Manage Karapace schema registry authorization#

Karapace schema registry authorization allows you to authenticate the user, to control access to individual Karapace schema registry REST API endpoints, and to filter the content the endpoints return.

Tip

Some older Aiven for Apache Kafka® services may not have this feature enabled by default, and you need to enable Karapace schema registry authorization.

Karapace schema registry authorization is configured using Access Control Lists (ACLs). You can manage the Karapace schema registry authorization ACL entries using the Aiven CLI.

Using the Aiven CLI commands, you can

  • Add ACL

  • Delete ACL

  • View ACL list

For more information on the ACL commands, the required parameters and examples, see avn service schema-registry-acl.

Manage resources via Terraform#

Additionally, the Aiven Aiven Terraform provider supports managing Karapace schema registry authorization ACL entries with the aiven_kafka_schema_registry_acl resource. For more information, see the resource documentation.

An example of resource configuration via Terraform is as shown below:

resource "aiven_kafka_schema_registry_acl" "my_resource" {
  project      = aiven_kafka_topic.demo.project
  service_name = aiven_kafka_topic.demo.service_name
  resource     = "Subject:${aiven_kafka_topic.demo.topic_name}"
  username     = aiven_kafka_user.demo.username
  permission   = "schema_registry_read"
}