LRNs uniquely identify all resources that Lenses understands. Examples are a Lenses User, a Kafka topic or a Kafka-Connect connector.
Use an LRN to specify a resource across all of Lenses, unambiguously:
To add topic permissions for a team in IAM permissions.
To share a consumer-group reference with a colleague.
The top-level format has 3 parts called segments. A semi-colon : separates them:
service is the namespace of the Lenses service that manages a set of resource types.
e.g. kafka for things like topics and consumer groups.
resource-type is the type of resources that are served by a service.
e.g. topic for a Kafka topic, consumer-group for a Kafka consumer group. They both belong to the kafka service.
resource-path is the unique path that identifies a resource. The resource path is specific to a service and resource type. The resource path can be:
a single resource name, e.g. :
lucy.clearview@lenses.io for a user resource name.
The full LRN would be iam:user:lucy.clearview@lenses.io
a nested path that contains slashes / e.g. :
dev-environment/kafka/my-topic for a kafka topic
The full LRN would be kafka:topic:dev-environment/kafka/my-topic
IAM user
Kafka topic
Kafka consumer group
Schema Registry schema
Kafka Connect connector
LRNs separate top-level segments with a colon : and resource path segments with a slash /.
A segment may have:
Alphanumeric characters: a-z, A-Z, 0-9
Allowed symbols: -
Use the wildcard asterisk * to express catch-all LRNs.
Use these examples to express multiple resources easily.
Avoid these examples because they are ambiguous. Lenses does not allow them.
| Wildcard pattern | LRN Example | Definition | Example means… |
|---|---|---|---|
| Wildcard pattern | LRN Example | Restriction | Better alternative |
|---|---|---|---|
*
*
Global wildcard.
Capture all the resources that Lenses manages.
"Everything"
service:*
kafka:*
Service-specific wildcard.
Capture all the resources for a service.
"All Kafka resources in all environments, i.e. topics, consumer groups, acls and quotas"
service:resource-type:*
kafka:topic:*
Resource-type-specific wildcard.
Capture all the resources for a type of resources of a service.
"All Kafka topics in all environments"
service:resource-type:parent/*/grandchild
kafka-connect:connector:dev-environment/*/my-s3-sink
Path segment wildcard.
Capture a part of the resource path.
"All connectors named 'my-s3-sink' in all Connect clusters under the environment 'dev-environment' "
service:resource-type:resourcePa*
kafka:topic:dev-environment/kafka/red-*
Trailing wildcard.
This wildcard is at the end of an LRN. It acts as a 'globstar' (**) and matches against the rest of the string.
Capture the resources that start with the given path prefix.
"All Kafka topics in the environment 'dev-environment' whose name starts with 'red-' "
service:resource-type:paren*/chil*/grandchil*
kafka-connect:connector:dev*/sinks*/s3*
Path suffix wildcard.
Capture resources where different path segments start with certain prefixes.
"All connectors in all environments that start with 'dev', within any Connect cluster that starts with 'sinks' and where the connector name starts with 's3' "
servic*:resource-type:resource-path
kafk*::dev-environment/
or
:topic:dev-environment/
No wildcards allowed at the service level. A service must be its full string.
Global wildcard *
service:resource-typ*:resource-path
kafka:topi*:dev-environment/*
No wilcards allowed at the resource-type level. A resource type must be its full string.
Service-specific wildcard service:*
No resource-path segments allowed in this case.