
.build())
.maintenanceWindowConfig(ClusterMaintenanceWindowConfigArgs.builder()
.anytime(false)
.dayHour(ClusterMaintenanceWindowConfigDayHourArgs.builder()
.dayOfWeek("string")
.hourOfDay(0.0)
.build())
.unspecified(false)
.build())
.name("string")
.clusterConfiguration(ClusterClusterConfigurationArgs.builder()
.customPropertiesJson("string")
.build())
.allowDeletion(false)
.redpandaNodeCount(0.0)
.redpandaVersion("string")
.cloudStorage(ClusterCloudStorageArgs.builder()
.aws(ClusterCloudStorageAwsArgs.builder()
.arn("string")
.build())
.azure(ClusterCloudStorageAzureArgs.builder()
.containerName("string")
.storageAccountName("string")
.build())
.gcp(ClusterCloudStorageGcpArgs.builder()
.name("string")
.build())
.skipDestroy(false)
.build())
.azurePrivateLink(ClusterAzurePrivateLinkArgs.builder()
.allowedSubscriptions("string")
.connectConsole(false)
.enabled(false)
.status(ClusterAzurePrivateLinkStatusArgs.builder()
.approvedSubscriptions("string")
.consolePort(0.0)
.dnsARecord("string")
.kafkaApiNodeBasePort(0.0)
.kafkaApiSeedPort(0.0)
.privateEndpointConnections(ClusterAzurePrivateLinkStatusPrivateEndpointConnectionArgs.builder()
.connectionId("string")
.connectionName("string")
.privateEndpointId("string")
.privateEndpointName("string")
.status("string")
.build())
.redpandaProxyNodeBasePort(0.0)
.redpandaProxySeedPort(0.0)
.schemaRegistrySeedPort(0.0)
.serviceId("string")
.serviceName("string")
.build())
.build())
.rpsql(ClusterRpsqlArgs.builder()
.enabled(false)
.replicas(0.0)
.url("string")
.build())
.schemaRegistry(ClusterSchemaRegistryArgs.builder()
.allUrls(ClusterSchemaRegistryAllUrlsArgs.builder()
.mtls("string")
.privateLinkMtls("string")
.privateLinkSasl("string")
.sasl("string")
.build())
.mtls(ClusterSchemaRegistryMtlsArgs.builder()
.caCertificatesPems("string")
.enabled(false)
.principalMappingRules("string")
.build())
.url("string")
.build())
.tags(Map.of("string", "string"))
.awsPrivateLink(ClusterAwsPrivateLinkArgs.builder()
.allowedPrincipals("string")
.connectConsole(false)
.enabled(false)
.status(ClusterAwsPrivateLinkStatusArgs.builder()
.consolePort(0.0)
.kafkaApiNodeBasePort(0.0)
.kafkaApiSeedPort(0.0)
.redpandaProxyNodeBasePort(0.0)
.redpandaProxySeedPort(0.0)
.schemaRegistrySeedPort(0.0)
.serviceId("string")
.serviceName("string")
.serviceState("string")
.vpcEndpointConnections(ClusterAwsPrivateLinkStatusVpcEndpointConnectionArgs.builder()
.connectionId("string")
.dnsEntries(ClusterAwsPrivateLinkStatusVpcEndpointConnectionDnsEntryArgs.builder()
.dnsName("string")
.hostedZoneId("string")
.build())
.id("string")
.loadBalancerArns("string")
.owner("string")
.state("string")
.build())
.build())
.supportedRegions("string")
.build())
.timeouts(ClusterTimeoutsArgs.builder()
.create("string")
.delete("string")
.update("string")
.build())
.apiGatewayAccess("string")
.build());
cluster_resource = redpanda.Cluster("clusterResource",
connection_type="string",
zones=["string"],
throughput_tier="string",
resource_group_id="string",
cloud_provider="string",
region="string",
network_id="string",
cluster_type="string",
read_replica_cluster_ids=["string"],
customer_managed_resources={
"aws": {
"node_security_group": {
"arn": "string",
},
"permissions_boundary_policy": {
"arn": "string",
},
"cluster_security_group": {
"arn": "string",
},
"connectors_node_group_instance_profile": {
"arn": "string",
},
"connectors_security_group": {
"arn": "string",
},
"k8s_cluster_role": {
"arn": "string",
},
"cloud_storage_bucket": {
"arn": "string",
},
"utility_security_group": {
"arn": "string",
},
"agent_instance_profile": {
"arn": "string",
},
"utility_node_group_instance_profile": {
"arn": "string",
},
"redpanda_agent_security_group": {
"arn": "string",
},
"redpanda_node_group_instance_profile": {
"arn": "string",
},
"redpanda_node_group_security_group": {
"arn": "string",
},
"redpanda_connect_node_group_instance_profile": {
"arn": "string",
},
"redpanda_connect_security_group": {
"arn": "string",
},
},
"gcp": {
"agent_service_account": {
"email": "string",
},
"connector_service_account": {
"email": "string",
},
"console_service_account": {
"email": "string",
},
"gke_service_account": {
"email": "string",
},
"redpanda_cluster_service_account": {
"email": "string",
},
"subnet": {
"k8s_master_ipv4_range": "string",
"name": "string",
"secondary_ipv4_range_pods": {
"name": "string",
},
"secondary_ipv4_range_services": {
"name": "string",
},
},
"tiered_storage_bucket": {
"name": "string",
},
"psc_nat_subnet_name": "string",
},
},
gcp_global_access_api_gateway_enabled=False,
gcp_private_service_connect={
"consumer_accept_lists": [{
"source": "string",
}],
"enabled": False,
"global_access_enabled": False,
"status": {
"connected_endpoints": [{
"connection_id": "string",
"consumer_network": "string",
"endpoint": "string",
"status": "string",
}],
"dns_a_records": ["string"],
"kafka_api_node_base_port": float(0),
"kafka_api_seed_port": float(0),
"redpanda_proxy_node_base_port": float(0),
"redpanda_proxy_seed_port": float(0),
"schema_registry_seed_port": float(0),
"seed_hostname": "string",
"service_attachment": "string",
},
},
http_proxy={
"all_urls": {
"mtls": "string",
"private_link_mtls": "string",
"private_link_sasl": "string",
"sasl": "string",
},
"mtls": {
"ca_certificates_pems": ["string"],
"enabled": False,
"principal_mapping_rules": ["string"],
},
"sasl": {
"enabled": False,
},
"url": "string",
},
kafka_api={
"all_seed_brokers": {
"mtls": "string",
"private_link_mtls": "string",
"private_link_sasl": "string",
"sasl": "string",
},
"mtls": {
"ca_certificates_pems": ["string"],
"enabled": False,
"principal_mapping_rules": ["string"],
},
"sasl": {
"enabled": False,
},
"seed_brokers": ["string"],
},
kafka_connect={
"enabled": False,
},
maintenance_window_config={
"anytime": False,
"day_hour": {
"day_of_week": "string",
"hour_of_day": float(0),
},
"unspecified": False,
},
name="string",
cluster_configuration={
"custom_properties_json": "string",
},
allow_deletion=False,
redpanda_node_count=float(0),
redpanda_version="string",
cloud_storage={
"aws": {
"arn": "string",
},
"azure": {
"container_name": "string",
"storage_account_name": "string",
},
"gcp": {
"name": "string",
},
"skip_destroy": False,
},
azure_private_link={
"allowed_subscriptions": ["string"],
"connect_console": False,
"enabled": False,
"status": {
"approved_subscriptions": ["string"],
"console_port": float(0),
"dns_a_record": "string",
"kafka_api_node_base_port": float(0),
"kafka_api_seed_port": float(0),
"private_endpoint_connections": [{
"connection_id": "string",
"connection_name": "string",
"private_endpoint_id": "string",
"private_endpoint_name": "string",
"status": "string",
}],
"redpanda_proxy_node_base_port": float(0),
"redpanda_proxy_seed_port": float(0),
"schema_registry_seed_port": float(0),
"service_id": "string",
"service_name": "string",
},
},
rpsql={
"enabled": False,
"replicas": float(0),
"url": "string",
},
schema_registry={
"all_urls": {
"mtls": "string",
"private_link_mtls": "string",
"private_link_sasl": "string",
"sasl": "string",
},
"mtls": {
"ca_certificates_pems": ["string"],
"enabled": False,
"principal_mapping_rules": ["string"],
},
"url": "string",
},
tags={
"string": "string",
},
aws_private_link={
"allowed_principals": ["string"],
"connect_console": False,
"enabled": False,
"status": {
"console_port": float(0),
"kafka_api_node_base_port": float(0),
"kafka_api_seed_port": float(0),
"redpanda_proxy_node_base_port": float(0),
"redpanda_proxy_seed_port": float(0),
"schema_registry_seed_port": float(0),
"service_id": "string",
"service_name": "string",
"service_state": "string",
"vpc_endpoint_connections": [{
"connection_id": "string",
"dns_entries": [{
"dns_name": "string",
"hosted_zone_id": "string",
}],
"id": "string",
"load_balancer_arns": ["string"],
"owner": "string",
"state": "string",
}],
},
"supported_regions": ["string"],
},
timeouts={
"create": "string",
"delete": "string",
"update": "string",
},
api_gateway_access="string")
const clusterResource = new redpanda.Cluster("clusterResource", {
connectionType: "string",
zones: ["string"],
throughputTier: "string",
resourceGroupId: "string",
cloudProvider: "string",
region: "string",
networkId: "string",
clusterType: "string",
readReplicaClusterIds: ["string"],
customerManagedResources: {
aws: {
nodeSecurityGroup: {
arn: "string",
},
permissionsBoundaryPolicy: {
arn: "string",
},
clusterSecurityGroup: {
arn: "string",
},
connectorsNodeGroupInstanceProfile: {
arn: "string",
},
connectorsSecurityGroup: {
arn: "string",
},
k8sClusterRole: {
arn: "string",
},
cloudStorageBucket: {
arn: "string",
},
utilitySecurityGroup: {
arn: "string",
},
agentInstanceProfile: {
arn: "string",
},
utilityNodeGroupInstanceProfile: {
arn: "string",
},
redpandaAgentSecurityGroup: {
arn: "string",
},
redpandaNodeGroupInstanceProfile: {
arn: "string",
},
redpandaNodeGroupSecurityGroup: {
arn: "string",
},
redpandaConnectNodeGroupInstanceProfile: {
arn: "string",
},
redpandaConnectSecurityGroup: {
arn: "string",
},
},
gcp: {
agentServiceAccount: {
email: "string",
},
connectorServiceAccount: {
email: "string",
},
consoleServiceAccount: {
email: "string",
},
gkeServiceAccount: {
email: "string",
},
redpandaClusterServiceAccount: {
email: "string",
},
subnet: {
k8sMasterIpv4Range: "string",
name: "string",
secondaryIpv4RangePods: {
name: "string",
},
secondaryIpv4RangeServices: {
name: "string",
},
},
tieredStorageBucket: {
name: "string",
},
pscNatSubnetName: "string",
},
},
gcpGlobalAccessApiGatewayEnabled: false,
gcpPrivateServiceConnect: {
consumerAcceptLists: [{
source: "string",
}],
enabled: false,
globalAccessEnabled: false,
status: {
connectedEndpoints: [{
connectionId: "string",
consumerNetwork: "string",
endpoint: "string",
status: "string",
}],
dnsARecords: ["string"],
kafkaApiNodeBasePort: 0,
kafkaApiSeedPort: 0,
redpandaProxyNodeBasePort: 0,
redpandaProxySeedPort: 0,
schemaRegistrySeedPort: 0,
seedHostname: "string",
serviceAttachment: "string",
},
},
httpProxy: {
allUrls: {
mtls: "string",
privateLinkMtls: "string",
privateLinkSasl: "string",
sasl: "string",
},
mtls: {
caCertificatesPems: ["string"],
enabled: false,
principalMappingRules: ["string"],
},
sasl: {
enabled: false,
},
url: "string",
},
kafkaApi: {
allSeedBrokers: {
mtls: "string",
privateLinkMtls: "string",
privateLinkSasl: "string",
sasl: "string",
},
mtls: {
caCertificatesPems: ["string"],
enabled: false,
principalMappingRules: ["string"],
},
sasl: {
enabled: false,
},
seedBrokers: ["string"],
},
kafkaConnect: {
enabled: false,
},
maintenanceWindowConfig: {
anytime: false,
dayHour: {
dayOfWeek: "string",
hourOfDay: 0,
},
unspecified: false,
},
name: "string",
clusterConfiguration: {
customPropertiesJson: "string",
},
allowDeletion: false,
redpandaNodeCount: 0,
redpandaVersion: "string",
cloudStorage: {
aws: {
arn: "string",
},
azure: {
containerName: "string",
storageAccountName: "string",
},
gcp: {
name: "string",
},
skipDestroy: false,
},
azurePrivateLink: {
allowedSubscriptions: ["string"],
connectConsole: false,
enabled: false,
status: {
approvedSubscriptions: ["string"],
consolePort: 0,
dnsARecord: "string",
kafkaApiNodeBasePort: 0,
kafkaApiSeedPort: 0,
privateEndpointConnections: [{
connectionId: "string",
connectionName: "string",
privateEndpointId: "string",
privateEndpointName: "string",
status: "string",
}],
redpandaProxyNodeBasePort: 0,
redpandaProxySeedPort: 0,
schemaRegistrySeedPort: 0,
serviceId: "string",
serviceName: "string",
},
},
rpsql: {
enabled: false,
replicas: 0,
url: "string",
},
schemaRegistry: {
allUrls: {
mtls: "string",
privateLinkMtls: "string",
privateLinkSasl: "string",
sasl: "string",
},
mtls: {
caCertificatesPems: ["string"],
enabled: false,
principalMappingRules: ["string"],
},
url: "string",
},
tags: {
string: "string",
},
awsPrivateLink: {
allowedPrincipals: ["string"],
connectConsole: false,
enabled: false,
status: {
consolePort: 0,
kafkaApiNodeBasePort: 0,
kafkaApiSeedPort: 0,
redpandaProxyNodeBasePort: 0,
redpandaProxySeedPort: 0,
schemaRegistrySeedPort: 0,
serviceId: "string",
serviceName: "string",
serviceState: "string",
vpcEndpointConnections: [{
connectionId: "string",
dnsEntries: [{
dnsName: "string",
hostedZoneId: "string",
}],
id: "string",
loadBalancerArns: ["string"],
owner: "string",
state: "string",
}],
},
supportedRegions: ["string"],
},
timeouts: {
create: "string",
"delete": "string",
update: "string",
},
apiGatewayAccess: "string",
});
type: redpanda:Cluster
properties:
allowDeletion: false
apiGatewayAccess: string
awsPrivateLink:
allowedPrincipals:
- string
connectConsole: false
enabled: false
status:
consolePort: 0
kafkaApiNodeBasePort: 0
kafkaApiSeedPort: 0
redpandaProxyNodeBasePort: 0
redpandaProxySeedPort: 0
schemaRegistrySeedPort: 0
serviceId: string
serviceName: string
serviceState: string
vpcEndpointConnections:
- connectionId: string
dnsEntries:
- dnsName: string
hostedZoneId: string
id: string
loadBalancerArns:
- string
owner: string
state: string
supportedRegions:
- string
azurePrivateLink:
allowedSubscriptions:
- string
connectConsole: false
enabled: false
status:
approvedSubscriptions:
- string
consolePort: 0
dnsARecord: string
kafkaApiNodeBasePort: 0
kafkaApiSeedPort: 0
privateEndpointConnections:
- connectionId: string
connectionName: string
privateEndpointId: string
privateEndpointName: string
status: string
redpandaProxyNodeBasePort: 0
redpandaProxySeedPort: 0
schemaRegistrySeedPort: 0
serviceId: string
serviceName: string
cloudProvider: string
cloudStorage:
aws:
arn: string
azure:
containerName: string
storageAccountName: string
gcp:
name: string
skipDestroy: false
clusterConfiguration:
customPropertiesJson: string
clusterType: string
connectionType: string
customerManagedResources:
aws:
agentInstanceProfile:
arn: string
cloudStorageBucket:
arn: string
clusterSecurityGroup:
arn: string
connectorsNodeGroupInstanceProfile:
arn: string
connectorsSecurityGroup:
arn: string
k8sClusterRole:
arn: string
nodeSecurityGroup:
arn: string
permissionsBoundaryPolicy:
arn: string
redpandaAgentSecurityGroup:
arn: string
redpandaConnectNodeGroupInstanceProfile:
arn: string
redpandaConnectSecurityGroup:
arn: string
redpandaNodeGroupInstanceProfile:
arn: string
redpandaNodeGroupSecurityGroup:
arn: string
utilityNodeGroupInstanceProfile:
arn: string
utilitySecurityGroup:
arn: string
gcp:
agentServiceAccount:
email: string
connectorServiceAccount:
email: string
consoleServiceAccount:
email: string
gkeServiceAccount:
email: string
pscNatSubnetName: string
redpandaClusterServiceAccount:
email: string
subnet:
k8sMasterIpv4Range: string
name: string
secondaryIpv4RangePods:
name: string
secondaryIpv4RangeServices:
name: string
tieredStorageBucket:
name: string
gcpGlobalAccessApiGatewayEnabled: false
gcpPrivateServiceConnect:
consumerAcceptLists:
- source: string
enabled: false
globalAccessEnabled: false
status:
connectedEndpoints:
- connectionId: string
consumerNetwork: string
endpoint: string
status: string
dnsARecords:
- string
kafkaApiNodeBasePort: 0
kafkaApiSeedPort: 0
redpandaProxyNodeBasePort: 0
redpandaProxySeedPort: 0
schemaRegistrySeedPort: 0
seedHostname: string
serviceAttachment: string
httpProxy:
allUrls:
mtls: string
privateLinkMtls: string
privateLinkSasl: string
sasl: string
mtls:
caCertificatesPems:
- string
enabled: false
principalMappingRules:
- string
sasl:
enabled: false
url: string
kafkaApi:
allSeedBrokers:
mtls: string
privateLinkMtls: string
privateLinkSasl: string
sasl: string
mtls:
caCertificatesPems:
- string
enabled: false
principalMappingRules:
- string
sasl:
enabled: false
seedBrokers:
- string
kafkaConnect:
enabled: false
maintenanceWindowConfig:
anytime: false
dayHour:
dayOfWeek: string
hourOfDay: 0
unspecified: false
name: string
networkId: string
readReplicaClusterIds:
- string
redpandaNodeCount: 0
redpandaVersion: string
region: string
resourceGroupId: string
rpsql:
enabled: false
replicas: 0
url: string
schemaRegistry:
allUrls:
mtls: string
privateLinkMtls: string
privateLinkSasl: string
sasl: string
mtls:
caCertificatesPems:
- string
enabled: false
principalMappingRules:
- string
url: string
tags:
string: string
throughputTier: string
timeouts:
create: string
delete: string
update: string
zones:
- string
Cluster Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Cluster resource accepts the following input properties:
- Cloud
Provider string - Cloud provider where resources are created.
- Connection
Type string - Cluster connection type. Private clusters are not exposed to the internet. For BYOC clusters, private is best-practice
- Network
Id string - Network ID where cluster is placed.
- Region string
- Region represents the name of the region where the cluster will be provisioned.
- Resource
Group stringId - Resource group ID of the cluster.
- Throughput
Tier string - Throughput tier of the cluster.
- Zones List<string>
- Zones of the cluster. Must be valid zones within the selected region. If multiple zones are used, the cluster is a multi-AZ cluster.
- Allow
Deletion bool - Resource will only be deleted when allow_deletion is set to true. Otherwise deletion will fail with a related error.
- Api
Gateway stringAccess - Network access mode for an endpoint.
- Aws
Private ClusterLink Aws Private Link - AWS Private Link configuration
- Azure
Private ClusterLink Azure Private Link - Azure Private Link configuration
- Cloud
Storage ClusterCloud Storage - Cloud Storage configuration
- Cluster
Configuration ClusterCluster Configuration - Cluster Configuration configuration
- Cluster
Type string - Cluster type. Type is immutable and can only be set on cluster creation. Can be either byoc or dedicated.
- Customer
Managed ClusterResources Customer Managed Resources - The cloud resources created by user.
- Gcp
Global boolAccess Api Gateway Enabled - gcpglobalaccessapigateway_enabled reports whether global access is enabled on the internal load balancer serving the Console/API Gateway endpoint. Applicable only for GCP.
- Gcp
Private ClusterService Connect Gcp Private Service Connect - GCP Private Service Connect configuration
- Http
Proxy ClusterHttp Proxy - HTTP Proxy properties.
- Kafka
Api ClusterKafka Api - Cluster's Kafka API properties.
- Kafka
Connect ClusterKafka Connect - Kafka Connect configuration
- Maintenance
Window ClusterConfig Maintenance Window Config - Resource describing the maintenance window configuration of a cluster.
- Name string
- Unique name of the cluster.
- Read
Replica List<string>Cluster Ids - IDs of clusters that can create read-only topics from this cluster
- Redpanda
Node doubleCount - Number of Redpanda broker nodes
- Redpanda
Version string - Redpanda Version
- Rpsql
Cluster
Rpsql - Rpsql configuration
- Schema
Registry ClusterSchema Registry - Cluster's Schema Registry properties.
- Dictionary<string, string>
- Tags placed on cloud resources. Server-managed keys (prefixed with
redpanda-) are filtered out of state. - Timeouts
Cluster
Timeouts
- Cloud
Provider string - Cloud provider where resources are created.
