powerful-midnight-24664
02/06/2023, 10:58 AMconst envManagementAccount = new confluentcloud.ServiceAccount(
...
);
const apiKey = new confluentcloud.ApiKey(`...`, {
owner: {
id: envManagementAccount.id,
apiVersion: envManagementAccount.apiVersion,
kind: envManagementAccount.kind,
},
managedResource: {
id: clusterConfig.cluster.id,
apiVersion: clusterConfig.cluster.apiVersion,
kind: clusterConfig.cluster.kind,
environment: {
id: clusterConfig.environment.id,
},
},
});
new confluentcloud.RoleBinding(
`...`,
{
principal: `User:${envManagementAccount.id}`,
roleName: 'CloudClusterAdmin',
crnPattern: clusterConfig.cluster.rbacCrn,
},
{ dependsOn: [apiKey] }
);
2) Adding ACLs:
const envManagementAccount = new confluentcloud.ServiceAccount(
...
);
const apiKey = new confluentcloud.ApiKey(`...`, {
...
owner: {
id: envManagementAccount.id,
apiVersion: envManagementAccount.apiVersion,
kind: envManagementAccount.kind,
},
managedResource: {
id: clusterConfig.cluster.id,
apiVersion: clusterConfig.cluster.apiVersion,
kind: clusterConfig.cluster.kind,
environment: {
id: clusterConfig.environment.id,
},
},
});
envManagementAccount.id.apply(
(saId) =>
new confluentcloud.KafkaAcl(`...`, {
kafkaCluster: {
id: clusterConfig.cluster.id,
},
resourceType: 'CLUSTER',
resourceName: 'kafka-cluster',
patternType: 'LITERAL',
principal: `User:${saId}`,
host: '*',
operation: 'ALL',
permission: 'ALLOW',
restEndpoint: clusterConfig.cluster.restEndpoint,
credentials: {
key: cloudApiKey,
secret: cloudApiSecret,
},
})
);
In both cases, I get authorization issue:
1)
error: 1 error occurred: * error creating Role Binding: 403 Forbidden: Forbidden Access
2)
error: 1 error occurred: * error creating Kafka ACLs: 401 Unauthorized: Unauthorized
What’s the proper way to fix it assuming the only key created manually is confluent cloud api key?