我尝试了以下方法,但它不起作用,尽管理论上,根据 acl 工具提示它应该起作用。
kafka-acls --bootstrap-server server:9094 --command-config client-sasl.properties --remove --allow-principal User:* --operation * --topic * --resource-pattern-type literal
不幸的是,您无法通过提供通配符或星号来删除与用户主体相关的所有资源引用。相反,您可以使用任何自定义脚本(如下面的 shell 脚本)在迭代时删除引用。
revoke_acl_user() {
read -e -p $'\033[1;33mEnter group name: \033[0m' group
read -e -p $'\033[1;33mEnter usernames (comma separated): \033[0m' user_input
read -e -p $'\033[1;33mEnter topic names (comma separated): \033[0m' topic_input
IFS=',' read -ra users <<< "$user_input"
IFS=',' read -ra topics <<< "$topic_input"
for user in "${users[@]}"; do
echo -e "\033[1;33mBacking up ACL for user $user...\033[0m"
$KAFKA_HOME/bin/kafka-acls.sh --bootstrap-server $broker_list --command-config $KAFKA_HOME/config/client_ssl.properties --list --principal User:$user >> ACL_${user}_backup.txt
for topic in "${topics[@]}"; do
echo -e "\033[1;33mRemoving ACL for user $user from group $group and topic $topic...\033[0m"
$KAFKA_HOME/bin/kafka-acls.sh --bootstrap-server $broker_list --command-config $KAFKA_HOME/config/client_ssl.properties --remove --allow-principal User:$user --group $group --resource-pattern-type ANY --topic $topic
if [ $? -eq 0 ]; then
echo -e "\033[1;32mSuccessfully removed ACL for user $user on topic $topic.\033[0m"
else
echo -e "\033[1;31mFailed to remove ACL for user $user on topic $topic.\033[0m"
fi
done
done
echo -e "\033[1;32mACLs revoked successfully for users: $user_input in group: $group for topics: $topic_input\033[0m"
}