- Connection
Type string - Cluster connection type. Private clusters are not exposed to the internet. For BYOC clusters, private is best-practice
- Network
Id string - Network ID where cluster is placed.
- Region string
- Region represents the name of the region where the cluster will be provisioned.
- Resource
Group stringId - Resource group ID of the cluster.
- Throughput
Tier string - Throughput tier of the cluster.
- Zones []string
- Zones of the cluster. Must be valid zones within the selected region. If multiple zones are used, the cluster is a multi-AZ cluster.
- Allow
Deletion bool - Resource will only be deleted when allow_deletion is set to true. Otherwise deletion will fail with a related error.
- Api
Gateway stringAccess - Network access mode for an endpoint.
- Aws
Private ClusterLink Aws Private Link Args - AWS Private Link configuration
- Azure
Private ClusterLink Azure Private Link Args - Azure Private Link configuration
- Cloud
Storage ClusterCloud Storage Args - Cloud Storage configuration
- Cluster
Configuration ClusterCluster Configuration Args - Cluster Configuration configuration
- Cluster
Type string - Cluster type. Type is immutable and can only be set on cluster creation. Can be either byoc or dedicated.
- Customer
Managed ClusterResources Customer Managed Resources Args - The cloud resources created by user.
- Gcp
Global boolAccess Api Gateway Enabled - gcpglobalaccessapigateway_enabled reports whether global access is enabled on the internal load balancer serving the Console/API Gateway endpoint. Applicable only for GCP.
- Gcp
Private ClusterService Connect Gcp Private Service Connect Args - GCP Private Service Connect configuration
- Http
Proxy ClusterHttp Proxy Args - HTTP Proxy properties.
- Kafka
Api ClusterKafka Api Args - Cluster's Kafka API properties.
- Kafka
Connect ClusterKafka Connect Args - Kafka Connect configuration
- Maintenance
Window ClusterConfig Maintenance Window Config Args - Resource describing the maintenance window configuration of a cluster.
- Name string
- Unique name of the cluster.
- Read
Replica []stringCluster Ids - IDs of clusters that can create read-only topics from this cluster
- Redpanda
Node float64Count - Number of Redpanda broker nodes
- Redpanda
Version string - Redpanda Version
- Rpsql
Cluster
Rpsql Args - Rpsql configuration
- Schema
Registry ClusterSchema Registry Args - Cluster's Schema Registry properties.
- map[string]string
- Tags placed on cloud resources. Server-managed keys (prefixed with
redpanda-) are filtered out of state. - Timeouts
Cluster
Timeouts Args
- cloud_
provider string - Cloud provider where resources are created.
- connection_
type string - Cluster connection type. Private clusters are not exposed to the internet. For BYOC clusters, private is best-practice
- network_
id string - Network ID where cluster is placed.
- region string
- Region represents the name of the region where the cluster will be provisioned.
- resource_
group_ stringid - Resource group ID of the cluster.
- throughput_
tier string - Throughput tier of the cluster.
- zones list(string)
- Zones of the cluster. Must be valid zones within the selected region. If multiple zones are used, the cluster is a multi-AZ cluster.
- allow_
deletion bool - Resource will only be deleted when allow_deletion is set to true. Otherwise deletion will fail with a related error.
- api_
gateway_ stringaccess - Network access mode for an endpoint.
- aws_
private_ objectlink - AWS Private Link configuration
- azure_
private_ objectlink - Azure Private Link configuration
- cloud_
storage object - Cloud Storage configuration
- cluster_
configuration object - Cluster Configuration configuration
- cluster_
type string - Cluster type. Type is immutable and can only be set on cluster creation. Can be either byoc or dedicated.
- customer_
managed_ objectresources - The cloud resources created by user.
- gcp_
global_ boolaccess_ api_ gateway_ enabled - gcpglobalaccessapigateway_enabled reports whether global access is enabled on the internal load balancer serving the Console/API Gateway endpoint. Applicable only for GCP.
- gcp_
private_ objectservice_ connect - GCP Private Service Connect configuration
- http_
proxy object - HTTP Proxy properties.
- kafka_
api object - Cluster's Kafka API properties.
- kafka_
connect object - Kafka Connect configuration
- maintenance_
window_ objectconfig - Resource describing the maintenance window configuration of a cluster.
- name string
- Unique name of the cluster.
- read_
replica_ list(string)cluster_ ids - IDs of clusters that can create read-only topics from this cluster
- redpanda_
node_ numbercount - Number of Redpanda broker nodes
- redpanda_
version string - Redpanda Version
- rpsql object
- Rpsql configuration
- schema_
registry object - Cluster's Schema Registry properties.
- map(string)
- Tags placed on cloud resources. Server-managed keys (prefixed with
redpanda-) are filtered out of state. - timeouts object
- cloud
Provider String - Cloud provider where resources are created.
- connection
Type String - Cluster connection type. Private clusters are not exposed to the internet. For BYOC clusters, private is best-practice
- network
Id String - Network ID where cluster is placed.
- region String
- Region represents the name of the region where the cluster will be provisioned.
- resource
Group StringId - Resource group ID of the cluster.
- throughput
Tier String - Throughput tier of the cluster.
- zones List<String>
- Zones of the cluster. Must be valid zones within the selected region. If multiple zones are used, the cluster is a multi-AZ cluster.
- allow
Deletion Boolean - Resource will only be deleted when allow_deletion is set to true. Otherwise deletion will fail with a related error.
- api
Gateway StringAccess - Network access mode for an endpoint.
- aws
Private ClusterLink Aws Private Link - AWS Private Link configuration
- azure
Private ClusterLink Azure Private Link - Azure Private Link configuration
- cloud
Storage ClusterCloud Storage - Cloud Storage configuration
- cluster
Configuration ClusterCluster Configuration - Cluster Configuration configuration
- cluster
Type String - Cluster type. Type is immutable and can only be set on cluster creation. Can be either byoc or dedicated.
- customer
Managed ClusterResources Customer Managed Resources - The cloud resources created by user.
- gcp
Global BooleanAccess Api Gateway Enabled - gcpglobalaccessapigateway_enabled reports whether global access is enabled on the internal load balancer serving the Console/API Gateway endpoint. Applicable only for GCP.
- gcp
Private ClusterService Connect Gcp Private Service Connect - GCP Private Service Connect configuration
- http
Proxy ClusterHttp Proxy - HTTP Proxy properties.
- kafka
Api ClusterKafka Api - Cluster's Kafka API properties.
- kafka
Connect ClusterKafka Connect - Kafka Connect configuration
- maintenance
Window ClusterConfig Maintenance Window Config - Resource describing the maintenance window configuration of a cluster.
- name String
- Unique name of the cluster.
- read
Replica List<String>Cluster Ids - IDs of clusters that can create read-only topics from this cluster
- redpanda
Node DoubleCount - Number of Redpanda broker nodes
- redpanda
Version String - Redpanda Version
- rpsql
Cluster
Rpsql - Rpsql configuration
- schema
Registry ClusterSchema Registry - Cluster's Schema Registry properties.
- Map<String,String>
- Tags placed on cloud resources. Server-managed keys (prefixed with
redpanda-) are filtered out of state. - timeouts
Cluster
Timeouts
- cloud
Provider string - Cloud provider where resources are created.
- connection
Type string - Cluster connection type. Private clusters are not exposed to the internet. For BYOC clusters, private is best-practice
- network
Id string - Network ID where cluster is placed.
- region string
- Region represents the name of the region where the cluster will be provisioned.
- resource
Group stringId - Resource group ID of the cluster.
- throughput
Tier string - Throughput tier of the cluster.
- zones string[]
- Zones of the cluster. Must be valid zones within the selected region. If multiple zones are used, the cluster is a multi-AZ cluster.
- allow
Deletion boolean - Resource will only be deleted when allow_deletion is set to true. Otherwise deletion will fail with a related error.
- api
Gateway stringAccess - Network access mode for an endpoint.
- aws
Private ClusterLink Aws Private Link - AWS Private Link configuration
- azure
Private ClusterLink Azure Private Link - Azure Private Link configuration
- cloud
Storage ClusterCloud Storage - Cloud Storage configuration
- cluster
Configuration ClusterCluster Configuration - Cluster Configuration configuration
- cluster
Type string - Cluster type. Type is immutable and can only be set on cluster creation. Can be either byoc or dedicated.
- customer
Managed ClusterResources Customer Managed Resources - The cloud resources created by user.
- gcp
Global booleanAccess Api Gateway Enabled - gcpglobalaccessapigateway_enabled reports whether global access is enabled on the internal load balancer serving the Console/API Gateway endpoint. Applicable only for GCP.
- gcp
Private ClusterService Connect Gcp Private Service Connect - GCP Private Service Connect configuration
- http
Proxy ClusterHttp Proxy - HTTP Proxy properties.
- kafka
Api ClusterKafka Api - Cluster's Kafka API properties.
- kafka
Connect ClusterKafka Connect - Kafka Connect configuration
- maintenance
Window ClusterConfig Maintenance Window Config - Resource describing the maintenance window configuration of a cluster.
- name string
- Unique name of the cluster.
- read
Replica string[]Cluster Ids - IDs of clusters that can create read-only topics from this cluster
- redpanda
Node numberCount - Number of Redpanda broker nodes
- redpanda
Version string - Redpanda Version
- rpsql
Cluster
Rpsql - Rpsql configuration
- schema
Registry ClusterSchema Registry - Cluster's Schema Registry properties.
- {[key: string]: string}
- Tags placed on cloud resources. Server-managed keys (prefixed with
redpanda-) are filtered out of state. - timeouts
Cluster
Timeouts
- cloud_
provider str - Cloud provider where resources are created.
- connection_
type str - Cluster connection type. Private clusters are not exposed to the internet. For BYOC clusters, private is best-practice
- network_
id str - Network ID where cluster is placed.
- region str
- Region represents the name of the region where the cluster will be provisioned.
- resource_
group_ strid - Resource group ID of the cluster.
- throughput_
tier str - Throughput tier of the cluster.
- zones Sequence[str]
- Zones of the cluster. Must be valid zones within the selected region. If multiple zones are used, the cluster is a multi-AZ cluster.
- allow_
deletion bool - Resource will only be deleted when allow_deletion is set to true. Otherwise deletion will fail with a related error.
- api_
gateway_ straccess - Network access mode for an endpoint.
- aws_
private_ Clusterlink Aws Private Link Args - AWS Private Link configuration
- azure_
private_ Clusterlink Azure Private Link Args - Azure Private Link configuration
- cloud_
storage ClusterCloud Storage Args - Cloud Storage configuration
- cluster_
configuration ClusterCluster Configuration Args - Cluster Configuration configuration
- cluster_
type str - Cluster type. Type is immutable and can only be set on cluster creation. Can be either byoc or dedicated.
- customer_
managed_ Clusterresources Customer Managed Resources Args - The cloud resources created by user.
- gcp_
global_ boolaccess_ api_ gateway_ enabled - gcpglobalaccessapigateway_enabled reports whether global access is enabled on the internal load balancer serving the Console/API Gateway endpoint. Applicable only for GCP.
- gcp_
private_ Clusterservice_ connect Gcp Private Service Connect Args - GCP Private Service Connect configuration
- http_
proxy ClusterHttp Proxy Args - HTTP Proxy properties.
- kafka_
api ClusterKafka Api Args - Cluster's Kafka API properties.
- kafka_
connect ClusterKafka Connect Args - Kafka Connect configuration
- maintenance_
window_ Clusterconfig Maintenance Window Config Args - Resource describing the maintenance window configuration of a cluster.
- name str
- Unique name of the cluster.
- read_
replica_ Sequence[str]cluster_ ids - IDs of clusters that can create read-only topics from this cluster
- redpanda_
node_ floatcount - Number of Redpanda broker nodes
- redpanda_
version str - Redpanda Version
- rpsql
Cluster
Rpsql Args - Rpsql configuration
- schema_
registry ClusterSchema Registry Args - Cluster's Schema Registry properties.
- Mapping[str, str]
- Tags placed on cloud resources. Server-managed keys (prefixed with
redpanda-) are filtered out of state. - timeouts
Cluster
Timeouts Args
- cloud
Provider String - Cloud provider where resources are created.
- connection
Type String - Cluster connection type. Private clusters are not exposed to the internet. For BYOC clusters, private is best-practice
- network
Id String - Network ID where cluster is placed.
- region String
- Region represents the name of the region where the cluster will be provisioned.
- resource
Group StringId - Resource group ID of the cluster.
- throughput
Tier String - Throughput tier of the cluster.
- zones List<String>
- Zones of the cluster. Must be valid zones within the selected region. If multiple zones are used, the cluster is a multi-AZ cluster.
- allow
Deletion Boolean - Resource will only be deleted when allow_deletion is set to true. Otherwise deletion will fail with a related error.
- api
Gateway StringAccess - Network access mode for an endpoint.
- aws
Private Property MapLink - AWS Private Link configuration
- azure
Private Property MapLink - Azure Private Link configuration
- cloud
Storage Property Map - Cloud Storage configuration
- cluster
Configuration Property Map - Cluster Configuration configuration
- cluster
Type String - Cluster type. Type is immutable and can only be set on cluster creation. Can be either byoc or dedicated.
- customer
Managed Property MapResources - The cloud resources created by user.
- gcp
Global BooleanAccess Api Gateway Enabled - gcpglobalaccessapigateway_enabled reports whether global access is enabled on the internal load balancer serving the Console/API Gateway endpoint. Applicable only for GCP.
- gcp
Private Property MapService Connect - GCP Private Service Connect configuration
- http
Proxy Property Map - HTTP Proxy properties.
- kafka
Api Property Map - Cluster's Kafka API properties.
- kafka
Connect Property Map - Kafka Connect configuration
- maintenance
Window Property MapConfig - Resource describing the maintenance window configuration of a cluster.
- name String
- Unique name of the cluster.
- read
Replica List<String>Cluster Ids - IDs of clusters that can create read-only topics from this cluster
- redpanda
Node NumberCount - Number of Redpanda broker nodes
- redpanda
Version String - Redpanda Version
- rpsql Property Map
- Rpsql configuration
- schema
Registry Property Map - Cluster's Schema Registry properties.
- Map<String>
- Tags placed on cloud resources. Server-managed keys (prefixed with
redpanda-) are filtered out of state. - timeouts Property Map
Outputs
All input properties are implicitly available as output properties. Additionally, the Cluster resource produces the following output properties:
- Cluster
Api stringUrl - The URL of the cluster's data plane API
- Current
Redpanda stringVersion - Current Redpanda version of the cluster.
- Desired
Redpanda stringVersion - Desired Redpanda version of the cluster.
- Gcp
Global boolAccess Enabled - gcpenableglobal_access control if global access is enabled on the seed load balancer, applicable only for GCP. Default is false
- Id string
- The provider-assigned unique ID for this managed resource.
- Nat
Gateways List<string> - NAT gateway information for the cluster.
- Prometheus
Cluster
Prometheus - Prometheus metrics endpoint properties.
- Redpanda
Console ClusterRedpanda Console - Cluster's Redpanda Console properties.
- State string
- State describes the state of the cluster.
- State
Description ClusterState Description - Describes errors
- Cluster
Api stringUrl - The URL of the cluster's data plane API
- Current
Redpanda stringVersion - Current Redpanda version of the cluster.
- Desired
Redpanda stringVersion - Desired Redpanda version of the cluster.
- Gcp
Global boolAccess Enabled - gcpenableglobal_access control if global access is enabled on the seed load balancer, applicable only for GCP. Default is false
- Id string
- The provider-assigned unique ID for this managed resource.
- Nat
Gateways []string - NAT gateway information for the cluster.
- Prometheus
Cluster
Prometheus - Prometheus metrics endpoint properties.
- Redpanda
Console ClusterRedpanda Console - Cluster's Redpanda Console properties.
- State string
- State describes the state of the cluster.
- State
Description ClusterState Description - Describes errors
- cluster_
api_ stringurl - The URL of the cluster's data plane API
- current_
redpanda_ stringversion - Current Redpanda version of the cluster.
- desired_
redpanda_ stringversion - Desired Redpanda version of the cluster.
- gcp_
global_ boolaccess_ enabled - gcpenableglobal_access control if global access is enabled on the seed load balancer, applicable only for GCP. Default is false
- id string
- The provider-assigned unique ID for this managed resource.
- nat_
gateways list(string) - NAT gateway information for the cluster.
- prometheus object
- Prometheus metrics endpoint properties.
- redpanda_
console object - Cluster's Redpanda Console properties.
- state string
- State describes the state of the cluster.
- state_
description object - Describes errors
- cluster
Api StringUrl - The URL of the cluster's data plane API
- current
Redpanda StringVersion - Current Redpanda version of the cluster.
- desired
Redpanda StringVersion - Desired Redpanda version of the cluster.
- gcp
Global BooleanAccess Enabled - gcpenableglobal_access control if global access is enabled on the seed load balancer, applicable only for GCP. Default is false
- id String
- The provider-assigned unique ID for this managed resource.
- nat
Gateways List<String> - NAT gateway information for the cluster.
- prometheus
Cluster
Prometheus - Prometheus metrics endpoint properties.
- redpanda
Console ClusterRedpanda Console - Cluster's Redpanda Console properties.
- state String
- State describes the state of the cluster.
- state
Description ClusterState Description - Describes errors
- cluster
Api stringUrl - The URL of the cluster's data plane API
- current
Redpanda stringVersion - Current Redpanda version of the cluster.
- desired
Redpanda stringVersion - Desired Redpanda version of the cluster.
- gcp
Global booleanAccess Enabled - gcpenableglobal_access control if global access is enabled on the seed load balancer, applicable only for GCP. Default is false
- id string
- The provider-assigned unique ID for this managed resource.
- nat
Gateways string[] - NAT gateway information for the cluster.
- prometheus
Cluster
Prometheus - Prometheus metrics endpoint properties.
- redpanda
Console ClusterRedpanda Console - Cluster's Redpanda Console properties.
- state string
- State describes the state of the cluster.
- state
Description ClusterState Description - Describes errors
- cluster_
api_ strurl - The URL of the cluster's data plane API
- current_
redpanda_ strversion - Current Redpanda version of the cluster.
- desired_
redpanda_ strversion - Desired Redpanda version of the cluster.
- gcp_
global_ boolaccess_ enabled - gcpenableglobal_access control if global access is enabled on the seed load balancer, applicable only for GCP. Default is false
- id str
- The provider-assigned unique ID for this managed resource.
- nat_
gateways Sequence[str] - NAT gateway information for the cluster.
- prometheus
Cluster
Prometheus - Prometheus metrics endpoint properties.
- redpanda_
console ClusterRedpanda Console - Cluster's Redpanda Console properties.
- state str
- State describes the state of the cluster.
- state_
description ClusterState Description - Describes errors
- cluster
Api StringUrl - The URL of the cluster's data plane API
- current
Redpanda StringVersion - Current Redpanda version of the cluster.
- desired
Redpanda StringVersion - Desired Redpanda version of the cluster.
- gcp
Global BooleanAccess Enabled - gcpenableglobal_access control if global access is enabled on the seed load balancer, applicable only for GCP. Default is false
- id String
- The provider-assigned unique ID for this managed resource.
- nat
Gateways List<String> - NAT gateway information for the cluster.
- prometheus Property Map
- Prometheus metrics endpoint properties.
- redpanda
Console Property Map - Cluster's Redpanda Console properties.
- state String
- State describes the state of the cluster.
- state
Description Property Map - Describes errors
Look up Existing Cluster Resource
Get an existing Cluster resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ClusterState, opts?: CustomResourceOptions): Cluster@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allow_deletion: Optional[bool] = None,
api_gateway_access: Optional[str] = None,
aws_private_link: Optional[ClusterAwsPrivateLinkArgs] = None,
azure_private_link: Optional[ClusterAzurePrivateLinkArgs] = None,
cloud_provider: Optional[str] = None,
cloud_storage: Optional[ClusterCloudStorageArgs] = None,
cluster_api_url: Optional[str] = None,
cluster_configuration: Optional[ClusterClusterConfigurationArgs] = None,
cluster_type: Optional[str] = None,
connection_type: Optional[str] = None,
current_redpanda_version: Optional[str] = None,
customer_managed_resources: Optional[ClusterCustomerManagedResourcesArgs] = None,
desired_redpanda_version: Optional[str] = None,
gcp_global_access_api_gateway_enabled: Optional[bool] = None,
gcp_global_access_enabled: Optional[bool] = None,
gcp_private_service_connect: Optional[ClusterGcpPrivateServiceConnectArgs] = None,
http_proxy: Optional[ClusterHttpProxyArgs] = None,
kafka_api: Optional[ClusterKafkaApiArgs] = None,
kafka_connect: Optional[ClusterKafkaConnectArgs] = None,
maintenance_window_config: Optional[ClusterMaintenanceWindowConfigArgs] = None,
name: Optional[str] = None,
nat_gateways: Optional[Sequence[str]] = None,
network_id: Optional[str] = None,
prometheus: Optional[ClusterPrometheusArgs] = None,
read_replica_cluster_ids: Optional[Sequence[str]] = None,
redpanda_console: Optional[ClusterRedpandaConsoleArgs] = None,
redpanda_node_count: Optional[float] = None,
redpanda_version: Optional[str] = None,
region: Optional[str] = None,
resource_group_id: Optional[str] = None,
rpsql: Optional[ClusterRpsqlArgs] = None,
schema_registry: Optional[ClusterSchemaRegistryArgs] = None,
state: Optional[str] = None,
state_description: Optional[ClusterStateDescriptionArgs] = None,
tags: Optional[Mapping[str, str]] = None,
throughput_tier: Optional[str] = None,
timeouts: Optional[ClusterTimeoutsArgs] = None,
zones: Optional[Sequence[str]] = None) -> Clusterfunc GetCluster(ctx *Context, name string, id IDInput, state *ClusterState, opts ...ResourceOption) (*Cluster, error)public static Cluster Get(string name, Input<string> id, ClusterState? state, CustomResourceOptions? opts = null)public static Cluster get(String name, Output<String> id, ClusterState state, CustomResourceOptions options)resources: _: type: redpanda:Cluster get: id: ${id}import {
to = redpanda_cluster.example
id = "${id}"
}
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allow
Deletion bool - Resource will only be deleted when allow_deletion is set to true. Otherwise deletion will fail with a related error.
