vongosling commented on a change in pull request #1217: [ISSUE #1156]new mqadmin API for ACL configuration URL: https://github.com/apache/rocketmq/pull/1217#discussion_r293383061
########## File path: docs/cn/acl/user_guide.md ########## @@ -82,5 +82,76 @@ RocketMQ的权限控制存储的默认实现是基于yml配置文件。用户可 (2)如果ACL与高可用部署(多副本Dledger架构)同时启用,由于出现节点宕机时,Dledger Group组内会自动选主,那么就需要将Dledger Group组 内所有Broker节点的plain_acl.yml配置文件的白名单设置所有Broker节点的ip地址。 +## 7. ACL mqadmin配置管理命令 + +### 7.1 更新ACL配置文件中“account”的属性值 + +该命令的示例如下: + +sh mqadmin updateAclConfig -n 192.168.1.2:9876 -b 192.168.12.134:10911 -a RocketMQ -s 1234567809123 +-t topicA=DENY,topicD=SUB -g groupD=DENY,groupB=SUB + +说明:如果不存在则会在ACL Config YAML配置文件中创建;若存在,则会更新对应的“accounts”的属性值; +如果指定的是集群名称,则会在集群中各个broker节点执行该命令;否则会在单个broker节点执行该命令。 + +| 参数 | 取值 | 含义 | +| --- | --- | --- | +| n | eg:192.168.1.2:9876 | namesrv地址 | +| c | eg:DefaultCluster | 指定集群名称(与broker地址二选一) | +| b | eg:192.168.12.134:10911 | 指定broker地址(与集群名称二选一) | +| a | eg:RocketMQ | Access Key值 | +| s | eg:1234567809123 | Secret Key值 | +| m | eg:true | 是否管理员账户 | +| w | eg:192.168.0.* | whiteRemoteAddress,用户IP白名单 | +| i | eg:SUB | defaultTopicPerm,默认Topic权限 | +| u | eg:PUB | defaultGroupPerm,默认ConsumerGroup权限 | +| t | eg:topicA=DENY,topicD=SUB | topicPerms,各个Topic的权限 | Review comment: yeap, when we write the configuration, we must be careful what's is the default, what's is required, what's is optional value. and does it necessarily to list the whole values. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
