https://pulumi.com
Join Slack
Hello Guys! I am new here. Nice to e-meet you :wave: I have an issue with creating api key for mana...
# automation-api
p
Hello Guys! I am new here. Nice to e-meet you đź‘‹ I have an issue with creating api key for managing cluster in confluent cloud. I use the latest version of confluentcloud pulumi provider. I have confluent cloud api key created. I want to create an api key for cluster management (it will be used for creating topics and other resources, not accessing data). I tried two approaches. 1) Role binding:
Copy code
const envManagementAccount = new confluentcloud.ServiceAccount(
...
);

const apiKey = new confluentcloud.ApiKey(`...`, {

  owner: {
    id: envManagementAccount.id,
    apiVersion: envManagementAccount.apiVersion,
    kind: envManagementAccount.kind,
  },
  managedResource: {
    id: clusterConfig.cluster.id,
    apiVersion: clusterConfig.cluster.apiVersion,
    kind: clusterConfig.cluster.kind,
    environment: {
      id: clusterConfig.environment.id,
    },
  },
});

new confluentcloud.RoleBinding(
  `...`,
  {
    principal: `User:${envManagementAccount.id}`,
    roleName: 'CloudClusterAdmin',
    crnPattern: clusterConfig.cluster.rbacCrn,
  },
  { dependsOn: [apiKey] }
);
2) Adding ACLs:
Copy code
const envManagementAccount = new confluentcloud.ServiceAccount(
...
);

const apiKey = new confluentcloud.ApiKey(`...`, {
  ...
  owner: {
    id: envManagementAccount.id,
    apiVersion: envManagementAccount.apiVersion,
    kind: envManagementAccount.kind,
  },
  managedResource: {
    id: clusterConfig.cluster.id,
    apiVersion: clusterConfig.cluster.apiVersion,
    kind: clusterConfig.cluster.kind,
    environment: {
      id: clusterConfig.environment.id,
    },
  },
});

envManagementAccount.id.apply(
  (saId) =>
    new confluentcloud.KafkaAcl(`...`, {
      kafkaCluster: {
        id: clusterConfig.cluster.id,
      },
      resourceType: 'CLUSTER',
      resourceName: 'kafka-cluster',
      patternType: 'LITERAL',
      principal: `User:${saId}`,
      host: '*',
      operation: 'ALL',
      permission: 'ALLOW',
      restEndpoint: clusterConfig.cluster.restEndpoint,
      credentials: {
        key: cloudApiKey,
        secret: cloudApiSecret,
      },
    })
);
In both cases, I get authorization issue: 1)
Copy code
error: 1 error occurred: * error creating Role Binding: 403 Forbidden: Forbidden Access
2)
Copy code
error: 1 error occurred: * error creating Kafka ACLs: 401 Unauthorized: Unauthorized
What’s the proper way to fix it assuming the only key created manually is confluent cloud api key?
Open in Slack
PreviousNext
Powered by

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Powered by