- Api
Gateway stringAccess - Network access mode for an endpoint.
- Aws
Private ClusterLink Aws Private Link - AWS Private Link configuration
- Azure
Private ClusterLink Azure Private Link - Azure Private Link configuration
- Cloud
Provider string - Cloud provider where resources are created.
- Cloud
Storage ClusterCloud Storage - Cloud Storage configuration
- Cluster
Api stringUrl - The URL of the cluster's data plane API
- Cluster
Configuration ClusterCluster Configuration - Cluster Configuration configuration
- Cluster
Type string - Cluster type. Type is immutable and can only be set on cluster creation. Can be either byoc or dedicated.
- Connection
Type string - Cluster connection type. Private clusters are not exposed to the internet. For BYOC clusters, private is best-practice
- Current
Redpanda stringVersion - Current Redpanda version of the cluster.
- Customer
Managed ClusterResources Customer Managed Resources - The cloud resources created by user.
- Desired
Redpanda stringVersion - Desired Redpanda version of the cluster.
- Gcp
Global boolAccess Api Gateway Enabled - gcpglobalaccessapigateway_enabled reports whether global access is enabled on the internal load balancer serving the Console/API Gateway endpoint. Applicable only for GCP.
- Gcp
Global boolAccess Enabled - gcpenableglobal_access control if global access is enabled on the seed load balancer, applicable only for GCP. Default is false
- Gcp
Private ClusterService Connect Gcp Private Service Connect - GCP Private Service Connect configuration
- Http
Proxy ClusterHttp Proxy - HTTP Proxy properties.
- Kafka
Api ClusterKafka Api - Cluster's Kafka API properties.
- Kafka
Connect ClusterKafka Connect - Kafka Connect configuration
- Maintenance
Window ClusterConfig Maintenance Window Config - Resource describing the maintenance window configuration of a cluster.
- Name string
- Unique name of the cluster.
- Nat
Gateways List<string> - NAT gateway information for the cluster.
- Network
Id string - Network ID where cluster is placed.
- Prometheus
Cluster
Prometheus - Prometheus metrics endpoint properties.
- Read
Replica List<string>Cluster Ids - IDs of clusters that can create read-only topics from this cluster
- Redpanda
Console ClusterRedpanda Console - Cluster's Redpanda Console properties.
- Redpanda
Node doubleCount - Number of Redpanda broker nodes
- Redpanda
Version string - Redpanda Version
- Region string
- Region represents the name of the region where the cluster will be provisioned.
- Resource
Group stringId - Resource group ID of the cluster.
- Rpsql
Cluster
Rpsql - Rpsql configuration
- Schema
Registry ClusterSchema Registry - Cluster's Schema Registry properties.
- State string
- State describes the state of the cluster.
- State
Description ClusterState Description - Describes errors
- Dictionary<string, string>
- Tags placed on cloud resources. Server-managed keys (prefixed with
redpanda-) are filtered out of state. - Throughput
Tier string - Throughput tier of the cluster.
- Timeouts
Cluster
Timeouts - Zones List<string>
- Zones of the cluster. Must be valid zones within the selected region. If multiple zones are used, the cluster is a multi-AZ cluster.
- Allow
Deletion bool - Resource will only be deleted when allow_deletion is set to true. Otherwise deletion will fail with a related error.
- Api
Gateway stringAccess - Network access mode for an endpoint.
- Aws
Private ClusterLink Aws Private Link Args - AWS Private Link configuration
- Azure
Private ClusterLink Azure Private Link Args - Azure Private Link configuration
- Cloud
Provider string - Cloud provider where resources are created.
- Cloud
Storage ClusterCloud Storage Args - Cloud Storage configuration
- Cluster
Api stringUrl - The URL of the cluster's data plane API
- Cluster
Configuration ClusterCluster Configuration Args - Cluster Configuration configuration
- Cluster
Type string - Cluster type. Type is immutable and can only be set on cluster creation. Can be either byoc or dedicated.
- Connection
Type string - Cluster connection type. Private clusters are not exposed to the internet. For BYOC clusters, private is best-practice
- Current
Redpanda stringVersion - Current Redpanda version of the cluster.
- Customer
Managed ClusterResources Customer Managed Resources Args - The cloud resources created by user.
- Desired
Redpanda stringVersion - Desired Redpanda version of the cluster.
- Gcp
Global boolAccess Api Gateway Enabled - gcpglobalaccessapigateway_enabled reports whether global access is enabled on the internal load balancer serving the Console/API Gateway endpoint. Applicable only for GCP.
- Gcp
Global boolAccess Enabled - gcpenableglobal_access control if global access is enabled on the seed load balancer, applicable only for GCP. Default is false
- Gcp
Private ClusterService Connect Gcp Private Service Connect Args - GCP Private Service Connect configuration
- Http
Proxy ClusterHttp Proxy Args - HTTP Proxy properties.
- Kafka
Api ClusterKafka Api Args - Cluster's Kafka API properties.
- Kafka
Connect ClusterKafka Connect Args - Kafka Connect configuration
- Maintenance
Window ClusterConfig Maintenance Window Config Args - Resource describing the maintenance window configuration of a cluster.
- Name string
- Unique name of the cluster.
- Nat
Gateways []string - NAT gateway information for the cluster.
- Network
Id string - Network ID where cluster is placed.
- Prometheus
Cluster
Prometheus Args - Prometheus metrics endpoint properties.
- Read
Replica []stringCluster Ids - IDs of clusters that can create read-only topics from this cluster
- Redpanda
Console ClusterRedpanda Console Args - Cluster's Redpanda Console properties.
- Redpanda
Node float64Count - Number of Redpanda broker nodes
- Redpanda
Version string - Redpanda Version
- Region string
- Region represents the name of the region where the cluster will be provisioned.
- Resource
Group stringId - Resource group ID of the cluster.
- Rpsql
Cluster
Rpsql Args - Rpsql configuration
- Schema
Registry ClusterSchema Registry Args - Cluster's Schema Registry properties.
- State string
- State describes the state of the cluster.
- State
Description ClusterState Description Args - Describes errors
- map[string]string
- Tags placed on cloud resources. Server-managed keys (prefixed with
redpanda-) are filtered out of state. - Throughput
Tier string - Throughput tier of the cluster.
- Timeouts
Cluster
Timeouts Args - Zones []string
- Zones of the cluster. Must be valid zones within the selected region. If multiple zones are used, the cluster is a multi-AZ cluster.
- allow_
deletion bool - Resource will only be deleted when allow_deletion is set to true. Otherwise deletion will fail with a related error.
- api_
gateway_ stringaccess - Network access mode for an endpoint.
- aws_
private_ objectlink - AWS Private Link configuration
- azure_
private_ objectlink - Azure Private Link configuration
- cloud_
provider string - Cloud provider where resources are created.
- cloud_
storage object - Cloud Storage configuration
- cluster_
api_ stringurl - The URL of the cluster's data plane API
- cluster_
configuration object - Cluster Configuration configuration
- cluster_
type string - Cluster type. Type is immutable and can only be set on cluster creation. Can be either byoc or dedicated.
- connection_
type string - Cluster connection type. Private clusters are not exposed to the internet. For BYOC clusters, private is best-practice
- current_
redpanda_ stringversion - Current Redpanda version of the cluster.
- customer_
managed_ objectresources - The cloud resources created by user.
- desired_
redpanda_ stringversion - Desired Redpanda version of the cluster.
- gcp_
global_ boolaccess_ api_ gateway_ enabled - gcpglobalaccessapigateway_enabled reports whether global access is enabled on the internal load balancer serving the Console/API Gateway endpoint. Applicable only for GCP.
- gcp_
global_ boolaccess_ enabled - gcpenableglobal_access control if global access is enabled on the seed load balancer, applicable only for GCP. Default is false
- gcp_
private_ objectservice_ connect - GCP Private Service Connect configuration
- http_
proxy object - HTTP Proxy properties.
- kafka_
api object - Cluster's Kafka API properties.
- kafka_
connect object - Kafka Connect configuration
- maintenance_
window_ objectconfig - Resource describing the maintenance window configuration of a cluster.
- name string
- Unique name of the cluster.
- nat_
gateways list(string) - NAT gateway information for the cluster.
- network_
id string - Network ID where cluster is placed.
- prometheus object
- Prometheus metrics endpoint properties.
- read_
replica_ list(string)cluster_ ids - IDs of clusters that can create read-only topics from this cluster
- redpanda_
console object - Cluster's Redpanda Console properties.
- redpanda_
node_ numbercount - Number of Redpanda broker nodes
- redpanda_
version string - Redpanda Version
- region string
- Region represents the name of the region where the cluster will be provisioned.
- resource_
group_ stringid - Resource group ID of the cluster.
- rpsql object
- Rpsql configuration
- schema_
registry object - Cluster's Schema Registry properties.
- state string
- State describes the state of the cluster.
- state_
description object - Describes errors
- map(string)
- Tags placed on cloud resources. Server-managed keys (prefixed with
redpanda-) are filtered out of state. - throughput_
tier string - Throughput tier of the cluster.
- timeouts object
- zones list(string)
- Zones of the cluster. Must be valid zones within the selected region. If multiple zones are used, the cluster is a multi-AZ cluster.
- allow
Deletion Boolean - Resource will only be deleted when allow_deletion is set to true. Otherwise deletion will fail with a related error.
- api
Gateway StringAccess - Network access mode for an endpoint.
- aws
Private ClusterLink Aws Private Link - AWS Private Link configuration
- azure
Private ClusterLink Azure Private Link - Azure Private Link configuration
- cloud
Provider String - Cloud provider where resources are created.
- cloud
Storage ClusterCloud Storage - Cloud Storage configuration
- cluster
Api StringUrl - The URL of the cluster's data plane API
- cluster
Configuration ClusterCluster Configuration - Cluster Configuration configuration
- cluster
Type String - Cluster type. Type is immutable and can only be set on cluster creation. Can be either byoc or dedicated.
- connection
Type String - Cluster connection type. Private clusters are not exposed to the internet. For BYOC clusters, private is best-practice
- current
Redpanda StringVersion - Current Redpanda version of the cluster.
- customer
Managed ClusterResources Customer Managed Resources - The cloud resources created by user.
- desired
Redpanda StringVersion - Desired Redpanda version of the cluster.
- gcp
Global BooleanAccess Api Gateway Enabled - gcpglobalaccessapigateway_enabled reports whether global access is enabled on the internal load balancer serving the Console/API Gateway endpoint. Applicable only for GCP.
- gcp
Global BooleanAccess Enabled - gcpenableglobal_access control if global access is enabled on the seed load balancer, applicable only for GCP. Default is false
- gcp
Private ClusterService Connect Gcp Private Service Connect - GCP Private Service Connect configuration
- http
Proxy ClusterHttp Proxy - HTTP Proxy properties.
- kafka
Api ClusterKafka Api - Cluster's Kafka API properties.
- kafka
Connect ClusterKafka Connect - Kafka Connect configuration
- maintenance
Window ClusterConfig Maintenance Window Config - Resource describing the maintenance window configuration of a cluster.
- name String
- Unique name of the cluster.
- nat
Gateways List<String> - NAT gateway information for the cluster.
- network
Id String - Network ID where cluster is placed.
- prometheus
Cluster
Prometheus - Prometheus metrics endpoint properties.
- read
Replica List<String>Cluster Ids - IDs of clusters that can create read-only topics from this cluster
- redpanda
Console ClusterRedpanda Console - Cluster's Redpanda Console properties.
- redpanda
Node DoubleCount - Number of Redpanda broker nodes
- redpanda
Version String - Redpanda Version
- region String
- Region represents the name of the region where the cluster will be provisioned.
- resource
Group StringId - Resource group ID of the cluster.
- rpsql
Cluster
Rpsql - Rpsql configuration
- schema
Registry ClusterSchema Registry - Cluster's Schema Registry properties.
- state String
- State describes the state of the cluster.
- state
Description ClusterState Description - Describes errors
- Map<String,String>
- Tags placed on cloud resources. Server-managed keys (prefixed with
redpanda-) are filtered out of state. - throughput
Tier String - Throughput tier of the cluster.
- timeouts
Cluster
Timeouts - zones List<String>
- Zones of the cluster. Must be valid zones within the selected region. If multiple zones are used, the cluster is a multi-AZ cluster.
- allow
Deletion boolean - Resource will only be deleted when allow_deletion is set to true. Otherwise deletion will fail with a related error.
- api
Gateway stringAccess - Network access mode for an endpoint.
- aws
Private ClusterLink Aws Private Link - AWS Private Link configuration
- azure
Private ClusterLink Azure Private Link - Azure Private Link configuration
- cloud
Provider string - Cloud provider where resources are created.
- cloud
Storage ClusterCloud Storage - Cloud Storage configuration
- cluster
Api stringUrl - The URL of the cluster's data plane API
- cluster
Configuration ClusterCluster Configuration - Cluster Configuration configuration
- cluster
Type string - Cluster type. Type is immutable and can only be set on cluster creation. Can be either byoc or dedicated.
- connection
Type string - Cluster connection type. Private clusters are not exposed to the internet. For BYOC clusters, private is best-practice
- current
Redpanda stringVersion - Current Redpanda version of the cluster.
- customer
Managed ClusterResources Customer Managed Resources - The cloud resources created by user.
- desired
Redpanda stringVersion - Desired Redpanda version of the cluster.
- gcp
Global booleanAccess Api Gateway Enabled - gcpglobalaccessapigateway_enabled reports whether global access is enabled on the internal load balancer serving the Console/API Gateway endpoint. Applicable only for GCP.
- gcp
Global booleanAccess Enabled - gcpenableglobal_access control if global access is enabled on the seed load balancer, applicable only for GCP. Default is false
- gcp
Private ClusterService Connect Gcp Private Service Connect - GCP Private Service Connect configuration
- http
Proxy ClusterHttp Proxy - HTTP Proxy properties.
- kafka
Api ClusterKafka Api - Cluster's Kafka API properties.
- kafka
Connect ClusterKafka Connect - Kafka Connect configuration
- maintenance
Window ClusterConfig Maintenance Window Config - Resource describing the maintenance window configuration of a cluster.
- name string
- Unique name of the cluster.
- nat
Gateways string[] - NAT gateway information for the cluster.
- network
Id string - Network ID where cluster is placed.
- prometheus
Cluster
Prometheus - Prometheus metrics endpoint properties.
- read
Replica string[]Cluster Ids - IDs of clusters that can create read-only topics from this cluster
- redpanda
Console ClusterRedpanda Console - Cluster's Redpanda Console properties.
- redpanda
Node numberCount - Number of Redpanda broker nodes
- redpanda
Version string - Redpanda Version
- region string
- Region represents the name of the region where the cluster will be provisioned.
- resource
Group stringId - Resource group ID of the cluster.
- rpsql
Cluster
Rpsql - Rpsql configuration
- schema
Registry ClusterSchema Registry - Cluster's Schema Registry properties.
- state string
- State describes the state of the cluster.
- state
Description ClusterState Description - Describes errors
- {[key: string]: string}
- Tags placed on cloud resources. Server-managed keys (prefixed with
redpanda-) are filtered out of state. - throughput
Tier string - Throughput tier of the cluster.
- timeouts
Cluster
Timeouts - zones string[]
- Zones of the cluster. Must be valid zones within the selected region. If multiple zones are used, the cluster is a multi-AZ cluster.
- allow_
deletion bool - Resource will only be deleted when allow_deletion is set to true. Otherwise deletion will fail with a related error.
- api_
gateway_ straccess - Network access mode for an endpoint.
- aws_
private_ Clusterlink Aws Private Link Args - AWS Private Link configuration
- azure_
private_ Clusterlink Azure Private Link Args - Azure Private Link configuration
- cloud_
provider str - Cloud provider where resources are created.
- cloud_
storage ClusterCloud Storage Args - Cloud Storage configuration
- cluster_
api_ strurl - The URL of the cluster's data plane API
- cluster_
configuration ClusterCluster Configuration Args - Cluster Configuration configuration
- cluster_
type str - Cluster type. Type is immutable and can only be set on cluster creation. Can be either byoc or dedicated.
- connection_
type str - Cluster connection type. Private clusters are not exposed to the internet. For BYOC clusters, private is best-practice
- current_
redpanda_ strversion - Current Redpanda version of the cluster.
- customer_
managed_ Clusterresources Customer Managed Resources Args - The cloud resources created by user.
- desired_
redpanda_ strversion - Desired Redpanda version of the cluster.
- gcp_
global_ boolaccess_ api_ gateway_ enabled - gcpglobalaccessapigateway_enabled reports whether global access is enabled on the internal load balancer serving the Console/API Gateway endpoint. Applicable only for GCP.
- gcp_
global_ boolaccess_ enabled - gcpenableglobal_access control if global access is enabled on the seed load balancer, applicable only for GCP. Default is false
- gcp_
private_ Clusterservice_ connect Gcp Private Service Connect Args - GCP Private Service Connect configuration
- http_
proxy ClusterHttp Proxy Args - HTTP Proxy properties.
- kafka_
api ClusterKafka Api Args - Cluster's Kafka API properties.
- kafka_
connect ClusterKafka Connect Args - Kafka Connect configuration
- maintenance_
window_ Clusterconfig Maintenance Window Config Args - Resource describing the maintenance window configuration of a cluster.
- name str
- Unique name of the cluster.
- nat_
gateways Sequence[str] - NAT gateway information for the cluster.
- network_
id str - Network ID where cluster is placed.
- prometheus
Cluster
Prometheus Args - Prometheus metrics endpoint properties.
- read_
replica_ Sequence[str]cluster_ ids - IDs of clusters that can create read-only topics from this cluster
- redpanda_
console ClusterRedpanda Console Args - Cluster's Redpanda Console properties.
- redpanda_
node_ floatcount - Number of Redpanda broker nodes
- redpanda_
version str - Redpanda Version
- region str
- Region represents the name of the region where the cluster will be provisioned.
- resource_
group_ strid - Resource group ID of the cluster.
- rpsql
Cluster
Rpsql Args - Rpsql configuration
- schema_
registry ClusterSchema Registry Args - Cluster's Schema Registry properties.
- state str
- State describes the state of the cluster.
- state_
description ClusterState Description Args - Describes errors
- Mapping[str, str]
- Tags placed on cloud resources. Server-managed keys (prefixed with
redpanda-) are filtered out of state. - throughput_
tier str - Throughput tier of the cluster.
- timeouts
Cluster
Timeouts Args - zones Sequence[str]
- Zones of the cluster. Must be valid zones within the selected region. If multiple zones are used, the cluster is a multi-AZ cluster.
- allow
Deletion Boolean - Resource will only be deleted when allow_deletion is set to true. Otherwise deletion will fail with a related error.
- api
Gateway StringAccess - Network access mode for an endpoint.
- aws
Private Property MapLink - AWS Private Link configuration
- azure
Private Property MapLink - Azure Private Link configuration
- cloud
Provider String - Cloud provider where resources are created.
- cloud
Storage Property Map - Cloud Storage configuration
- cluster
Api StringUrl - The URL of the cluster's data plane API
- cluster
Configuration Property Map - Cluster Configuration configuration
- cluster
Type String - Cluster type. Type is immutable and can only be set on cluster creation. Can be either byoc or dedicated.
- connection
Type String - Cluster connection type. Private clusters are not exposed to the internet. For BYOC clusters, private is best-practice
- current
Redpanda StringVersion - Current Redpanda version of the cluster.
- customer
Managed Property MapResources - The cloud resources created by user.
- desired
Redpanda StringVersion - Desired Redpanda version of the cluster.
- gcp
Global BooleanAccess Api Gateway Enabled - gcpglobalaccessapigateway_enabled reports whether global access is enabled on the internal load balancer serving the Console/API Gateway endpoint. Applicable only for GCP.
- gcp
Global BooleanAccess Enabled - gcpenableglobal_access control if global access is enabled on the seed load balancer, applicable only for GCP. Default is false
- gcp
Private Property MapService Connect - GCP Private Service Connect configuration
- http
Proxy Property Map - HTTP Proxy properties.
- kafka
Api Property Map - Cluster's Kafka API properties.
- kafka
Connect Property Map - Kafka Connect configuration
- maintenance
Window Property MapConfig - Resource describing the maintenance window configuration of a cluster.
- name String
- Unique name of the cluster.
- nat
Gateways List<String> - NAT gateway information for the cluster.
- network
Id String - Network ID where cluster is placed.
- prometheus Property Map
- Prometheus metrics endpoint properties.
