MCP Tools Reference: managedkafka

Tool: list_acls

List all ACLs for Google Cloud Managed Service for Apache Kafka for a given project, location, and cluster. Please provide the Project ID, Location, and Cluster ID.

The following sample demonstrate how to use curl to invoke the list_acls MCP tool.

Curl Request 
                  
curl --location 'https://managedkafka.googleapis.com/mcp' \
--header 'content-type: application/json' \
--header 'accept: application/json, text/event-stream' \
--data '{
  "method": "tools/call",
  "params": {
    "name": "list_acls",
    "arguments": {
      // provide these details according to the tool's MCP specification
    }
  },
  "jsonrpc": "2.0",
  "id": 1
}'

Input Schema

Request for ListAcls.

ListAclsRequest

JSON representation 
{
  "parent": string,
  "pageSize": integer,
  "pageToken": string
}
Fields
parent

string

Required. The parent cluster whose acls are to be listed. Structured like projects/{project}/locations/{location}/clusters/{cluster}.
pageSize

integer

Optional. The maximum number of acls to return. The service may return fewer than this value. If unset or zero, all acls for the parent is returned.
pageToken

string

Optional. A page token, received from a previous ListAcls call. Provide this to retrieve the subsequent page.

When paginating, all other parameters provided to ListAcls must match the call that provided the page token.

Output Schema

Response for ListAcls.

ListAclsResponse

JSON representation 
{
  "acls": [
    {
      object (Acl)
    }
  ],
  "nextPageToken": string
}
Fields
acls[]

object (Acl)

The list of acls in the requested parent. The order of the acls is unspecified.
nextPageToken

string

A token that can be sent as page_token to retrieve the next page of results. If this field is omitted, there are no more results.

Acl

JSON representation 
{
  "name": string,
  "aclEntries": [
    {
      object (AclEntry)
    }
  ],
  "etag": string,
  "resourceType": string,
  "resourceName": string,
  "patternType": string
}
Fields
name

string

Identifier. The name for the acl. Represents a single Resource Pattern. Structured like: projects/{project}/locations/{location}/clusters/{cluster}/acls/{acl_id}

The structure of acl_id defines the Resource Pattern (resource_type, resource_name, pattern_type) of the acl. acl_id is structured like one of the following:

For acls on the cluster: cluster

For acls on a single resource within the cluster: topic/{resource_name} consumerGroup/{resource_name} transactionalId/{resource_name}

For acls on all resources that match a prefix: topicPrefixed/{resource_name} consumerGroupPrefixed/{resource_name} transactionalIdPrefixed/{resource_name}

For acls on all resources of a given type (i.e. the wildcard literal "*"): allTopics (represents topic/*) allConsumerGroups (represents consumerGroup/*) allTransactionalIds (represents transactionalId/*)
aclEntries[]

object (AclEntry)

Required. The ACL entries that apply to the resource pattern. The maximum number of allowed entries 100.
etag

string

Optional. etag is used for concurrency control. An etag is returned in the response to GetAcl and CreateAcl. Callers are required to put that etag in the request to UpdateAcl to ensure that their change will be applied to the same version of the acl that exists in the Kafka Cluster.

A terminal 'T' character in the etag indicates that the AclEntries were truncated; more entries for the Acl exist on the Kafka Cluster, but can't be returned in the Acl due to repeated field limits.
resourceType

string

Output only. The ACL resource type derived from the name. One of: CLUSTER, TOPIC, GROUP, TRANSACTIONAL_ID.
resourceName

string

Output only. The ACL resource name derived from the name. For cluster resource_type, this is always "kafka-cluster". Can be the wildcard literal "*".
patternType

string

Output only. The ACL pattern type derived from the name. One of: LITERAL, PREFIXED.

AclEntry

JSON representation 
{
  "principal": string,
  "permissionType": string,
  "operation": string,
  "host": string
}
Fields
principal

string

Required. The principal. Specified as Google Cloud account, with the Kafka StandardAuthorizer prefix "User:". For example: "User:test-kafka-client@test-project.iam.gserviceaccount.com". Can be the wildcard "User:*" to refer to all users.
permissionType

string

Required. The permission type. Accepted values are (case insensitive): ALLOW, DENY.
operation

string

Required. The operation type. Allowed values are (case insensitive): ALL, READ, WRITE, CREATE, DELETE, ALTER, DESCRIBE, CLUSTER_ACTION, DESCRIBE_CONFIGS, ALTER_CONFIGS, and IDEMPOTENT_WRITE. See https://kafka.apache.org/documentation/#operations_resources_and_protocols for valid combinations of resource_type and operation for different Kafka API requests.
host

string

Required. The host. Must be set to "*" for Managed Service for Apache Kafka.

Tool Annotations

Destructive Hint: ❌ | Idempotent Hint: ✅ | Read Only Hint: ✅ | Open World Hint: ❌