Allow read-only access to a topic
Allow the authenticated principal to consume messages for a specific topic.
curl -X POST https://{region}.api.konghq.com/v1/event-gateways/{eventGatewayId}/virtual-clusters/{virtualClusterId}/cluster-policies \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "read-only-topic",
"type": "acls",
"config": {
"policies": [
{
"name": "name",
"type": "acls",
"config": {
"rules": [
{
"resource_type": "topic",
"action": "allow",
"operations": [
{
"name": "read"
}
],
"resource_names": [
{
"match": "my_resource"
}
]
}
]
}
}
]
}
}
'
Copied!
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account. -
virtualClusterId: Theidof the Virtual Cluster. -
eventGatewayId: Theidof the Event Gateway. -
eventGatewayListenerId: Theidof the Event Gateway Listener.
See the Konnect Event Gateway API reference to learn about region-specific URLs and personal access tokens.
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect-beta = {
source = "kong/konnect-beta"
}
}
}
provider "konnect-beta" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Copied!
resource "konnect_event_gateway_cluster_policy_acls" "my_virtual_cluster_policy_acls" {
provider = konnect-beta
type = "acls"
config = {
policies = [
{
name = "name"
type = "acls"
config = {
rules = [
{
resource_type = "topic"
action = "allow"
operations = [
{
name = "read"
} ]
resource_names = [
{
match = "my_resource"
} ]
} ]
}
} ]
}
virtual_cluster_id = konnect_event_gateway_virtual_cluster.my_virtual_cluster.id
gateway_id = konnect_event_gateway.my_event_gateway.id
}
Copied!