- read
Replica List<String>Cluster Ids - IDs of clusters that can create read-only topics from this cluster
- redpanda
Console Property Map - Cluster's Redpanda Console properties.
- redpanda
Node NumberCount - Number of Redpanda broker nodes
- redpanda
Version String - Redpanda Version
- region String
- Region represents the name of the region where the cluster will be provisioned.
- resource
Group StringId - Resource group ID of the cluster.
- rpsql Property Map
- Rpsql configuration
- schema
Registry Property Map - Cluster's Schema Registry properties.
- state String
- State describes the state of the cluster.
- state
Description Property Map - Describes errors
- Map<String>
- Tags placed on cloud resources. Server-managed keys (prefixed with
redpanda-) are filtered out of state. - throughput
Tier String - Throughput tier of the cluster.
- timeouts Property Map
- zones List<String>
- Zones of the cluster. Must be valid zones within the selected region. If multiple zones are used, the cluster is a multi-AZ cluster.
Supporting Types
ClusterAwsPrivateLink, ClusterAwsPrivateLinkArgs
- Allowed
Principals List<string> - ARN of the principals that can access the Redpanda AWS PrivateLink Endpoint Service
- Connect
Console bool - Whether Console is connected in Redpanda AWS Private Link Service.
- Enabled bool
- Whether Redpanda AWS Private Link Endpoint Service is enabled.
- Status
Cluster
Aws Private Link Status - Status configuration
- Supported
Regions List<string> - List of supported regions in cross-region AWS PrivateLink.
- Allowed
Principals []string - ARN of the principals that can access the Redpanda AWS PrivateLink Endpoint Service
- Connect
Console bool - Whether Console is connected in Redpanda AWS Private Link Service.
- Enabled bool
- Whether Redpanda AWS Private Link Endpoint Service is enabled.
- Status
Cluster
Aws Private Link Status - Status configuration
- Supported
Regions []string - List of supported regions in cross-region AWS PrivateLink.
- allowed_
principals list(string) - ARN of the principals that can access the Redpanda AWS PrivateLink Endpoint Service
- connect_
console bool - Whether Console is connected in Redpanda AWS Private Link Service.
- enabled bool
- Whether Redpanda AWS Private Link Endpoint Service is enabled.
- status object
- Status configuration
- supported_
regions list(string) - List of supported regions in cross-region AWS PrivateLink.
- allowed
Principals List<String> - ARN of the principals that can access the Redpanda AWS PrivateLink Endpoint Service
- connect
Console Boolean - Whether Console is connected in Redpanda AWS Private Link Service.
- enabled Boolean
- Whether Redpanda AWS Private Link Endpoint Service is enabled.
- status
Cluster
Aws Private Link Status - Status configuration
- supported
Regions List<String> - List of supported regions in cross-region AWS PrivateLink.
- allowed
Principals string[] - ARN of the principals that can access the Redpanda AWS PrivateLink Endpoint Service
- connect
Console boolean - Whether Console is connected in Redpanda AWS Private Link Service.
- enabled boolean
- Whether Redpanda AWS Private Link Endpoint Service is enabled.
- status
Cluster
Aws Private Link Status - Status configuration
- supported
Regions string[] - List of supported regions in cross-region AWS PrivateLink.
- allowed_
principals Sequence[str] - ARN of the principals that can access the Redpanda AWS PrivateLink Endpoint Service
- connect_
console bool - Whether Console is connected in Redpanda AWS Private Link Service.
- enabled bool
- Whether Redpanda AWS Private Link Endpoint Service is enabled.
- status
Cluster
Aws Private Link Status - Status configuration
- supported_
regions Sequence[str] - List of supported regions in cross-region AWS PrivateLink.
- allowed
Principals List<String> - ARN of the principals that can access the Redpanda AWS PrivateLink Endpoint Service
- connect
Console Boolean - Whether Console is connected in Redpanda AWS Private Link Service.
- enabled Boolean
- Whether Redpanda AWS Private Link Endpoint Service is enabled.
- status Property Map
- Status configuration
- supported
Regions List<String> - List of supported regions in cross-region AWS PrivateLink.
ClusterAwsPrivateLinkStatus, ClusterAwsPrivateLinkStatusArgs
- Console
Port double - The port of Redpanda Console.
- Kafka
Api doubleNode Base Port - Kafka API node service base port. The port for node
i(0 .. nodecount-1) is kafkaapinodebase_port +i. - Kafka
Api doubleSeed Port - Kafka API seed service port.
- Redpanda
Proxy doubleNode Base Port - HTTP Proxy node service base port. The port for node
i(0 .. nodecount-1) is redpandaproxynodebase_port + i. - Redpanda
Proxy doubleSeed Port - HTTP Proxy seed service port.
- Schema
Registry doubleSeed Port - Schema Registry seed service port.
- Service
Id string - ID of Redpanda AWS PrivateLink Endpoint Service.
- Service
Name string - Name of Redpanda AWS PrivateLink Endpoint Service.
- Service
State string - State of Redpanda AWS PrivateLink Endpoint Service.
- Vpc
Endpoint List<ClusterConnections Aws Private Link Status Vpc Endpoint Connection> - List of VPC endpoints with established connections to Redpanda AWS PrivateLink Endpoint Service.
- Console
Port float64 - The port of Redpanda Console.
- Kafka
Api float64Node Base Port - Kafka API node service base port. The port for node
i(0 .. nodecount-1) is kafkaapinodebase_port +i. - Kafka
Api float64Seed Port - Kafka API seed service port.
- Redpanda
Proxy float64Node Base Port - HTTP Proxy node service base port. The port for node
i(0 .. nodecount-1) is redpandaproxynodebase_port + i. - Redpanda
Proxy float64Seed Port - HTTP Proxy seed service port.
- Schema
Registry float64Seed Port - Schema Registry seed service port.
- Service
Id string - ID of Redpanda AWS PrivateLink Endpoint Service.
- Service
Name string - Name of Redpanda AWS PrivateLink Endpoint Service.
- Service
State string - State of Redpanda AWS PrivateLink Endpoint Service.
- Vpc
Endpoint []ClusterConnections Aws Private Link Status Vpc Endpoint Connection - List of VPC endpoints with established connections to Redpanda AWS PrivateLink Endpoint Service.
- console_
port number - The port of Redpanda Console.
- kafka_
api_ numbernode_ base_ port - Kafka API node service base port. The port for node
i(0 .. nodecount-1) is kafkaapinodebase_port +i. - kafka_
api_ numberseed_ port - Kafka API seed service port.
- redpanda_
proxy_ numbernode_ base_ port - HTTP Proxy node service base port. The port for node
i(0 .. nodecount-1) is redpandaproxynodebase_port + i. - redpanda_
proxy_ numberseed_ port - HTTP Proxy seed service port.
- schema_
registry_ numberseed_ port - Schema Registry seed service port.
- service_
id string - ID of Redpanda AWS PrivateLink Endpoint Service.
- service_
name string - Name of Redpanda AWS PrivateLink Endpoint Service.
- service_
state string - State of Redpanda AWS PrivateLink Endpoint Service.
- vpc_
endpoint_ list(object)connections - List of VPC endpoints with established connections to Redpanda AWS PrivateLink Endpoint Service.
- console
Port Double - The port of Redpanda Console.
- kafka
Api DoubleNode Base Port - Kafka API node service base port. The port for node
i(0 .. nodecount-1) is kafkaapinodebase_port +i. - kafka
Api DoubleSeed Port - Kafka API seed service port.
- redpanda
Proxy DoubleNode Base Port - HTTP Proxy node service base port. The port for node
i(0 .. nodecount-1) is redpandaproxynodebase_port + i. - redpanda
Proxy DoubleSeed Port - HTTP Proxy seed service port.
- schema
Registry DoubleSeed Port - Schema Registry seed service port.
- service
Id String - ID of Redpanda AWS PrivateLink Endpoint Service.
- service
Name String - Name of Redpanda AWS PrivateLink Endpoint Service.
- service
State String - State of Redpanda AWS PrivateLink Endpoint Service.
- vpc
Endpoint List<ClusterConnections Aws Private Link Status Vpc Endpoint Connection> - List of VPC endpoints with established connections to Redpanda AWS PrivateLink Endpoint Service.
- console
Port number - The port of Redpanda Console.
- kafka
Api numberNode Base Port - Kafka API node service base port. The port for node
i(0 .. nodecount-1) is kafkaapinodebase_port +i. - kafka
Api numberSeed Port - Kafka API seed service port.
- redpanda
Proxy numberNode Base Port - HTTP Proxy node service base port. The port for node
i(0 .. nodecount-1) is redpandaproxynodebase_port + i. - redpanda
Proxy numberSeed Port - HTTP Proxy seed service port.
- schema
Registry numberSeed Port - Schema Registry seed service port.
- service
Id string - ID of Redpanda AWS PrivateLink Endpoint Service.
- service
Name string - Name of Redpanda AWS PrivateLink Endpoint Service.
- service
State string - State of Redpanda AWS PrivateLink Endpoint Service.
- vpc
Endpoint ClusterConnections Aws Private Link Status Vpc Endpoint Connection[] - List of VPC endpoints with established connections to Redpanda AWS PrivateLink Endpoint Service.
- console_
port float - The port of Redpanda Console.
- kafka_
api_ floatnode_ base_ port - Kafka API node service base port. The port for node
i(0 .. nodecount-1) is kafkaapinodebase_port +i. - kafka_
api_ floatseed_ port - Kafka API seed service port.
- redpanda_
proxy_ floatnode_ base_ port - HTTP Proxy node service base port. The port for node
i(0 .. nodecount-1) is redpandaproxynodebase_port + i. - redpanda_
proxy_ floatseed_ port - HTTP Proxy seed service port.
- schema_
registry_ floatseed_ port - Schema Registry seed service port.
- service_
id str - ID of Redpanda AWS PrivateLink Endpoint Service.
- service_
name str - Name of Redpanda AWS PrivateLink Endpoint Service.
- service_
state str - State of Redpanda AWS PrivateLink Endpoint Service.
- vpc_
endpoint_ Sequence[Clusterconnections Aws Private Link Status Vpc Endpoint Connection] - List of VPC endpoints with established connections to Redpanda AWS PrivateLink Endpoint Service.
- console
Port Number - The port of Redpanda Console.
- kafka
Api NumberNode Base Port - Kafka API node service base port. The port for node
i(0 .. nodecount-1) is kafkaapinodebase_port +i. - kafka
Api NumberSeed Port - Kafka API seed service port.
- redpanda
Proxy NumberNode Base Port - HTTP Proxy node service base port. The port for node
i(0 .. nodecount-1) is redpandaproxynodebase_port + i. - redpanda
Proxy NumberSeed Port - HTTP Proxy seed service port.
- schema
Registry NumberSeed Port - Schema Registry seed service port.
- service
Id String - ID of Redpanda AWS PrivateLink Endpoint Service.
- service
Name String - Name of Redpanda AWS PrivateLink Endpoint Service.
- service
State String - State of Redpanda AWS PrivateLink Endpoint Service.
- vpc
Endpoint List<Property Map>Connections - List of VPC endpoints with established connections to Redpanda AWS PrivateLink Endpoint Service.
ClusterAwsPrivateLinkStatusVpcEndpointConnection, ClusterAwsPrivateLinkStatusVpcEndpointConnectionArgs
- Connection
Id string - Connection ID of VPC endpoint connected to Redpanda AWS PrivateLink Endpoint Service.
- Dns
Entries List<ClusterAws Private Link Status Vpc Endpoint Connection Dns Entry> - The list of DNS entries associated with VPC endpoint.
- Id string
- The ID of VPC endpoint.
- Load
Balancer List<string>Arns - List of load balancer ARNs.
- Owner string
- The owner of VPC endpoint.
- State string
- The state of VPC endpoint connected to Redpanda AWS PrivateLink Endpoint Service.
- Connection
Id string - Connection ID of VPC endpoint connected to Redpanda AWS PrivateLink Endpoint Service.
- Dns
Entries []ClusterAws Private Link Status Vpc Endpoint Connection Dns Entry - The list of DNS entries associated with VPC endpoint.
- Id string
- The ID of VPC endpoint.
- Load
Balancer []stringArns - List of load balancer ARNs.
- Owner string
- The owner of VPC endpoint.
- State string
- The state of VPC endpoint connected to Redpanda AWS PrivateLink Endpoint Service.
- connection_
id string - Connection ID of VPC endpoint connected to Redpanda AWS PrivateLink Endpoint Service.
- dns_
entries list(object) - The list of DNS entries associated with VPC endpoint.
- id string
- The ID of VPC endpoint.
- load_
balancer_ list(string)arns - List of load balancer ARNs.
- owner string
- The owner of VPC endpoint.
- state string
- The state of VPC endpoint connected to Redpanda AWS PrivateLink Endpoint Service.
- connection
Id String - Connection ID of VPC endpoint connected to Redpanda AWS PrivateLink Endpoint Service.
- dns
Entries List<ClusterAws Private Link Status Vpc Endpoint Connection Dns Entry> - The list of DNS entries associated with VPC endpoint.
- id String
- The ID of VPC endpoint.
- load
Balancer List<String>Arns - List of load balancer ARNs.
- owner String
- The owner of VPC endpoint.
- state String
- The state of VPC endpoint connected to Redpanda AWS PrivateLink Endpoint Service.
- connection
Id string - Connection ID of VPC endpoint connected to Redpanda AWS PrivateLink Endpoint Service.
- dns
Entries ClusterAws Private Link Status Vpc Endpoint Connection Dns Entry[] - The list of DNS entries associated with VPC endpoint.
- id string
- The ID of VPC endpoint.
- load
Balancer string[]Arns - List of load balancer ARNs.
- owner string
- The owner of VPC endpoint.
- state string
- The state of VPC endpoint connected to Redpanda AWS PrivateLink Endpoint Service.
- connection_
id str - Connection ID of VPC endpoint connected to Redpanda AWS PrivateLink Endpoint Service.
- dns_
entries Sequence[ClusterAws Private Link Status Vpc Endpoint Connection Dns Entry] - The list of DNS entries associated with VPC endpoint.
- id str
- The ID of VPC endpoint.
- load_
balancer_ Sequence[str]arns - List of load balancer ARNs.
- owner str
- The owner of VPC endpoint.
- state str
- The state of VPC endpoint connected to Redpanda AWS PrivateLink Endpoint Service.
- connection
Id String - Connection ID of VPC endpoint connected to Redpanda AWS PrivateLink Endpoint Service.
- dns
Entries List<Property Map> - The list of DNS entries associated with VPC endpoint.
- id String
- The ID of VPC endpoint.
- load
Balancer List<String>Arns - List of load balancer ARNs.
- owner String
- The owner of VPC endpoint.
- state String
- The state of VPC endpoint connected to Redpanda AWS PrivateLink Endpoint Service.
ClusterAwsPrivateLinkStatusVpcEndpointConnectionDnsEntry, ClusterAwsPrivateLinkStatusVpcEndpointConnectionDnsEntryArgs
- Dns
Name string - DNS entry of VPC endpoint connected to Redpanda AWS PrivateLink Endpoint Service.
- Hosted
Zone stringId - The ID of Route53 DNS zone.
- Dns
Name string - DNS entry of VPC endpoint connected to Redpanda AWS PrivateLink Endpoint Service.
- Hosted
Zone stringId - The ID of Route53 DNS zone.
- dns_
name string - DNS entry of VPC endpoint connected to Redpanda AWS PrivateLink Endpoint Service.
- hosted_
zone_ stringid - The ID of Route53 DNS zone.
- dns
Name String - DNS entry of VPC endpoint connected to Redpanda AWS PrivateLink Endpoint Service.
- hosted
Zone StringId - The ID of Route53 DNS zone.
- dns
Name string - DNS entry of VPC endpoint connected to Redpanda AWS PrivateLink Endpoint Service.
- hosted
Zone stringId - The ID of Route53 DNS zone.
- dns_
name str - DNS entry of VPC endpoint connected to Redpanda AWS PrivateLink Endpoint Service.
- hosted_
zone_ strid - The ID of Route53 DNS zone.
- dns
Name String - DNS entry of VPC endpoint connected to Redpanda AWS PrivateLink Endpoint Service.
- hosted
Zone StringId - The ID of Route53 DNS zone.
ClusterAzurePrivateLink, ClusterAzurePrivateLinkArgs
- Allowed
Subscriptions List<string> - Azure subscription IDs allowed to access the Redpanda Private Link Endpoint Service
- Connect
Console bool - Whether Console is connected in Redpanda Azure Private Link Service.
- Enabled bool
- Whether Redpanda AWS Private Link Endpoint Service is enabled.
- Status
Cluster
Azure Private Link Status - Status configuration
- Allowed
Subscriptions []string - Azure subscription IDs allowed to access the Redpanda Private Link Endpoint Service
- Connect
Console bool - Whether Console is connected in Redpanda Azure Private Link Service.
- Enabled bool
- Whether Redpanda AWS Private Link Endpoint Service is enabled.
- Status
Cluster
Azure Private Link Status - Status configuration
- allowed_
subscriptions list(string) - Azure subscription IDs allowed to access the Redpanda Private Link Endpoint Service
- connect_
console bool - Whether Console is connected in Redpanda Azure Private Link Service.
- enabled bool
- Whether Redpanda AWS Private Link Endpoint Service is enabled.
- status object
- Status configuration
- allowed
Subscriptions List<String> - Azure subscription IDs allowed to access the Redpanda Private Link Endpoint Service
- connect
Console Boolean - Whether Console is connected in Redpanda Azure Private Link Service.
- enabled Boolean
- Whether Redpanda AWS Private Link Endpoint Service is enabled.
- status
Cluster
Azure Private Link Status - Status configuration
- allowed
Subscriptions string[] - Azure subscription IDs allowed to access the Redpanda Private Link Endpoint Service
- connect
Console boolean - Whether Console is connected in Redpanda Azure Private Link Service.
- enabled boolean
- Whether Redpanda AWS Private Link Endpoint Service is enabled.
- status
Cluster
Azure Private Link Status - Status configuration
- allowed_
subscriptions Sequence[str] - Azure subscription IDs allowed to access the Redpanda Private Link Endpoint Service
- connect_
console bool - Whether Console is connected in Redpanda Azure Private Link Service.
- enabled bool
- Whether Redpanda AWS Private Link Endpoint Service is enabled.
- status
Cluster
Azure Private Link Status - Status configuration
- allowed
Subscriptions List<String> - Azure subscription IDs allowed to access the Redpanda Private Link Endpoint Service
- connect
Console Boolean - Whether Console is connected in Redpanda Azure Private Link Service.
- enabled Boolean
- Whether Redpanda AWS Private Link Endpoint Service is enabled.
- status Property Map
- Status configuration
ClusterAzurePrivateLinkStatus, ClusterAzurePrivateLinkStatusArgs
- Approved
Subscriptions List<string> - These are the approved subscriptions on the private link
- Console
Port double - The port of Redpanda Console.
- Dns
ARecord string - dnsadnsarecordrecord is the DNS A record the customer will create pointing at the their PE
- Kafka
Api doubleNode Base Port - Kafka API node service base port. The port for node
i(0 .. nodecount-1) is kafkaapinodebase_port +i. - Kafka
Api doubleSeed Port - Kafka API seed service port.
- Private
Endpoint List<ClusterConnections Azure Private Link Status Private Endpoint Connection> - List of private endpoint connections to Redpanda Azure Private Link Service.
- Redpanda
Proxy doubleNode Base Port - HTTP Proxy node service base port. The port for node
i(0 .. nodecount-1) is redpandaproxynodebase_port + i. - Redpanda
Proxy doubleSeed Port - HTTP Proxy seed service port.
- Schema
Registry doubleSeed Port - Schema Registry seed service port.
- Service
Id string - ID of Redpanda Azure PrivateLink Endpoint Service.
- Service
Name string - Name of Redpanda Azure PrivateLink Endpoint Service.
- Approved
Subscriptions []string - These are the approved subscriptions on the private link
- Console
Port float64 - The port of Redpanda Console.
- Dns
ARecord string - dnsadnsarecordrecord is the DNS A record the customer will create pointing at the their PE
- Kafka
Api float64Node Base Port - Kafka API node service base port. The port for node
i(0 .. nodecount-1) is kafkaapinodebase_port +i. - Kafka
Api float64Seed Port - Kafka API seed service port.
- Private
Endpoint []ClusterConnections Azure Private Link Status Private Endpoint Connection - List of private endpoint connections to Redpanda Azure Private Link Service.
- Redpanda
Proxy float64Node Base Port - HTTP Proxy node service base port. The port for node
i(0 .. nodecount-1) is redpandaproxynodebase_port + i. - Redpanda
Proxy float64Seed Port - HTTP Proxy seed service port.
- Schema
Registry float64Seed Port - Schema Registry seed service port.
- Service
Id string - ID of Redpanda Azure PrivateLink Endpoint Service.
- Service
Name string - Name of Redpanda Azure PrivateLink Endpoint Service.
- approved_
subscriptions list(string) - These are the approved subscriptions on the private link
- console_
port number - The port of Redpanda Console.
- dns_
a_ stringrecord - dnsadnsarecordrecord is the DNS A record the customer will create pointing at the their PE
- kafka_
api_ numbernode_ base_ port - Kafka API node service base port. The port for node
i(0 .. nodecount-1) is kafkaapinodebase_port +i. - kafka_
api_ numberseed_ port - Kafka API seed service port.
- private_
endpoint_ list(object)connections - List of private endpoint connections to Redpanda Azure Private Link Service.
