Lenses Resource Names (LRNs)

LRNs uniquely identify all resources that Lenses understands. Examples are a Lenses User, a Kafka topic or a Kafka-Connect connector.

Use an LRN to specify a resource across all of Lenses, unambiguously:

To add topic permissions for a team in IAM permissions.
To share a consumer-group reference with a colleague.

LRN format

The top-level format has 3 parts called segments. A semi-colon : separates them:

service:resource-type:resource-path

service

service is the namespace of the Lenses service that manages a set of resource types.

e.g. kafka for things like topics and consumer groups.

resource-type

resource-type is the type of resources that are served by a service.

e.g. topic for a Kafka topic, consumer-group for a Kafka consumer group. They both belong to the kafka service.

resource-path

resource-path is the unique path that identifies a resource. The resource path is specific to a service and resource type. The resource path can be:

a single resource name, e.g. :
- lucy.clearview@lenses.io for a user resource name.
- The full LRN would be iam:user:lucy.clearview@lenses.io
a nested path that contains slashes / e.g. :
- dev-environment/kafka/my-topic for a kafka topic
- The full LRN would be kafka:topic:dev-environment/kafka/my-topic

Examples

IAM user

iam:user:lucy.clearview@lenses.io

Kafka topic

kafka:topic:dev-environment/kafka/my-topic

Kafka consumer group

kafka:consumer-group:dev-environment/kafka/my-consumer-group

Schema Registry schema

schemas:schema:dev-environment/schema-registry/my-topic-value

Kafka Connect connector

kafka-connect:connector:dev-environment/connect-cluster-1/my-s3-sink

Allowed characters

LRNs separate top-level segments with a colon : and resource path segments with a slash /.

A segment may have:

Alphanumeric characters: a-z, A-Z, 0-9
Allowed symbols: -

Using wildcards

Use the wildcard asterisk * to express catch-all LRNs.

Good examples

Use these examples to express multiple resources easily.

Wildcard pattern LRN Example Definition Example means…

Wildcard pattern	LRN Example	Definition	Example means…
`*`	`*`	Global wildcard. Capture all the resources that Lenses manages.	"Everything"
`service:*`	`kafka:*`	Service-specific wildcard. Capture all the resources for a service.	"All Kafka resources in all environments, i.e. topics, consumer groups, acls and quotas"
`service:resource-type:*`	`kafka:topic:*`	Resource-type-specific wildcard. Capture all the resources for a type of resources of a service.	"All Kafka topics in all environments"
`service:resource-type:parent/*/grandchild`	`kafka-connect:connector:dev-environment/*/my-s3-sink`	Path segment wildcard. Capture a part of the resource path.	"All connectors named 'my-s3-sink' in all Connect clusters under the environment 'dev-environment' "
`service:resource-type:resourcePa*`	`kafka:topic:dev-environment/kafka/red-*`	Trailing wildcard. This wildcard is at the end of an LRN. It acts as a 'globstar' (`**`) and matches against the rest of the string. Capture the resources that start with the given path prefix.	"All Kafka topics in the environment 'dev-environment' whose name starts with 'red-' "
`service:resource-type:paren/chil/grandchil*`	`kafka-connect:connector:dev/sinks/s3*`	Path suffix wildcard. Capture resources where different path segments start with certain prefixes.	"All connectors in all environments that start with 'dev', within any Connect cluster that starts with 'sinks' and where the connector name starts with 's3' "

*

Global wildcard.

Capture all the resources that Lenses manages.

"Everything"

service:*

kafka:*

Service-specific wildcard.

Capture all the resources for a service.

"All Kafka resources in all environments, i.e. topics, consumer groups, acls and quotas"

service:resource-type:*

kafka:topic:*

Resource-type-specific wildcard.

Capture all the resources for a type of resources of a service.

"All Kafka topics in all environments"

service:resource-type:parent/*/grandchild

kafka-connect:connector:dev-environment/*/my-s3-sink

Path segment wildcard.

Capture a part of the resource path.

"All connectors named 'my-s3-sink' in all Connect clusters under the environment 'dev-environment' "

service:resource-type:resourcePa*

kafka:topic:dev-environment/kafka/red-*

Trailing wildcard.

This wildcard is at the end of an LRN. It acts as a 'globstar' (**) and matches against the rest of the string.

Capture the resources that start with the given path prefix.

"All Kafka topics in the environment 'dev-environment' whose name starts with 'red-' "

service:resource-type:paren*/chil*/grandchil*

kafka-connect:connector:dev*/sinks*/s3*

Path suffix wildcard.

Capture resources where different path segments start with certain prefixes.

"All connectors in all environments that start with 'dev', within any Connect cluster that starts with 'sinks' and where the connector name starts with 's3' "

Bad examples

Avoid these examples because they are ambiguous. Lenses does not allow them.

Wildcard pattern LRN Example Restriction Better alternative

Wildcard pattern	LRN Example	Restriction	Better alternative
`servic*:resource-type:resource-path`	`kafk*::dev-environment/` or `:topic:dev-environment/`	No wildcards allowed at the service level. A service must be its full string.	Global wildcard `*`
`service:resource-typ*:resource-path`	`kafka:topi:dev-environment/`	No wilcards allowed at the resource-type level. A resource type must be its full string.	Service-specific wildcard `service:*` No resource-path segments allowed in this case.

servic*:resource-type:resource-path

kafk*::dev-environment/

or :topic:dev-environment/

No wildcards allowed at the service level. A service must be its full string.

Global wildcard *

service:resource-typ*:resource-path

kafka:topi*:dev-environment/*

No wilcards allowed at the resource-type level. A resource type must be its full string.

Service-specific wildcard service:* No resource-path segments allowed in this case.

PreviousEnvironments NextIdentity & Access Management

Last updated 2 days ago