- redpanda_
proxy_ numbernode_ base_ port - HTTP Proxy node service base port. The port for node
i(0 .. nodecount-1) is redpandaproxynodebase_port + i. - redpanda_
proxy_ numberseed_ port - HTTP Proxy seed service port.
- schema_
registry_ numberseed_ port - Schema Registry seed service port.
- service_
id string - ID of Redpanda Azure PrivateLink Endpoint Service.
- service_
name string - Name of Redpanda Azure PrivateLink Endpoint Service.
- approved
Subscriptions List<String> - These are the approved subscriptions on the private link
- console
Port Double - The port of Redpanda Console.
- dns
ARecord String - dnsadnsarecordrecord is the DNS A record the customer will create pointing at the their PE
- kafka
Api DoubleNode Base Port - Kafka API node service base port. The port for node
i(0 .. nodecount-1) is kafkaapinodebase_port +i. - kafka
Api DoubleSeed Port - Kafka API seed service port.
- private
Endpoint List<ClusterConnections Azure Private Link Status Private Endpoint Connection> - List of private endpoint connections to Redpanda Azure Private Link Service.
- redpanda
Proxy DoubleNode Base Port - HTTP Proxy node service base port. The port for node
i(0 .. nodecount-1) is redpandaproxynodebase_port + i. - redpanda
Proxy DoubleSeed Port - HTTP Proxy seed service port.
- schema
Registry DoubleSeed Port - Schema Registry seed service port.
- service
Id String - ID of Redpanda Azure PrivateLink Endpoint Service.
- service
Name String - Name of Redpanda Azure PrivateLink Endpoint Service.
- approved
Subscriptions string[] - These are the approved subscriptions on the private link
- console
Port number - The port of Redpanda Console.
- dns
ARecord string - dnsadnsarecordrecord is the DNS A record the customer will create pointing at the their PE
- kafka
Api numberNode Base Port - Kafka API node service base port. The port for node
i(0 .. nodecount-1) is kafkaapinodebase_port +i. - kafka
Api numberSeed Port - Kafka API seed service port.
- private
Endpoint ClusterConnections Azure Private Link Status Private Endpoint Connection[] - List of private endpoint connections to Redpanda Azure Private Link Service.
- redpanda
Proxy numberNode Base Port - HTTP Proxy node service base port. The port for node
i(0 .. nodecount-1) is redpandaproxynodebase_port + i. - redpanda
Proxy numberSeed Port - HTTP Proxy seed service port.
- schema
Registry numberSeed Port - Schema Registry seed service port.
- service
Id string - ID of Redpanda Azure PrivateLink Endpoint Service.
- service
Name string - Name of Redpanda Azure PrivateLink Endpoint Service.
- approved_
subscriptions Sequence[str] - These are the approved subscriptions on the private link
- console_
port float - The port of Redpanda Console.
- dns_
a_ strrecord - dnsadnsarecordrecord is the DNS A record the customer will create pointing at the their PE
- kafka_
api_ floatnode_ base_ port - Kafka API node service base port. The port for node
i(0 .. nodecount-1) is kafkaapinodebase_port +i. - kafka_
api_ floatseed_ port - Kafka API seed service port.
- private_
endpoint_ Sequence[Clusterconnections Azure Private Link Status Private Endpoint Connection] - List of private endpoint connections to Redpanda Azure Private Link Service.
- redpanda_
proxy_ floatnode_ base_ port - HTTP Proxy node service base port. The port for node
i(0 .. nodecount-1) is redpandaproxynodebase_port + i. - redpanda_
proxy_ floatseed_ port - HTTP Proxy seed service port.
- schema_
registry_ floatseed_ port - Schema Registry seed service port.
- service_
id str - ID of Redpanda Azure PrivateLink Endpoint Service.
- service_
name str - Name of Redpanda Azure PrivateLink Endpoint Service.
- approved
Subscriptions List<String> - These are the approved subscriptions on the private link
- console
Port Number - The port of Redpanda Console.
- dns
ARecord String - dnsadnsarecordrecord is the DNS A record the customer will create pointing at the their PE
- kafka
Api NumberNode Base Port - Kafka API node service base port. The port for node
i(0 .. nodecount-1) is kafkaapinodebase_port +i. - kafka
Api NumberSeed Port - Kafka API seed service port.
- private
Endpoint List<Property Map>Connections - List of private endpoint connections to Redpanda Azure Private Link Service.
- redpanda
Proxy NumberNode Base Port - HTTP Proxy node service base port. The port for node
i(0 .. nodecount-1) is redpandaproxynodebase_port + i. - redpanda
Proxy NumberSeed Port - HTTP Proxy seed service port.
- schema
Registry NumberSeed Port - Schema Registry seed service port.
- service
Id String - ID of Redpanda Azure PrivateLink Endpoint Service.
- service
Name String - Name of Redpanda Azure PrivateLink Endpoint Service.
ClusterAzurePrivateLinkStatusPrivateEndpointConnection, ClusterAzurePrivateLinkStatusPrivateEndpointConnectionArgs
- Connection
Id string - ConnectionID is the id of the connection between the private endpoint and the private link service
- Connection
Name string - ConnectionName is the name of the connection between the private endpoint and the private link service
- Private
Endpoint stringId - Resource ID of Private Endpoint to Redpanda Azure PrivateLink Endpoint Service.
- Private
Endpoint stringName - The name of the PrivateEndpointConnection.
- Status string
- The status of private endpoint connected to Redpanda Azure PrivateLink Endpoint Service.
- Connection
Id string - ConnectionID is the id of the connection between the private endpoint and the private link service
- Connection
Name string - ConnectionName is the name of the connection between the private endpoint and the private link service
- Private
Endpoint stringId - Resource ID of Private Endpoint to Redpanda Azure PrivateLink Endpoint Service.
- Private
Endpoint stringName - The name of the PrivateEndpointConnection.
- Status string
- The status of private endpoint connected to Redpanda Azure PrivateLink Endpoint Service.
- connection_
id string - ConnectionID is the id of the connection between the private endpoint and the private link service
- connection_
name string - ConnectionName is the name of the connection between the private endpoint and the private link service
- private_
endpoint_ stringid - Resource ID of Private Endpoint to Redpanda Azure PrivateLink Endpoint Service.
- private_
endpoint_ stringname - The name of the PrivateEndpointConnection.
- status string
- The status of private endpoint connected to Redpanda Azure PrivateLink Endpoint Service.
- connection
Id String - ConnectionID is the id of the connection between the private endpoint and the private link service
- connection
Name String - ConnectionName is the name of the connection between the private endpoint and the private link service
- private
Endpoint StringId - Resource ID of Private Endpoint to Redpanda Azure PrivateLink Endpoint Service.
- private
Endpoint StringName - The name of the PrivateEndpointConnection.
- status String
- The status of private endpoint connected to Redpanda Azure PrivateLink Endpoint Service.
- connection
Id string - ConnectionID is the id of the connection between the private endpoint and the private link service
- connection
Name string - ConnectionName is the name of the connection between the private endpoint and the private link service
- private
Endpoint stringId - Resource ID of Private Endpoint to Redpanda Azure PrivateLink Endpoint Service.
- private
Endpoint stringName - The name of the PrivateEndpointConnection.
- status string
- The status of private endpoint connected to Redpanda Azure PrivateLink Endpoint Service.
- connection_
id str - ConnectionID is the id of the connection between the private endpoint and the private link service
- connection_
name str - ConnectionName is the name of the connection between the private endpoint and the private link service
- private_
endpoint_ strid - Resource ID of Private Endpoint to Redpanda Azure PrivateLink Endpoint Service.
- private_
endpoint_ strname - The name of the PrivateEndpointConnection.
- status str
- The status of private endpoint connected to Redpanda Azure PrivateLink Endpoint Service.
- connection
Id String - ConnectionID is the id of the connection between the private endpoint and the private link service
- connection
Name String - ConnectionName is the name of the connection between the private endpoint and the private link service
- private
Endpoint StringId - Resource ID of Private Endpoint to Redpanda Azure PrivateLink Endpoint Service.
- private
Endpoint StringName - The name of the PrivateEndpointConnection.
- status String
- The status of private endpoint connected to Redpanda Azure PrivateLink Endpoint Service.
ClusterCloudStorage, ClusterCloudStorageArgs
- Aws
Cluster
Cloud Storage Aws - AWS configuration
- Azure
Cluster
Cloud Storage Azure - Azure configuration
- Gcp
Cluster
Cloud Storage Gcp - GCP configuration
- Skip
Destroy bool - If true, cloud storage is not deleted when the cluster is destroyed
- Aws
Cluster
Cloud Storage Aws - AWS configuration
- Azure
Cluster
Cloud Storage Azure - Azure configuration
- Gcp
Cluster
Cloud Storage Gcp - GCP configuration
- Skip
Destroy bool - If true, cloud storage is not deleted when the cluster is destroyed
- aws
Cluster
Cloud Storage Aws - AWS configuration
- azure
Cluster
Cloud Storage Azure - Azure configuration
- gcp
Cluster
Cloud Storage Gcp - GCP configuration
- skip
Destroy Boolean - If true, cloud storage is not deleted when the cluster is destroyed
- aws
Cluster
Cloud Storage Aws - AWS configuration
- azure
Cluster
Cloud Storage Azure - Azure configuration
- gcp
Cluster
Cloud Storage Gcp - GCP configuration
- skip
Destroy boolean - If true, cloud storage is not deleted when the cluster is destroyed
- aws
Cluster
Cloud Storage Aws - AWS configuration
- azure
Cluster
Cloud Storage Azure - Azure configuration
- gcp
Cluster
Cloud Storage Gcp - GCP configuration
- skip_
destroy bool - If true, cloud storage is not deleted when the cluster is destroyed
- aws Property Map
- AWS configuration
- azure Property Map
- Azure configuration
- gcp Property Map
- GCP configuration
- skip
Destroy Boolean - If true, cloud storage is not deleted when the cluster is destroyed
ClusterCloudStorageAws, ClusterCloudStorageAwsArgs
- Arn string
- ARN for the AWS
- Arn string
- ARN for the AWS
- arn string
- ARN for the AWS
- arn String
- ARN for the AWS
- arn string
- ARN for the AWS
- arn str
- ARN for the AWS
- arn String
- ARN for the AWS
ClusterCloudStorageAzure, ClusterCloudStorageAzureArgs
- Container
Name string - Name of the Azure storage container
- Storage
Account stringName - Name of the Azure storage account
- Container
Name string - Name of the Azure storage container
- Storage
Account stringName - Name of the Azure storage account
- container_
name string - Name of the Azure storage container
- storage_
account_ stringname - Name of the Azure storage account
- container
Name String - Name of the Azure storage container
- storage
Account StringName - Name of the Azure storage account
- container
Name string - Name of the Azure storage container
- storage
Account stringName - Name of the Azure storage account
- container_
name str - Name of the Azure storage container
- storage_
account_ strname - Name of the Azure storage account
- container
Name String - Name of the Azure storage container
- storage
Account StringName - Name of the Azure storage account
ClusterCloudStorageGcp, ClusterCloudStorageGcpArgs
- Name string
- Name of the GCP storage bucket
- Name string
- Name of the GCP storage bucket
- name string
- Name of the GCP storage bucket
- name String
- Name of the GCP storage bucket
- name string
- Name of the GCP storage bucket
- name str
- Name of the GCP storage bucket
- name String
- Name of the GCP storage bucket
ClusterClusterConfiguration, ClusterClusterConfigurationArgs
- Custom
Properties stringJson - Custom cluster configuration properties in JSON format
- Custom
Properties stringJson - Custom cluster configuration properties in JSON format
- custom_
properties_ stringjson - Custom cluster configuration properties in JSON format
- custom
Properties StringJson - Custom cluster configuration properties in JSON format
- custom
Properties stringJson - Custom cluster configuration properties in JSON format
- custom_
properties_ strjson - Custom cluster configuration properties in JSON format
- custom
Properties StringJson - Custom cluster configuration properties in JSON format
ClusterCustomerManagedResources, ClusterCustomerManagedResourcesArgs
- Aws
Cluster
Customer Managed Resources Aws - AWS resources created and managed by user, and required to deploy the Redpanda cluster.
- Gcp
Cluster
Customer Managed Resources Gcp - GCP resources created and managed by user, and required to deploy the Redpanda cluster. See Create a BYOVPC Cluster on GCP.
- Aws
Cluster
Customer Managed Resources Aws - AWS resources created and managed by user, and required to deploy the Redpanda cluster.
- Gcp
Cluster
Customer Managed Resources Gcp - GCP resources created and managed by user, and required to deploy the Redpanda cluster. See Create a BYOVPC Cluster on GCP.
- aws object
- AWS resources created and managed by user, and required to deploy the Redpanda cluster.
- gcp object
- GCP resources created and managed by user, and required to deploy the Redpanda cluster. See Create a BYOVPC Cluster on GCP.
- aws
Cluster
Customer Managed Resources Aws - AWS resources created and managed by user, and required to deploy the Redpanda cluster.
- gcp
Cluster
Customer Managed Resources Gcp - GCP resources created and managed by user, and required to deploy the Redpanda cluster. See Create a BYOVPC Cluster on GCP.
- aws
Cluster
Customer Managed Resources Aws - AWS resources created and managed by user, and required to deploy the Redpanda cluster.
- gcp
Cluster
Customer Managed Resources Gcp - GCP resources created and managed by user, and required to deploy the Redpanda cluster. See Create a BYOVPC Cluster on GCP.
- aws
Cluster
Customer Managed Resources Aws - AWS resources created and managed by user, and required to deploy the Redpanda cluster.
- gcp
Cluster
Customer Managed Resources Gcp - GCP resources created and managed by user, and required to deploy the Redpanda cluster. See Create a BYOVPC Cluster on GCP.
- aws Property Map
- AWS resources created and managed by user, and required to deploy the Redpanda cluster.
- gcp Property Map
- GCP resources created and managed by user, and required to deploy the Redpanda cluster. See Create a BYOVPC Cluster on GCP.
ClusterCustomerManagedResourcesAws, ClusterCustomerManagedResourcesAwsArgs
- Agent
Instance ClusterProfile Customer Managed Resources Aws Agent Instance Profile - AWS instance profile.
- Cloud
Storage ClusterBucket Customer Managed Resources Aws Cloud Storage Bucket - AWS storage bucket properties by ARN.
- Cluster
Security ClusterGroup Customer Managed Resources Aws Cluster Security Group - Security Group identifies AWS security group.
- Connectors
Node ClusterGroup Instance Profile Customer Managed Resources Aws Connectors Node Group Instance Profile - AWS instance profile.
- Connectors
Security ClusterGroup Customer Managed Resources Aws Connectors Security Group - Security Group identifies AWS security group.
- K8s
Cluster ClusterRole Customer Managed Resources Aws K8s Cluster Role - Role identifies AWS role.
- Node
Security ClusterGroup Customer Managed Resources Aws Node Security Group - Security Group identifies AWS security group.
- Permissions
Boundary ClusterPolicy Customer Managed Resources Aws Permissions Boundary Policy - Policy identifies an AWS policy.
- Redpanda
Agent ClusterSecurity Group Customer Managed Resources Aws Redpanda Agent Security Group - Security Group identifies AWS security group.
- Redpanda
Node ClusterGroup Instance Profile Customer Managed Resources Aws Redpanda Node Group Instance Profile - AWS instance profile.
- Redpanda
Node ClusterGroup Security Group Customer Managed Resources Aws Redpanda Node Group Security Group - Security Group identifies AWS security group.
- Utility
Node ClusterGroup Instance Profile Customer Managed Resources Aws Utility Node Group Instance Profile - AWS instance profile.
- Utility
Security ClusterGroup Customer Managed Resources Aws Utility Security Group - Security Group identifies AWS security group.
- Redpanda
Connect ClusterNode Group Instance Profile Customer Managed Resources Aws Redpanda Connect Node Group Instance Profile - AWS instance profile.
- Redpanda
Connect ClusterSecurity Group Customer Managed Resources Aws Redpanda Connect Security Group - Security Group identifies AWS security group.
- Agent
Instance ClusterProfile Customer Managed Resources Aws Agent Instance Profile - AWS instance profile.
- Cloud
Storage ClusterBucket Customer Managed Resources Aws Cloud Storage Bucket - AWS storage bucket properties by ARN.
- Cluster
Security ClusterGroup Customer Managed Resources Aws Cluster Security Group - Security Group identifies AWS security group.
- Connectors
Node ClusterGroup Instance Profile Customer Managed Resources Aws Connectors Node Group Instance Profile - AWS instance profile.
- Connectors
Security ClusterGroup Customer Managed Resources Aws Connectors Security Group - Security Group identifies AWS security group.
- K8s
Cluster ClusterRole Customer Managed Resources Aws K8s Cluster Role - Role identifies AWS role.
- Node
Security ClusterGroup Customer Managed Resources Aws Node Security Group - Security Group identifies AWS security group.
- Permissions
Boundary ClusterPolicy Customer Managed Resources Aws Permissions Boundary Policy - Policy identifies an AWS policy.
- Redpanda
Agent ClusterSecurity Group Customer Managed Resources Aws Redpanda Agent Security Group - Security Group identifies AWS security group.
- Redpanda
Node ClusterGroup Instance Profile Customer Managed Resources Aws Redpanda Node Group Instance Profile - AWS instance profile.
- Redpanda
Node ClusterGroup Security Group Customer Managed Resources Aws Redpanda Node Group Security Group - Security Group identifies AWS security group.
- Utility
Node ClusterGroup Instance Profile Customer Managed Resources Aws Utility Node Group Instance Profile - AWS instance profile.
- Utility
Security ClusterGroup Customer Managed Resources Aws Utility Security Group - Security Group identifies AWS security group.
- Redpanda
Connect ClusterNode Group Instance Profile Customer Managed Resources Aws Redpanda Connect Node Group Instance Profile - AWS instance profile.
- Redpanda
Connect ClusterSecurity Group Customer Managed Resources Aws Redpanda Connect Security Group - Security Group identifies AWS security group.
- agent_
instance_ objectprofile - AWS instance profile.
- cloud_
storage_ objectbucket - AWS storage bucket properties by ARN.
- cluster_
security_ objectgroup - Security Group identifies AWS security group.
- connectors_
node_ objectgroup_ instance_ profile - AWS instance profile.
- connectors_
security_ objectgroup - Security Group identifies AWS security group.
- k8s_
cluster_ objectrole - Role identifies AWS role.
- node_
security_ objectgroup - Security Group identifies AWS security group.
- permissions_
boundary_ objectpolicy - Policy identifies an AWS policy.
- redpanda_
agent_ objectsecurity_ group - Security Group identifies AWS security group.
- redpanda_
node_ objectgroup_ instance_ profile - AWS instance profile.
- redpanda_
node_ objectgroup_ security_ group - Security Group identifies AWS security group.
- utility_
node_ objectgroup_ instance_ profile - AWS instance profile.
- utility_
security_ objectgroup - Security Group identifies AWS security group.
- redpanda_
connect_ objectnode_ group_ instance_ profile - AWS instance profile.
- redpanda_
connect_ objectsecurity_ group - Security Group identifies AWS security group.
- agent
Instance ClusterProfile Customer Managed Resources Aws Agent Instance Profile - AWS instance profile.
- cloud
Storage ClusterBucket Customer Managed Resources Aws Cloud Storage Bucket - AWS storage bucket properties by ARN.
- cluster
Security ClusterGroup Customer Managed Resources Aws Cluster Security Group - Security Group identifies AWS security group.
- connectors
Node ClusterGroup Instance Profile Customer Managed Resources Aws Connectors Node Group Instance Profile - AWS instance profile.
- connectors
Security ClusterGroup Customer Managed Resources Aws Connectors Security Group - Security Group identifies AWS security group.
- k8s
Cluster ClusterRole Customer Managed Resources Aws K8s Cluster Role - Role identifies AWS role.
- node
Security ClusterGroup Customer Managed Resources Aws Node Security Group - Security Group identifies AWS security group.
- permissions
Boundary ClusterPolicy Customer Managed Resources Aws Permissions Boundary Policy - Policy identifies an AWS policy.
- redpanda
Agent ClusterSecurity Group Customer Managed Resources Aws Redpanda Agent Security Group - Security Group identifies AWS security group.
- redpanda
Node ClusterGroup Instance Profile Customer Managed Resources Aws Redpanda Node Group Instance Profile - AWS instance profile.
- redpanda
Node ClusterGroup Security Group Customer Managed Resources Aws Redpanda Node Group Security Group - Security Group identifies AWS security group.
- utility
Node ClusterGroup Instance Profile Customer Managed Resources Aws Utility Node Group Instance Profile - AWS instance profile.
- utility
Security ClusterGroup Customer Managed Resources Aws Utility Security Group - Security Group identifies AWS security group.
- redpanda
Connect ClusterNode Group Instance Profile Customer Managed Resources Aws Redpanda Connect Node Group Instance Profile - AWS instance profile.
- redpanda
Connect ClusterSecurity Group Customer Managed Resources Aws Redpanda Connect Security Group - Security Group identifies AWS security group.
- agent
Instance ClusterProfile Customer Managed Resources Aws Agent Instance Profile - AWS instance profile.
- cloud
Storage ClusterBucket Customer Managed Resources Aws Cloud Storage Bucket - AWS storage bucket properties by ARN.
- cluster
Security ClusterGroup Customer Managed Resources Aws Cluster Security Group - Security Group identifies AWS security group.
- connectors
Node ClusterGroup Instance Profile Customer Managed Resources Aws Connectors Node Group Instance Profile - AWS instance profile.
- connectors
Security ClusterGroup Customer Managed Resources Aws Connectors Security Group - Security Group identifies AWS security group.
- k8s
Cluster ClusterRole Customer Managed Resources Aws K8s Cluster Role - Role identifies AWS role.
- node
Security ClusterGroup Customer Managed Resources Aws Node Security Group - Security Group identifies AWS security group.
- permissions
Boundary ClusterPolicy Customer Managed Resources Aws Permissions Boundary Policy - Policy identifies an AWS policy.
- redpanda
Agent ClusterSecurity Group Customer Managed Resources Aws Redpanda Agent Security Group - Security Group identifies AWS security group.
- redpanda
Node ClusterGroup Instance Profile Customer Managed Resources Aws Redpanda Node Group Instance Profile - AWS instance profile.
- redpanda
Node ClusterGroup Security Group Customer Managed Resources Aws Redpanda Node Group Security Group - Security Group identifies AWS security group.
- utility
Node ClusterGroup Instance Profile Customer Managed Resources Aws Utility Node Group Instance Profile - AWS instance profile.
- utility
Security ClusterGroup Customer Managed Resources Aws Utility Security Group - Security Group identifies AWS security group.
- redpanda
Connect ClusterNode Group Instance Profile Customer Managed Resources Aws Redpanda Connect Node Group Instance Profile - AWS instance profile.
- redpanda
Connect ClusterSecurity Group Customer Managed Resources Aws Redpanda Connect Security Group - Security Group identifies AWS security group.
- agent_
instance_ Clusterprofile Customer Managed Resources Aws Agent Instance Profile - AWS instance profile.
- cloud_
storage_ Clusterbucket Customer Managed Resources Aws Cloud Storage Bucket - AWS storage bucket properties by ARN.
- cluster_
security_ Clustergroup Customer Managed Resources Aws Cluster Security Group - Security Group identifies AWS security group.
- connectors_
node_ Clustergroup_ instance_ profile Customer Managed Resources Aws Connectors Node Group Instance Profile - AWS instance profile.
- connectors_
security_ Clustergroup Customer Managed Resources Aws Connectors Security Group - Security Group identifies AWS security group.
- k8s_
cluster_ Clusterrole Customer Managed Resources Aws K8s Cluster Role - Role identifies AWS role.
- node_
security_ Clustergroup Customer Managed Resources Aws Node Security Group - Security Group identifies AWS security group.
- permissions_
boundary_ Clusterpolicy Customer Managed Resources Aws Permissions Boundary Policy - Policy identifies an AWS policy.
- redpanda_
agent_ Clustersecurity_ group Customer Managed Resources Aws Redpanda Agent Security Group - Security Group identifies AWS security group.
- redpanda_
node_ Clustergroup_ instance_ profile Customer Managed Resources Aws Redpanda Node Group Instance Profile - AWS instance profile.
- redpanda_
node_ Clustergroup_ security_ group Customer Managed Resources Aws Redpanda Node Group Security Group - Security Group identifies AWS security group.
- utility_
node_ Clustergroup_ instance_ profile Customer Managed Resources Aws Utility Node Group Instance Profile - AWS instance profile.
- utility_
security_ Clustergroup Customer Managed Resources Aws Utility Security Group - Security Group identifies AWS security group.
- redpanda_
connect_ Clusternode_ group_ instance_ profile Customer Managed Resources Aws Redpanda Connect Node Group Instance Profile - AWS instance profile.
- redpanda_
connect_ Clustersecurity_ group Customer Managed Resources Aws Redpanda Connect Security Group - Security Group identifies AWS security group.
- agent
Instance Property MapProfile - AWS instance profile.
- cloud
Storage Property MapBucket - AWS storage bucket properties by ARN.
- cluster
Security Property MapGroup - Security Group identifies AWS security group.
- connectors
Node Property MapGroup Instance Profile - AWS instance profile.
- connectors
Security Property MapGroup - Security Group identifies AWS security group.
- k8s
Cluster Property MapRole - Role identifies AWS role.
- node
Security Property MapGroup - Security Group identifies AWS security group.
- permissions
Boundary Property MapPolicy - Policy identifies an AWS policy.
- redpanda
Agent Property MapSecurity Group - Security Group identifies AWS security group.
- redpanda
Node Property MapGroup Instance Profile - AWS instance profile.
- redpanda
Node Property MapGroup Security Group - Security Group identifies AWS security group.
- utility
Node Property MapGroup Instance Profile - AWS instance profile.
- utility
Security Property MapGroup - Security Group identifies AWS security group.
- redpanda
Connect Property MapNode Group Instance Profile - AWS instance profile.
- redpanda
Connect Property MapSecurity Group - Security Group identifies AWS security group.
ClusterCustomerManagedResourcesAwsAgentInstanceProfile, ClusterCustomerManagedResourcesAwsAgentInstanceProfileArgs
- Arn string
- AWS instance profile ARN.
- Arn string
- AWS instance profile ARN.
- arn string
- AWS instance profile ARN.
- arn String
- AWS instance profile ARN.
- arn string
- AWS instance profile ARN.
- arn str
- AWS instance profile ARN.
- arn String
- AWS instance profile ARN.
ClusterCustomerManagedResourcesAwsCloudStorageBucket, ClusterCustomerManagedResourcesAwsCloudStorageBucketArgs
- Arn string
- AWS storage bucket identifier.
- Arn string
- AWS storage bucket identifier.
- arn string
- AWS storage bucket identifier.
- arn String
- AWS storage bucket identifier.
- arn string
- AWS storage bucket identifier.
- arn str
- AWS storage bucket identifier.
- arn String
- AWS storage bucket identifier.
ClusterCustomerManagedResourcesAwsClusterSecurityGroup, ClusterCustomerManagedResourcesAwsClusterSecurityGroupArgs
- Arn string
- AWS security group ARN.
- Arn string
- AWS security group ARN.
- arn string
- AWS security group ARN.
- arn String
- AWS security group ARN.
- arn string
- AWS security group ARN.
- arn str
- AWS security group ARN.
- arn String
- AWS security group ARN.
ClusterCustomerManagedResourcesAwsConnectorsNodeGroupInstanceProfile, ClusterCustomerManagedResourcesAwsConnectorsNodeGroupInstanceProfileArgs
- Arn string
- AWS instance profile ARN.
- Arn string
- AWS instance profile ARN.
- arn string
- AWS instance profile ARN.
- arn String
- AWS instance profile ARN.
- arn string
- AWS instance profile ARN.
- arn str
- AWS instance profile ARN.
- arn String
- AWS instance profile ARN.
ClusterCustomerManagedResourcesAwsConnectorsSecurityGroup, ClusterCustomerManagedResourcesAwsConnectorsSecurityGroupArgs
- Arn string
- AWS security group ARN.
- Arn string
- AWS security group ARN.
- arn string
- AWS security group ARN.
- arn String
- AWS security group ARN.
- arn string
- AWS security group ARN.
- arn str
- AWS security group ARN.
- arn String
- AWS security group ARN.
ClusterCustomerManagedResourcesAwsK8sClusterRole, ClusterCustomerManagedResourcesAwsK8sClusterRoleArgs
- Arn string
- AWS role ARN.
- Arn string
- AWS role ARN.
- arn string
- AWS role ARN.
- arn String
- AWS role ARN.
- arn string
- AWS role ARN.
- arn str
- AWS role ARN.
- arn String
- AWS role ARN.
ClusterCustomerManagedResourcesAwsNodeSecurityGroup, ClusterCustomerManagedResourcesAwsNodeSecurityGroupArgs
- Arn string
- AWS security group ARN.
- Arn string
- AWS security group ARN.
- arn string
- AWS security group ARN.
- arn String
- AWS security group ARN.
- arn string
- AWS security group ARN.
- arn str
- AWS security group ARN.
- arn String
- AWS security group ARN.
ClusterCustomerManagedResourcesAwsPermissionsBoundaryPolicy, ClusterCustomerManagedResourcesAwsPermissionsBoundaryPolicyArgs
- Arn string
- AWS policy ARN.
- Arn string
- AWS policy ARN.
- arn string
- AWS policy ARN.
- arn String
- AWS policy ARN.
- arn string
- AWS policy ARN.
- arn str
- AWS policy ARN.
- arn String
- AWS policy ARN.
ClusterCustomerManagedResourcesAwsRedpandaAgentSecurityGroup, ClusterCustomerManagedResourcesAwsRedpandaAgentSecurityGroupArgs
- Arn string
- AWS security group ARN.
- Arn string
- AWS security group ARN.
- arn string
- AWS security group ARN.
- arn String
- AWS security group ARN.
- arn string
- AWS security group ARN.
- arn str
- AWS security group ARN.
- arn String
- AWS security group ARN.
ClusterCustomerManagedResourcesAwsRedpandaConnectNodeGroupInstanceProfile, ClusterCustomerManagedResourcesAwsRedpandaConnectNodeGroupInstanceProfileArgs
- Arn string
- AWS instance profile ARN.
- Arn string
- AWS instance profile ARN.
- arn string
- AWS instance profile ARN.
- arn String
- AWS instance profile ARN.
- arn string
- AWS instance profile ARN.
- arn str
- AWS instance profile ARN.
- arn String
- AWS instance profile ARN.
ClusterCustomerManagedResourcesAwsRedpandaConnectSecurityGroup, ClusterCustomerManagedResourcesAwsRedpandaConnectSecurityGroupArgs
- Arn string
- AWS security group ARN.
- Arn string
- AWS security group ARN.
- arn string
- AWS security group ARN.
- arn String
- AWS security group ARN.
- arn string
- AWS security group ARN.
- arn str
- AWS security group ARN.
- arn String
- AWS security group ARN.
ClusterCustomerManagedResourcesAwsRedpandaNodeGroupInstanceProfile, ClusterCustomerManagedResourcesAwsRedpandaNodeGroupInstanceProfileArgs
- Arn string
- AWS instance profile ARN.
- Arn string
- AWS instance profile ARN.
- arn string
- AWS instance profile ARN.
- arn String
- AWS instance profile ARN.
- arn string
- AWS instance profile ARN.
- arn str
- AWS instance profile ARN.
- arn String
- AWS instance profile ARN.
ClusterCustomerManagedResourcesAwsRedpandaNodeGroupSecurityGroup, ClusterCustomerManagedResourcesAwsRedpandaNodeGroupSecurityGroupArgs
- Arn string
- AWS security group ARN.
- Arn string
- AWS security group ARN.
- arn string
- AWS security group ARN.
- arn String
- AWS security group ARN.
- arn string
- AWS security group ARN.
- arn str
- AWS security group ARN.
- arn String
- AWS security group ARN.
ClusterCustomerManagedResourcesAwsUtilityNodeGroupInstanceProfile, ClusterCustomerManagedResourcesAwsUtilityNodeGroupInstanceProfileArgs
- Arn string
- AWS instance profile ARN.
- Arn string
- AWS instance profile ARN.
- arn string
- AWS instance profile ARN.
- arn String
- AWS instance profile ARN.
- arn string
- AWS instance profile ARN.
- arn str
- AWS instance profile ARN.
- arn String
- AWS instance profile ARN.
ClusterCustomerManagedResourcesAwsUtilitySecurityGroup, ClusterCustomerManagedResourcesAwsUtilitySecurityGroupArgs
- Arn string
- AWS security group ARN.
- Arn string
- AWS security group ARN.
- arn string
- AWS security group ARN.
- arn String
- AWS security group ARN.
- arn string
- AWS security group ARN.
- arn str
- AWS security group ARN.
- arn String
- AWS security group ARN.
ClusterCustomerManagedResourcesGcp, ClusterCustomerManagedResourcesGcpArgs
- Agent
Service ClusterAccount Customer Managed Resources Gcp Agent Service Account - GCP service account.
- Connector
Service ClusterAccount Customer Managed Resources Gcp Connector Service Account - GCP service account.
- Console
Service ClusterAccount Customer Managed Resources Gcp Console Service Account - GCP service account.
- Gke
Service ClusterAccount Customer Managed Resources Gcp Gke Service Account - GCP service account.
- Redpanda
Cluster ClusterService Account Customer Managed Resources Gcp Redpanda Cluster Service Account - GCP service account.
- Subnet
Cluster
Customer Managed Resources Gcp Subnet - GCP subnet properties. See the official GCP API reference.
- Tiered
Storage ClusterBucket Customer Managed Resources Gcp Tiered Storage Bucket - GCP storage bucket properties.
- Psc
Nat stringSubnet Name - NAT subnet name if GCP Private Service Connect (a.k.a Private Link) is enabled. If it is used for PSC v1, use pscv2natsubnetname to set NAT subnet name for PSC v2.
- Agent
Service ClusterAccount Customer Managed Resources Gcp Agent Service Account - GCP service account.
- Connector
Service ClusterAccount Customer Managed Resources Gcp Connector Service Account - GCP service account.
- Console
Service ClusterAccount Customer Managed Resources Gcp Console Service Account - GCP service account.
- Gke
Service ClusterAccount Customer Managed Resources Gcp Gke Service Account - GCP service account.
- Redpanda
Cluster ClusterService Account Customer Managed Resources Gcp Redpanda Cluster Service Account - GCP service account.
- Subnet
Cluster
Customer Managed Resources Gcp Subnet - GCP subnet properties. See the official GCP API reference.
- Tiered
Storage ClusterBucket Customer Managed Resources Gcp Tiered Storage Bucket - GCP storage bucket properties.
- Psc
Nat stringSubnet Name - NAT subnet name if GCP Private Service Connect (a.k.a Private Link) is enabled. If it is used for PSC v1, use pscv2natsubnetname to set NAT subnet name for PSC v2.
- agent_
service_ objectaccount - GCP service account.
- connector_
service_ objectaccount - GCP service account.
- console_
service_ objectaccount - GCP service account.
- gke_
service_ objectaccount - GCP service account.
- redpanda_
cluster_ objectservice_ account - GCP service account.
- subnet object
- GCP subnet properties. See the official GCP API reference.
- tiered_
storage_ objectbucket - GCP storage bucket properties.
- psc_
nat_ stringsubnet_ name - NAT subnet name if GCP Private Service Connect (a.k.a Private Link) is enabled. If it is used for PSC v1, use pscv2natsubnetname to set NAT subnet name for PSC v2.
- agent
Service ClusterAccount Customer Managed Resources Gcp Agent Service Account - GCP service account.
- connector
Service ClusterAccount Customer Managed Resources Gcp Connector Service Account - GCP service account.
- console
Service ClusterAccount Customer Managed Resources Gcp Console Service Account - GCP service account.
- gke
Service ClusterAccount Customer Managed Resources Gcp Gke Service Account - GCP service account.
- redpanda
Cluster ClusterService Account Customer Managed Resources Gcp Redpanda Cluster Service Account - GCP service account.
- subnet
Cluster
Customer Managed Resources Gcp Subnet - GCP subnet properties. See the official GCP API reference.
- tiered
Storage ClusterBucket Customer Managed Resources Gcp Tiered Storage Bucket - GCP storage bucket properties.
- psc
Nat StringSubnet Name - NAT subnet name if GCP Private Service Connect (a.k.a Private Link) is enabled. If it is used for PSC v1, use pscv2natsubnetname to set NAT subnet name for PSC v2.
- agent
Service ClusterAccount Customer Managed Resources Gcp Agent Service Account - GCP service account.
- connector
Service ClusterAccount Customer Managed Resources Gcp Connector Service Account - GCP service account.
- console
Service ClusterAccount Customer Managed Resources Gcp Console Service Account - GCP service account.
- gke
Service ClusterAccount Customer Managed Resources Gcp Gke Service Account - GCP service account.
- redpanda
Cluster ClusterService Account Customer Managed Resources Gcp Redpanda Cluster Service Account - GCP service account.
- subnet
Cluster
Customer Managed Resources Gcp Subnet - GCP subnet properties. See the official GCP API reference.
- tiered
Storage ClusterBucket Customer Managed Resources Gcp Tiered Storage Bucket - GCP storage bucket properties.
- psc
Nat stringSubnet Name - NAT subnet name if GCP Private Service Connect (a.k.a Private Link) is enabled. If it is used for PSC v1, use pscv2natsubnetname to set NAT subnet name for PSC v2.
- agent_
service_ Clusteraccount Customer Managed Resources Gcp Agent Service Account - GCP service account.
- connector_
service_ Clusteraccount Customer Managed Resources Gcp Connector Service Account - GCP service account.
- console_
service_ Clusteraccount Customer Managed Resources Gcp Console Service Account - GCP service account.
- gke_
service_ Clusteraccount Customer Managed Resources Gcp Gke Service Account - GCP service account.
- redpanda_
cluster_ Clusterservice_ account Customer Managed Resources Gcp Redpanda Cluster Service Account - GCP service account.
- subnet
Cluster
Customer Managed Resources Gcp Subnet - GCP subnet properties. See the official GCP API reference.
- tiered_
storage_ Clusterbucket Customer Managed Resources Gcp Tiered Storage Bucket - GCP storage bucket properties.
- psc_
nat_ strsubnet_ name - NAT subnet name if GCP Private Service Connect (a.k.a Private Link) is enabled. If it is used for PSC v1, use pscv2natsubnetname to set NAT subnet name for PSC v2.
- agent
Service Property MapAccount - GCP service account.
- connector
Service Property MapAccount - GCP service account.
- console
Service Property MapAccount - GCP service account.
- gke
Service Property MapAccount - GCP service account.
- redpanda
Cluster Property MapService Account - GCP service account.
- subnet Property Map
- GCP subnet properties. See the official GCP API reference.
- tiered
Storage Property MapBucket - GCP storage bucket properties.
- psc
Nat StringSubnet Name - NAT subnet name if GCP Private Service Connect (a.k.a Private Link) is enabled. If it is used for PSC v1, use pscv2natsubnetname to set NAT subnet name for PSC v2.
ClusterCustomerManagedResourcesGcpAgentServiceAccount, ClusterCustomerManagedResourcesGcpAgentServiceAccountArgs
- Email string
- GCP service account email. Must be a valid email address.
- Email string
- GCP service account email. Must be a valid email address.
- email string
- GCP service account email. Must be a valid email address.
- email String
- GCP service account email. Must be a valid email address.
- email string
- GCP service account email. Must be a valid email address.
- email str
- GCP service account email. Must be a valid email address.
- email String
- GCP service account email. Must be a valid email address.
ClusterCustomerManagedResourcesGcpConnectorServiceAccount, ClusterCustomerManagedResourcesGcpConnectorServiceAccountArgs
- Email string
- GCP service account email. Must be a valid email address.
- Email string
- GCP service account email. Must be a valid email address.
- email string
- GCP service account email. Must be a valid email address.
- email String
- GCP service account email. Must be a valid email address.
- email string
- GCP service account email. Must be a valid email address.
- email str
- GCP service account email. Must be a valid email address.
- email String
- GCP service account email. Must be a valid email address.
ClusterCustomerManagedResourcesGcpConsoleServiceAccount, ClusterCustomerManagedResourcesGcpConsoleServiceAccountArgs
- Email string
- GCP service account email. Must be a valid email address.
- Email string
- GCP service account email. Must be a valid email address.
- email string
- GCP service account email. Must be a valid email address.
- email String
- GCP service account email. Must be a valid email address.
- email string
- GCP service account email. Must be a valid email address.
- email str
- GCP service account email. Must be a valid email address.
- email String
- GCP service account email. Must be a valid email address.
ClusterCustomerManagedResourcesGcpGkeServiceAccount, ClusterCustomerManagedResourcesGcpGkeServiceAccountArgs
- Email string
- GCP service account email. Must be a valid email address.
- Email string
- GCP service account email. Must be a valid email address.
- email string
- GCP service account email. Must be a valid email address.
- email String
- GCP service account email. Must be a valid email address.
- email string
- GCP service account email. Must be a valid email address.
- email str
- GCP service account email. Must be a valid email address.
- email String
- GCP service account email. Must be a valid email address.
ClusterCustomerManagedResourcesGcpRedpandaClusterServiceAccount, ClusterCustomerManagedResourcesGcpRedpandaClusterServiceAccountArgs
- Email string
- GCP service account email. Must be a valid email address.
- Email string
- GCP service account email. Must be a valid email address.
- email string
- GCP service account email. Must be a valid email address.
- email String
- GCP service account email. Must be a valid email address.
- email string
- GCP service account email. Must be a valid email address.
- email str
- GCP service account email. Must be a valid email address.
- email String
- GCP service account email. Must be a valid email address.
ClusterCustomerManagedResourcesGcpSubnet, ClusterCustomerManagedResourcesGcpSubnetArgs
- K8s
Master stringIpv4Range - Kubernetes Master IPv4 range, e.g. 10.0.0.0/24.
- Name string
- Subnet name. Length must be at most 62. Must match pattern
^a-z?$. - Secondary
Ipv4Range ClusterPods Customer Managed Resources Gcp Subnet Secondary Ipv4Range Pods - Secondary IPv4 range.
- Secondary
Ipv4Range ClusterServices Customer Managed Resources Gcp Subnet Secondary Ipv4Range Services - Secondary IPv4 range.
- K8s
Master stringIpv4Range - Kubernetes Master IPv4 range, e.g. 10.0.0.0/24.
- Name string
- Subnet name. Length must be at most 62. Must match pattern
^a-z?$. - Secondary
Ipv4Range ClusterPods Customer Managed Resources Gcp Subnet Secondary Ipv4Range Pods - Secondary IPv4 range.
- Secondary
Ipv4Range ClusterServices Customer Managed Resources Gcp Subnet Secondary Ipv4Range Services - Secondary IPv4 range.
- k8s_
master_ stringipv4_ range - Kubernetes Master IPv4 range, e.g. 10.0.0.0/24.
- name string
- Subnet name. Length must be at most 62. Must match pattern
^a-z?$. - secondary_
ipv4_ objectrange_ pods - Secondary IPv4 range.
- secondary_
ipv4_ objectrange_ services - Secondary IPv4 range.
- k8s
Master StringIpv4Range - Kubernetes Master IPv4 range, e.g. 10.0.0.0/24.
- name String
- Subnet name. Length must be at most 62. Must match pattern
^a-z?$. - secondary
Ipv4Range ClusterPods Customer Managed Resources Gcp Subnet Secondary Ipv4Range Pods - Secondary IPv4 range.
- secondary
Ipv4Range ClusterServices Customer Managed Resources Gcp Subnet Secondary Ipv4Range Services - Secondary IPv4 range.
- k8s
Master stringIpv4Range - Kubernetes Master IPv4 range, e.g. 10.0.0.0/24.
- name string
- Subnet name. Length must be at most 62. Must match pattern
^a-z?$. - secondary
Ipv4Range ClusterPods Customer Managed Resources Gcp Subnet Secondary Ipv4Range Pods - Secondary IPv4 range.
- secondary
Ipv4Range ClusterServices Customer Managed Resources Gcp Subnet Secondary Ipv4Range Services - Secondary IPv4 range.
- k8s_
master_ stripv4_ range - Kubernetes Master IPv4 range, e.g. 10.0.0.0/24.
- name str
- Subnet name. Length must be at most 62. Must match pattern
^a-z?$. - secondary_
ipv4_ Clusterrange_ pods Customer Managed Resources Gcp Subnet Secondary Ipv4Range Pods - Secondary IPv4 range.
- secondary_
ipv4_ Clusterrange_ services Customer Managed Resources Gcp Subnet Secondary Ipv4Range Services - Secondary IPv4 range.
- k8s
Master StringIpv4Range - Kubernetes Master IPv4 range, e.g. 10.0.0.0/24.
- name String
- Subnet name. Length must be at most 62. Must match pattern
^a-z?$. - secondary
Ipv4Range Property MapPods - Secondary IPv4 range.
- secondary
Ipv4Range Property MapServices - Secondary IPv4 range.
ClusterCustomerManagedResourcesGcpSubnetSecondaryIpv4RangePods, ClusterCustomerManagedResourcesGcpSubnetSecondaryIpv4RangePodsArgs
- Name string
- Name of the secondary IPv4 Range Pods. Length must be at most 62. Must match pattern
^a-z?$.
- Name string
- Name of the secondary IPv4 Range Pods. Length must be at most 62. Must match pattern
^a-z?$.
- name string
- Name of the secondary IPv4 Range Pods. Length must be at most 62. Must match pattern
^a-z?$.
- name String
- Name of the secondary IPv4 Range Pods. Length must be at most 62. Must match pattern
^a-z?$.
- name string
- Name of the secondary IPv4 Range Pods. Length must be at most 62. Must match pattern
^a-z?$.
- name str
- Name of the secondary IPv4 Range Pods. Length must be at most 62. Must match pattern
^a-z?$.
- name String
- Name of the secondary IPv4 Range Pods. Length must be at most 62. Must match pattern
^a-z?$.
ClusterCustomerManagedResourcesGcpSubnetSecondaryIpv4RangeServices, ClusterCustomerManagedResourcesGcpSubnetSecondaryIpv4RangeServicesArgs
- Name string
- Name of the secondary IPv4 Range Services. Length must be at most 62. Must match pattern
^a-z?$.
- Name string
- Name of the secondary IPv4 Range Services. Length must be at most 62. Must match pattern
^a-z?$.
- name string
- Name of the secondary IPv4 Range Services. Length must be at most 62. Must match pattern
^a-z?$.
- name String
- Name of the secondary IPv4 Range Services. Length must be at most 62. Must match pattern
^a-z?$.
- name string
- Name of the secondary IPv4 Range Services. Length must be at most 62. Must match pattern
^a-z?$.
- name str
- Name of the secondary IPv4 Range Services. Length must be at most 62. Must match pattern
^a-z?$.
- name String
- Name of the secondary IPv4 Range Services. Length must be at most 62. Must match pattern
^a-z?$.
ClusterCustomerManagedResourcesGcpTieredStorageBucket, ClusterCustomerManagedResourcesGcpTieredStorageBucketArgs
- Name string
- Name of GCP storage bucket. See the official GCP documentation for naming restrictions. Length must be between 3 and 63. Must match pattern
^a-z?$.
- Name string
- Name of GCP storage bucket. See the official GCP documentation for naming restrictions. Length must be between 3 and 63. Must match pattern
^a-z?$.
- name string
- Name of GCP storage bucket. See the official GCP documentation for naming restrictions. Length must be between 3 and 63. Must match pattern
^a-z?$.
- name String
- Name of GCP storage bucket. See the official GCP documentation for naming restrictions. Length must be between 3 and 63. Must match pattern
^a-z?$.
- name string
- Name of GCP storage bucket. See the official GCP documentation for naming restrictions. Length must be between 3 and 63. Must match pattern
^a-z?$.
- name str
- Name of GCP storage bucket. See the official GCP documentation for naming restrictions. Length must be between 3 and 63. Must match pattern
^a-z?$.
- name String
- Name of GCP storage bucket. See the official GCP documentation for naming restrictions. Length must be between 3 and 63. Must match pattern
^a-z?$.
ClusterGcpPrivateServiceConnect, ClusterGcpPrivateServiceConnectArgs
- Consumer
Accept List<ClusterLists Gcp Private Service Connect Consumer Accept List> - List of consumers that are allowed to connect to Redpanda GCP PSC (Private Service Connect) service attachment.
- Enabled bool
- Whether Redpanda GCP Private Service Connect is enabled.
- Global
Access boolEnabled - Whether global access is enabled.
- Status
Cluster
Gcp Private Service Connect Status - Status configuration
- Consumer
Accept []ClusterLists Gcp Private Service Connect Consumer Accept List - List of consumers that are allowed to connect to Redpanda GCP PSC (Private Service Connect) service attachment.
- Enabled bool
- Whether Redpanda GCP Private Service Connect is enabled.
- Global
Access boolEnabled - Whether global access is enabled.
- Status
Cluster
Gcp Private Service Connect Status - Status configuration
- consumer_
accept_ list(object)lists - List of consumers that are allowed to connect to Redpanda GCP PSC (Private Service Connect) service attachment.
- enabled bool
- Whether Redpanda GCP Private Service Connect is enabled.
- global_
access_ boolenabled - Whether global access is enabled.
- status object
- Status configuration
- consumer
Accept List<ClusterLists Gcp Private Service Connect Consumer Accept List> - List of consumers that are allowed to connect to Redpanda GCP PSC (Private Service Connect) service attachment.
- enabled Boolean
- Whether Redpanda GCP Private Service Connect is enabled.
- global
Access BooleanEnabled - Whether global access is enabled.
- status
Cluster
Gcp Private Service Connect Status - Status configuration
- consumer
Accept ClusterLists Gcp Private Service Connect Consumer Accept List[] - List of consumers that are allowed to connect to Redpanda GCP PSC (Private Service Connect) service attachment.
- enabled boolean
- Whether Redpanda GCP Private Service Connect is enabled.
- global
Access booleanEnabled - Whether global access is enabled.
- status
Cluster
Gcp Private Service Connect Status - Status configuration
- consumer_
accept_ Sequence[Clusterlists Gcp Private Service Connect Consumer Accept List] - List of consumers that are allowed to connect to Redpanda GCP PSC (Private Service Connect) service attachment.
- enabled bool
- Whether Redpanda GCP Private Service Connect is enabled.
- global_
access_ boolenabled - Whether global access is enabled.
- status
Cluster
Gcp Private Service Connect Status - Status configuration
- consumer
Accept List<Property Map>Lists - List of consumers that are allowed to connect to Redpanda GCP PSC (Private Service Connect) service attachment.
- enabled Boolean
- Whether Redpanda GCP Private Service Connect is enabled.
- global
Access BooleanEnabled - Whether global access is enabled.
- status Property Map
- Status configuration
ClusterGcpPrivateServiceConnectConsumerAcceptList, ClusterGcpPrivateServiceConnectConsumerAcceptListArgs
- Source string
- GCP project ID from which connections are accepted
- Source string
- GCP project ID from which connections are accepted
- source string
- GCP project ID from which connections are accepted
- source String
- GCP project ID from which connections are accepted
- source string
- GCP project ID from which connections are accepted
- source str
- GCP project ID from which connections are accepted
- source String
- GCP project ID from which connections are accepted
ClusterGcpPrivateServiceConnectStatus, ClusterGcpPrivateServiceConnectStatusArgs
- Connected
Endpoints List<ClusterGcp Private Service Connect Status Connected Endpoint> - List of VPC endpoints with established connections to GCP Private Service Connect.
- Dns
ARecords List<string> - Customer-created DNS A records that point at the PSC endpoint on the consumer side.
- Kafka
Api doubleNode Base Port - Kafka API node service base port. The port for node
i(0 .. nodecount-1) is kafkaapinodebase_port +i. - Kafka
Api doubleSeed Port - Kafka API seed service port.
- Redpanda
Proxy doubleNode Base Port - HTTP Proxy node service base port. The port for node
i(0 .. nodecount-1) is redpandaproxynodebase_port +i. - Redpanda
Proxy doubleSeed Port - HTTP Proxy seed service port.
- Schema
Registry doubleSeed Port - Schema Registry seed service port.
- Seed
Hostname string - Hostname for clients to initiate connections to the APIs exposed through Private Service Connect.
- Service
Attachment string - Service attachment used by consumers to create endpoint connections to Redpanda GCP Private Service Connect service.
- Connected
Endpoints []ClusterGcp Private Service Connect Status Connected Endpoint - List of VPC endpoints with established connections to GCP Private Service Connect.
- Dns
ARecords []string - Customer-created DNS A records that point at the PSC endpoint on the consumer side.
- Kafka
Api float64Node Base Port - Kafka API node service base port. The port for node
i(0 .. nodecount-1) is kafkaapinodebase_port +i. - Kafka
Api float64Seed Port - Kafka API seed service port.
- Redpanda
Proxy float64Node Base Port - HTTP Proxy node service base port. The port for node
i(0 .. nodecount-1) is redpandaproxynodebase_port +i. - Redpanda
Proxy float64Seed Port - HTTP Proxy seed service port.
- Schema
Registry float64Seed Port - Schema Registry seed service port.
- Seed
Hostname string - Hostname for clients to initiate connections to the APIs exposed through Private Service Connect.
- Service
Attachment string - Service attachment used by consumers to create endpoint connections to Redpanda GCP Private Service Connect service.
- connected_
endpoints list(object) - List of VPC endpoints with established connections to GCP Private Service Connect.
- dns_
a_ list(string)records - Customer-created DNS A records that point at the PSC endpoint on the consumer side.
- kafka_
api_ numbernode_ base_ port - Kafka API node service base port. The port for node
i(0 .. nodecount-1) is kafkaapinodebase_port +i. - kafka_
api_ numberseed_ port - Kafka API seed service port.
- redpanda_
proxy_ numbernode_ base_ port - HTTP Proxy node service base port. The port for node
i(0 .. nodecount-1) is redpandaproxynodebase_port +i. - redpanda_
proxy_ numberseed_ port - HTTP Proxy seed service port.
- schema_
registry_ numberseed_ port - Schema Registry seed service port.
- seed_
hostname string - Hostname for clients to initiate connections to the APIs exposed through Private Service Connect.
- service_
attachment string - Service attachment used by consumers to create endpoint connections to Redpanda GCP Private Service Connect service.
- connected
Endpoints List<ClusterGcp Private Service Connect Status Connected Endpoint> - List of VPC endpoints with established connections to GCP Private Service Connect.
- dns
ARecords List<String> - Customer-created DNS A records that point at the PSC endpoint on the consumer side.
- kafka
Api DoubleNode Base Port - Kafka API node service base port. The port for node
i(0 .. nodecount-1) is kafkaapinodebase_port +i. - kafka
Api DoubleSeed Port - Kafka API seed service port.
- redpanda
Proxy DoubleNode Base Port - HTTP Proxy node service base port. The port for node
i(0 .. nodecount-1) is redpandaproxynodebase_port +i. - redpanda
Proxy DoubleSeed Port - HTTP Proxy seed service port.
- schema
Registry DoubleSeed Port - Schema Registry seed service port.
- seed
Hostname String - Hostname for clients to initiate connections to the APIs exposed through Private Service Connect.
- service
Attachment String - Service attachment used by consumers to create endpoint connections to Redpanda GCP Private Service Connect service.
- connected
Endpoints ClusterGcp Private Service Connect Status Connected Endpoint[] - List of VPC endpoints with established connections to GCP Private Service Connect.
- dns
ARecords string[] - Customer-created DNS A records that point at the PSC endpoint on the consumer side.
- kafka
Api numberNode Base Port - Kafka API node service base port. The port for node
i(0 .. nodecount-1) is kafkaapinodebase_port +i. - kafka
Api numberSeed Port - Kafka API seed service port.
- redpanda
Proxy numberNode Base Port - HTTP Proxy node service base port. The port for node
i(0 .. nodecount-1) is redpandaproxynodebase_port +i. - redpanda
Proxy numberSeed Port - HTTP Proxy seed service port.
- schema
Registry numberSeed Port - Schema Registry seed service port.
- seed
Hostname string - Hostname for clients to initiate connections to the APIs exposed through Private Service Connect.
- service
Attachment string - Service attachment used by consumers to create endpoint connections to Redpanda GCP Private Service Connect service.
- connected_
endpoints Sequence[ClusterGcp Private Service Connect Status Connected Endpoint] - List of VPC endpoints with established connections to GCP Private Service Connect.
- dns_
a_ Sequence[str]records - Customer-created DNS A records that point at the PSC endpoint on the consumer side.
- kafka_
api_ floatnode_ base_ port - Kafka API node service base port. The port for node
i(0 .. nodecount-1) is kafkaapinodebase_port +i. - kafka_
api_ floatseed_ port - Kafka API seed service port.
- redpanda_
proxy_ floatnode_ base_ port - HTTP Proxy node service base port. The port for node
i(0 .. nodecount-1) is redpandaproxynodebase_port +i. - redpanda_
proxy_ floatseed_ port - HTTP Proxy seed service port.
- schema_
registry_ floatseed_ port - Schema Registry seed service port.
- seed_
hostname str - Hostname for clients to initiate connections to the APIs exposed through Private Service Connect.
- service_
attachment str - Service attachment used by consumers to create endpoint connections to Redpanda GCP Private Service Connect service.
- connected
Endpoints List<Property Map> - List of VPC endpoints with established connections to GCP Private Service Connect.
- dns
ARecords List<String> - Customer-created DNS A records that point at the PSC endpoint on the consumer side.
- kafka
Api NumberNode Base Port - Kafka API node service base port. The port for node
i(0 .. nodecount-1) is kafkaapinodebase_port +i. - kafka
Api NumberSeed Port - Kafka API seed service port.
- redpanda
Proxy NumberNode Base Port - HTTP Proxy node service base port. The port for node
i(0 .. nodecount-1) is redpandaproxynodebase_port +i. - redpanda
Proxy NumberSeed Port - HTTP Proxy seed service port.
- schema
Registry NumberSeed Port - Schema Registry seed service port.
- seed
Hostname String - Hostname for clients to initiate connections to the APIs exposed through Private Service Connect.
- service
Attachment String - Service attachment used by consumers to create endpoint connections to Redpanda GCP Private Service Connect service.
ClusterGcpPrivateServiceConnectStatusConnectedEndpoint, ClusterGcpPrivateServiceConnectStatusConnectedEndpointArgs
- Connection
Id string - Connection ID of the endpoint.
- Consumer
Network string - Network of the consumer connecting to Redpanda GCP Private Service Connect service. See the official GCP documentation for Private Service Connect.
- Endpoint string
- Connection endpoint. See the official GCP API reference for Private Service Connect.
- Status string
- Connection
Id string - Connection ID of the endpoint.
- Consumer
Network string - Network of the consumer connecting to Redpanda GCP Private Service Connect service. See the official GCP documentation for Private Service Connect.
- Endpoint string
- Connection endpoint. See the official GCP API reference for Private Service Connect.
- Status string
- connection_
id string - Connection ID of the endpoint.
- consumer_
network string - Network of the consumer connecting to Redpanda GCP Private Service Connect service. See the official GCP documentation for Private Service Connect.
- endpoint string
- Connection endpoint. See the official GCP API reference for Private Service Connect.
- status string
- connection
Id String - Connection ID of the endpoint.
- consumer
Network String - Network of the consumer connecting to Redpanda GCP Private Service Connect service. See the official GCP documentation for Private Service Connect.
- endpoint String
- Connection endpoint. See the official GCP API reference for Private Service Connect.
- status String
- connection
Id string - Connection ID of the endpoint.
- consumer
Network string - Network of the consumer connecting to Redpanda GCP Private Service Connect service. See the official GCP documentation for Private Service Connect.
- endpoint string
- Connection endpoint. See the official GCP API reference for Private Service Connect.
- status string
- connection_
id str - Connection ID of the endpoint.
- consumer_
network str - Network of the consumer connecting to Redpanda GCP Private Service Connect service. See the official GCP documentation for Private Service Connect.
- endpoint str
- Connection endpoint. See the official GCP API reference for Private Service Connect.
- status str
- connection
Id String - Connection ID of the endpoint.
- consumer
Network String - Network of the consumer connecting to Redpanda GCP Private Service Connect service. See the official GCP documentation for Private Service Connect.
- endpoint String
- Connection endpoint. See the official GCP API reference for Private Service Connect.
- status String
ClusterHttpProxy, ClusterHttpProxyArgs
- All
Urls ClusterHttp Proxy All Urls - The endpoints of Redpanda HTTP Proxy or Schema Registry.
- Mtls
Cluster
Http Proxy Mtls - mTLS configuration.
- Sasl
Cluster
Http Proxy Sasl - SASL configuration
- Url string
- HTTP Proxy URL of cluster.
- All
Urls ClusterHttp Proxy All Urls - The endpoints of Redpanda HTTP Proxy or Schema Registry.
- Mtls
Cluster
Http Proxy Mtls - mTLS configuration.
- Sasl
Cluster
Http Proxy Sasl - SASL configuration
- Url string
- HTTP Proxy URL of cluster.
- all
Urls ClusterHttp Proxy All Urls - The endpoints of Redpanda HTTP Proxy or Schema Registry.
- mtls
Cluster
Http Proxy Mtls - mTLS configuration.
- sasl
Cluster
Http Proxy Sasl - SASL configuration
- url String
- HTTP Proxy URL of cluster.
- all
Urls ClusterHttp Proxy All Urls - The endpoints of Redpanda HTTP Proxy or Schema Registry.
- mtls
Cluster
Http Proxy Mtls - mTLS configuration.
- sasl
Cluster
Http Proxy Sasl - SASL configuration
- url string
- HTTP Proxy URL of cluster.
- all_
urls ClusterHttp Proxy All Urls - The endpoints of Redpanda HTTP Proxy or Schema Registry.
- mtls
Cluster
Http Proxy Mtls - mTLS configuration.
- sasl
Cluster
Http Proxy Sasl - SASL configuration
- url str
- HTTP Proxy URL of cluster.
- all
Urls Property Map - The endpoints of Redpanda HTTP Proxy or Schema Registry.
- mtls Property Map
- mTLS configuration.
- sasl Property Map
- SASL configuration
- url String
- HTTP Proxy URL of cluster.
ClusterHttpProxyAllUrls, ClusterHttpProxyAllUrlsArgs
- Mtls string
- URL of the seed broker for mTLS. If mTLS is not enabled, the field is empty.
- Private
Link stringMtls - URL of the seed broker for private link with mTLS. If private link with mTLS is not enabled, the field is empty.
- Private
Link stringSasl - URL of the seed broker for private link with SASL. If private link with SASL is not enabled, the field is empty.
- Sasl string
- URL of the seed broker for SASL. If SASL is not enabled, the field is empty.
- Mtls string
- URL of the seed broker for mTLS. If mTLS is not enabled, the field is empty.
- Private
Link stringMtls - URL of the seed broker for private link with mTLS. If private link with mTLS is not enabled, the field is empty.
- Private
Link stringSasl - URL of the seed broker for private link with SASL. If private link with SASL is not enabled, the field is empty.
- Sasl string
- URL of the seed broker for SASL. If SASL is not enabled, the field is empty.
- mtls string
- URL of the seed broker for mTLS. If mTLS is not enabled, the field is empty.
- private_
link_ stringmtls - URL of the seed broker for private link with mTLS. If private link with mTLS is not enabled, the field is empty.
- private_
link_ stringsasl - URL of the seed broker for private link with SASL. If private link with SASL is not enabled, the field is empty.
- sasl string
- URL of the seed broker for SASL. If SASL is not enabled, the field is empty.
- mtls String
- URL of the seed broker for mTLS. If mTLS is not enabled, the field is empty.
- private
Link StringMtls - URL of the seed broker for private link with mTLS. If private link with mTLS is not enabled, the field is empty.
- private
Link StringSasl - URL of the seed broker for private link with SASL. If private link with SASL is not enabled, the field is empty.
- sasl String
- URL of the seed broker for SASL. If SASL is not enabled, the field is empty.
- mtls string
- URL of the seed broker for mTLS. If mTLS is not enabled, the field is empty.
- private
Link stringMtls - URL of the seed broker for private link with mTLS. If private link with mTLS is not enabled, the field is empty.
- private
Link stringSasl - URL of the seed broker for private link with SASL. If private link with SASL is not enabled, the field is empty.
- sasl string
- URL of the seed broker for SASL. If SASL is not enabled, the field is empty.
- mtls str
- URL of the seed broker for mTLS. If mTLS is not enabled, the field is empty.
- private_
link_ strmtls - URL of the seed broker for private link with mTLS. If private link with mTLS is not enabled, the field is empty.
- private_
link_ strsasl - URL of the seed broker for private link with SASL. If private link with SASL is not enabled, the field is empty.
- sasl str
- URL of the seed broker for SASL. If SASL is not enabled, the field is empty.
- mtls String
- URL of the seed broker for mTLS. If mTLS is not enabled, the field is empty.
- private
Link StringMtls - URL of the seed broker for private link with mTLS. If private link with mTLS is not enabled, the field is empty.
- private
Link StringSasl - URL of the seed broker for private link with SASL. If private link with SASL is not enabled, the field is empty.
- sasl String
- URL of the seed broker for SASL. If SASL is not enabled, the field is empty.
ClusterHttpProxyMtls, ClusterHttpProxyMtlsArgs
- Ca
Certificates List<string>Pems - CA certificate in PEM format.
- Enabled bool
- Whether mTLS is enabled.
- Principal
Mapping List<string>Rules - Principal mapping rules for mTLS authentication. See Redpanda documentation for details
- Ca
Certificates []stringPems - CA certificate in PEM format.
- Enabled bool
- Whether mTLS is enabled.
- Principal
Mapping []stringRules - Principal mapping rules for mTLS authentication. See Redpanda documentation for details
- ca_
certificates_ list(string)pems - CA certificate in PEM format.
- enabled bool
- Whether mTLS is enabled.
- principal_
mapping_ list(string)rules - Principal mapping rules for mTLS authentication. See Redpanda documentation for details
- ca
Certificates List<String>Pems - CA certificate in PEM format.
- enabled Boolean
- Whether mTLS is enabled.
- principal
Mapping List<String>Rules - Principal mapping rules for mTLS authentication. See Redpanda documentation for details
- ca
Certificates string[]Pems - CA certificate in PEM format.
- enabled boolean
- Whether mTLS is enabled.
- principal
Mapping string[]Rules - Principal mapping rules for mTLS authentication. See Redpanda documentation for details
- ca_
certificates_ Sequence[str]pems - CA certificate in PEM format.
- enabled bool
- Whether mTLS is enabled.
- principal_
mapping_ Sequence[str]rules - Principal mapping rules for mTLS authentication. See Redpanda documentation for details
- ca
Certificates List<String>Pems - CA certificate in PEM format.
- enabled Boolean
- Whether mTLS is enabled.
- principal
Mapping List<String>Rules - Principal mapping rules for mTLS authentication. See Redpanda documentation for details
ClusterHttpProxySasl, ClusterHttpProxySaslArgs
- Enabled bool
- Whether SASL is enabled.
- Enabled bool
- Whether SASL is enabled.
- enabled bool
- Whether SASL is enabled.
- enabled Boolean
- Whether SASL is enabled.
- enabled boolean
- Whether SASL is enabled.
- enabled bool
- Whether SASL is enabled.
- enabled Boolean
- Whether SASL is enabled.
ClusterKafkaApi, ClusterKafkaApiArgs
- All
Seed ClusterBrokers Kafka Api All Seed Brokers - Seed brokers of Redpanda Kafka API.
- Mtls
Cluster
Kafka Api Mtls - mTLS configuration.
- Sasl
Cluster
Kafka Api Sasl - SASL configuration
- Seed
Brokers List<string> - Kafka API Seed Brokers (also known as Bootstrap servers).
- All
Seed ClusterBrokers Kafka Api All Seed Brokers - Seed brokers of Redpanda Kafka API.
- Mtls
Cluster
Kafka Api Mtls - mTLS configuration.
- Sasl
Cluster
Kafka Api Sasl - SASL configuration
- Seed
Brokers []string - Kafka API Seed Brokers (also known as Bootstrap servers).
- all_
seed_ objectbrokers - Seed brokers of Redpanda Kafka API.
- mtls object
- mTLS configuration.
- sasl object
- SASL configuration
- seed_
brokers list(string) - Kafka API Seed Brokers (also known as Bootstrap servers).
- all
Seed ClusterBrokers Kafka Api All Seed Brokers - Seed brokers of Redpanda Kafka API.
- mtls
Cluster
Kafka Api Mtls - mTLS configuration.
- sasl
Cluster
Kafka Api Sasl - SASL configuration
- seed
Brokers List<String> - Kafka API Seed Brokers (also known as Bootstrap servers).
- all
Seed ClusterBrokers Kafka Api All Seed Brokers - Seed brokers of Redpanda Kafka API.
- mtls
Cluster
Kafka Api Mtls - mTLS configuration.
- sasl
Cluster
Kafka Api Sasl - SASL configuration
- seed
Brokers string[] - Kafka API Seed Brokers (also known as Bootstrap servers).
- all_
seed_ Clusterbrokers Kafka Api All Seed Brokers - Seed brokers of Redpanda Kafka API.
- mtls
Cluster
Kafka Api Mtls - mTLS configuration.
- sasl
Cluster
Kafka Api Sasl - SASL configuration
- seed_
brokers Sequence[str] - Kafka API Seed Brokers (also known as Bootstrap servers).
- all
Seed Property MapBrokers - Seed brokers of Redpanda Kafka API.
- mtls Property Map
- mTLS configuration.
- sasl Property Map
- SASL configuration
- seed
Brokers List<String> - Kafka API Seed Brokers (also known as Bootstrap servers).
ClusterKafkaApiAllSeedBrokers, ClusterKafkaApiAllSeedBrokersArgs
- Mtls string
- URL of the seed broker for mTLS. If mTLS is not enabled, the field is empty.
- Private
Link stringMtls - URL of the seed broker for private link with mTLS. If private link with mTLS is not enabled, the field is empty.
- Private
Link stringSasl - URL of the seed broker for private link with SASL. If private link with SASL is not enabled, the field is empty.
- Sasl string
- URL of the seed broker for SASL. If SASL is not enabled, the field is empty.
- Mtls string
- URL of the seed broker for mTLS. If mTLS is not enabled, the field is empty.
- Private
Link stringMtls - URL of the seed broker for private link with mTLS. If private link with mTLS is not enabled, the field is empty.
- Private
Link stringSasl - URL of the seed broker for private link with SASL. If private link with SASL is not enabled, the field is empty.
- Sasl string
- URL of the seed broker for SASL. If SASL is not enabled, the field is empty.
- mtls string
- URL of the seed broker for mTLS. If mTLS is not enabled, the field is empty.
- private_
link_ stringmtls - URL of the seed broker for private link with mTLS. If private link with mTLS is not enabled, the field is empty.
- private_
link_ stringsasl - URL of the seed broker for private link with SASL. If private link with SASL is not enabled, the field is empty.
- sasl string
- URL of the seed broker for SASL. If SASL is not enabled, the field is empty.
- mtls String
- URL of the seed broker for mTLS. If mTLS is not enabled, the field is empty.
- private
Link StringMtls - URL of the seed broker for private link with mTLS. If private link with mTLS is not enabled, the field is empty.
- private
Link StringSasl - URL of the seed broker for private link with SASL. If private link with SASL is not enabled, the field is empty.
- sasl String
- URL of the seed broker for SASL. If SASL is not enabled, the field is empty.
- mtls string
- URL of the seed broker for mTLS. If mTLS is not enabled, the field is empty.
- private
Link stringMtls - URL of the seed broker for private link with mTLS. If private link with mTLS is not enabled, the field is empty.
- private
Link stringSasl - URL of the seed broker for private link with SASL. If private link with SASL is not enabled, the field is empty.
- sasl string
- URL of the seed broker for SASL. If SASL is not enabled, the field is empty.
- mtls str
- URL of the seed broker for mTLS. If mTLS is not enabled, the field is empty.
- private_
link_ strmtls - URL of the seed broker for private link with mTLS. If private link with mTLS is not enabled, the field is empty.
- private_
link_ strsasl - URL of the seed broker for private link with SASL. If private link with SASL is not enabled, the field is empty.
- sasl str
- URL of the seed broker for SASL. If SASL is not enabled, the field is empty.
- mtls String
- URL of the seed broker for mTLS. If mTLS is not enabled, the field is empty.
- private
Link StringMtls - URL of the seed broker for private link with mTLS. If private link with mTLS is not enabled, the field is empty.
- private
Link StringSasl - URL of the seed broker for private link with SASL. If private link with SASL is not enabled, the field is empty.
- sasl String
- URL of the seed broker for SASL. If SASL is not enabled, the field is empty.
ClusterKafkaApiMtls, ClusterKafkaApiMtlsArgs
- Ca
Certificates List<string>Pems - CA certificate in PEM format.
- Enabled bool
- Whether mTLS is enabled.
- Principal
Mapping List<string>Rules - Principal mapping rules for mTLS authentication. See Redpanda documentation for details
- Ca
Certificates []stringPems - CA certificate in PEM format.
- Enabled bool
- Whether mTLS is enabled.
- Principal
Mapping []stringRules - Principal mapping rules for mTLS authentication. See Redpanda documentation for details
- ca_
certificates_ list(string)pems - CA certificate in PEM format.
- enabled bool
- Whether mTLS is enabled.
- principal_
mapping_ list(string)rules - Principal mapping rules for mTLS authentication. See Redpanda documentation for details
- ca
Certificates List<String>Pems - CA certificate in PEM format.
- enabled Boolean
- Whether mTLS is enabled.
- principal
Mapping List<String>Rules - Principal mapping rules for mTLS authentication. See Redpanda documentation for details
- ca
Certificates string[]Pems - CA certificate in PEM format.
- enabled boolean
- Whether mTLS is enabled.
- principal
Mapping string[]Rules - Principal mapping rules for mTLS authentication. See Redpanda documentation for details
- ca_
certificates_ Sequence[str]pems - CA certificate in PEM format.
- enabled bool
- Whether mTLS is enabled.
- principal_
mapping_ Sequence[str]rules - Principal mapping rules for mTLS authentication. See Redpanda documentation for details
- ca
Certificates List<String>Pems - CA certificate in PEM format.
- enabled Boolean
- Whether mTLS is enabled.
- principal
Mapping List<String>Rules - Principal mapping rules for mTLS authentication. See Redpanda documentation for details
ClusterKafkaApiSasl, ClusterKafkaApiSaslArgs
- Enabled bool
- Whether SASL is enabled.
- Enabled bool
- Whether SASL is enabled.
- enabled bool
- Whether SASL is enabled.
- enabled Boolean
- Whether SASL is enabled.
- enabled boolean
- Whether SASL is enabled.
- enabled bool
- Whether SASL is enabled.
- enabled Boolean
- Whether SASL is enabled.
ClusterKafkaConnect, ClusterKafkaConnectArgs
- Enabled bool
- Whether Kafka Connect is enabled
- Enabled bool
- Whether Kafka Connect is enabled
- enabled bool
- Whether Kafka Connect is enabled
- enabled Boolean
- Whether Kafka Connect is enabled
- enabled boolean
- Whether Kafka Connect is enabled
- enabled bool
- Whether Kafka Connect is enabled
- enabled Boolean
- Whether Kafka Connect is enabled
ClusterMaintenanceWindowConfig, ClusterMaintenanceWindowConfigArgs
- Anytime bool
- If true, maintenance can occur at any time
- Day
Hour ClusterMaintenance Window Config Day Hour - Day Hour configuration
- Unspecified bool
- If true, maintenance window is unspecified
- Anytime bool
- If true, maintenance can occur at any time
- Day
Hour ClusterMaintenance Window Config Day Hour - Day Hour configuration
- Unspecified bool
- If true, maintenance window is unspecified
- anytime bool
- If true, maintenance can occur at any time
- day_
hour object - Day Hour configuration
- unspecified bool
- If true, maintenance window is unspecified
- anytime Boolean
- If true, maintenance can occur at any time
- day
Hour ClusterMaintenance Window Config Day Hour - Day Hour configuration
- unspecified Boolean
- If true, maintenance window is unspecified
- anytime boolean
- If true, maintenance can occur at any time
- day
Hour ClusterMaintenance Window Config Day Hour - Day Hour configuration
- unspecified boolean
- If true, maintenance window is unspecified
- anytime bool
- If true, maintenance can occur at any time
- day_
hour ClusterMaintenance Window Config Day Hour - Day Hour configuration
- unspecified bool
- If true, maintenance window is unspecified
- anytime Boolean
- If true, maintenance can occur at any time
- day
Hour Property Map - Day Hour configuration
- unspecified Boolean
- If true, maintenance window is unspecified
ClusterMaintenanceWindowConfigDayHour, ClusterMaintenanceWindowConfigDayHourArgs
- day_
of_ stringweek - Represents a day of the week. - MONDAY: Monday - TUESDAY: Tuesday - WEDNESDAY: Wednesday - THURSDAY: Thursday - FRIDAY: Friday - SATURDAY: Saturday - SUNDAY: Sunday
- hour_
of_ numberday - always UTC. Must be between 0 and 23 (inclusive).
- day_
of_ strweek - Represents a day of the week. - MONDAY: Monday - TUESDAY: Tuesday - WEDNESDAY: Wednesday - THURSDAY: Thursday - FRIDAY: Friday - SATURDAY: Saturday - SUNDAY: Sunday
- hour_
of_ floatday - always UTC. Must be between 0 and 23 (inclusive).
ClusterPrometheus, ClusterPrometheusArgs
- Url string
- Prometheus API URL.
- Url string
- Prometheus API URL.
- url string
- Prometheus API URL.
- url String
- Prometheus API URL.
- url string
- Prometheus API URL.
- url str
- Prometheus API URL.
- url String
- Prometheus API URL.
ClusterRedpandaConsole, ClusterRedpandaConsoleArgs
- Url string
- Redpanda Console API URL.
- Url string
- Redpanda Console API URL.
- url string
- Redpanda Console API URL.
- url String
- Redpanda Console API URL.
- url string
- Redpanda Console API URL.
- url str
- Redpanda Console API URL.
- url String
- Redpanda Console API URL.
ClusterRpsql, ClusterRpsqlArgs
ClusterSchemaRegistry, ClusterSchemaRegistryArgs
- All
Urls ClusterSchema Registry All Urls - The endpoints of Redpanda HTTP Proxy or Schema Registry.
- Mtls
Cluster
Schema Registry Mtls - mTLS configuration.
- Url string
- Schema Registry URL.
- All
Urls ClusterSchema Registry All Urls - The endpoints of Redpanda HTTP Proxy or Schema Registry.
- Mtls
Cluster
Schema Registry Mtls - mTLS configuration.
- Url string
- Schema Registry URL.
- all
Urls ClusterSchema Registry All Urls - The endpoints of Redpanda HTTP Proxy or Schema Registry.
- mtls
Cluster
Schema Registry Mtls - mTLS configuration.
- url String
- Schema Registry URL.
- all
Urls ClusterSchema Registry All Urls - The endpoints of Redpanda HTTP Proxy or Schema Registry.
- mtls
Cluster
Schema Registry Mtls - mTLS configuration.
- url string
- Schema Registry URL.
- all_
urls ClusterSchema Registry All Urls - The endpoints of Redpanda HTTP Proxy or Schema Registry.
- mtls
Cluster
Schema Registry Mtls - mTLS configuration.
- url str
- Schema Registry URL.
- all
Urls Property Map - The endpoints of Redpanda HTTP Proxy or Schema Registry.
- mtls Property Map
- mTLS configuration.
- url String
- Schema Registry URL.
ClusterSchemaRegistryAllUrls, ClusterSchemaRegistryAllUrlsArgs
- Mtls string
- URL of the seed broker for mTLS. If mTLS is not enabled, the field is empty.
- Private
Link stringMtls - URL of the seed broker for private link with mTLS. If private link with mTLS is not enabled, the field is empty.
- Private
Link stringSasl - URL of the seed broker for private link with SASL. If private link with SASL is not enabled, the field is empty.
- Sasl string
- URL of the seed broker for SASL. If SASL is not enabled, the field is empty.
- Mtls string
- URL of the seed broker for mTLS. If mTLS is not enabled, the field is empty.
- Private
Link stringMtls - URL of the seed broker for private link with mTLS. If private link with mTLS is not enabled, the field is empty.
- Private
Link stringSasl - URL of the seed broker for private link with SASL. If private link with SASL is not enabled, the field is empty.
- Sasl string
- URL of the seed broker for SASL. If SASL is not enabled, the field is empty.
- mtls string
- URL of the seed broker for mTLS. If mTLS is not enabled, the field is empty.
- private_
link_ stringmtls - URL of the seed broker for private link with mTLS. If private link with mTLS is not enabled, the field is empty.
- private_
link_ stringsasl - URL of the seed broker for private link with SASL. If private link with SASL is not enabled, the field is empty.
- sasl string
- URL of the seed broker for SASL. If SASL is not enabled, the field is empty.
- mtls String
- URL of the seed broker for mTLS. If mTLS is not enabled, the field is empty.
- private
Link StringMtls - URL of the seed broker for private link with mTLS. If private link with mTLS is not enabled, the field is empty.
- private
Link StringSasl - URL of the seed broker for private link with SASL. If private link with SASL is not enabled, the field is empty.
- sasl String
- URL of the seed broker for SASL. If SASL is not enabled, the field is empty.
- mtls string
- URL of the seed broker for mTLS. If mTLS is not enabled, the field is empty.
- private
Link stringMtls - URL of the seed broker for private link with mTLS. If private link with mTLS is not enabled, the field is empty.
- private
Link stringSasl - URL of the seed broker for private link with SASL. If private link with SASL is not enabled, the field is empty.
- sasl string
- URL of the seed broker for SASL. If SASL is not enabled, the field is empty.
- mtls str
- URL of the seed broker for mTLS. If mTLS is not enabled, the field is empty.
- private_
link_ strmtls - URL of the seed broker for private link with mTLS. If private link with mTLS is not enabled, the field is empty.
- private_
link_ strsasl - URL of the seed broker for private link with SASL. If private link with SASL is not enabled, the field is empty.
- sasl str
- URL of the seed broker for SASL. If SASL is not enabled, the field is empty.
- mtls String
- URL of the seed broker for mTLS. If mTLS is not enabled, the field is empty.
- private
Link StringMtls - URL of the seed broker for private link with mTLS. If private link with mTLS is not enabled, the field is empty.
- private
Link StringSasl - URL of the seed broker for private link with SASL. If private link with SASL is not enabled, the field is empty.
- sasl String
- URL of the seed broker for SASL. If SASL is not enabled, the field is empty.
ClusterSchemaRegistryMtls, ClusterSchemaRegistryMtlsArgs
- Ca
Certificates List<string>Pems - CA certificate in PEM format.
- Enabled bool
- Whether mTLS is enabled.
- Principal
Mapping List<string>Rules - Principal mapping rules for mTLS authentication. See Redpanda documentation for details
- Ca
Certificates []stringPems - CA certificate in PEM format.
- Enabled bool
- Whether mTLS is enabled.
- Principal
Mapping []stringRules - Principal mapping rules for mTLS authentication. See Redpanda documentation for details
- ca_
certificates_ list(string)pems - CA certificate in PEM format.
- enabled bool
- Whether mTLS is enabled.
- principal_
mapping_ list(string)rules - Principal mapping rules for mTLS authentication. See Redpanda documentation for details
- ca
Certificates List<String>Pems - CA certificate in PEM format.
- enabled Boolean
- Whether mTLS is enabled.
- principal
Mapping List<String>Rules - Principal mapping rules for mTLS authentication. See Redpanda documentation for details
- ca
Certificates string[]Pems - CA certificate in PEM format.
- enabled boolean
- Whether mTLS is enabled.
- principal
Mapping string[]Rules - Principal mapping rules for mTLS authentication. See Redpanda documentation for details
- ca_
certificates_ Sequence[str]pems - CA certificate in PEM format.
- enabled bool
- Whether mTLS is enabled.
- principal_
mapping_ Sequence[str]rules - Principal mapping rules for mTLS authentication. See Redpanda documentation for details
- ca
Certificates List<String>Pems - CA certificate in PEM format.
- enabled Boolean
- Whether mTLS is enabled.
- principal
Mapping List<String>Rules - Principal mapping rules for mTLS authentication. See Redpanda documentation for details
ClusterStateDescription, ClusterStateDescriptionArgs
ClusterTimeouts, ClusterTimeoutsArgs
- Create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- Update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- Update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
Import
$ pulumi import redpanda:index/cluster:Cluster example clusterId
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- redpanda redpanda-data/terraform-provider-redpanda
- License
- Notes
- This Pulumi package is based on the
redpandaTerraform Provider.
Viewing docs for redpanda 2.0.0
published on Wednesday, Jun 3, 2026 by redpanda-data
published on Wednesday, Jun 3, 2026 by redpanda-data