consume
: allow the service account to consume messages.
produce
: allow the service account to publish messages.
functions
: allow the service account to submit and manage functions.
sinks
: allow the service account to create and manage sink connectors.
sources
: allow the service account to create and manage source connectors.
packages
: allow the service account to upload and manage pulsar packages. If you want to submit a customized function/connector, then you will need to upload the function/connector’s JAR/NAR/Python file first, which requires the packages
permission.
Service Accounts
tab and choose the service account you want to use for running the connector. Clicking on the right button and there willbe a Edit service account bindings
option.
Edit service account bindings
, choose the desired pool member and confirm.
PulsarCluster
for all I/O components (Pulsar Functions, Pulsar Connectors, and Kafka Connectors) to access underlying infrastructure resources. This means all I/O Components in the same cluster share one service account and the same permissions.
PoolMember
name and namespace from the PulsarCluster
poolMemberRef
block, which looks like:
PoolMember
. You do not need to create separate IAM roles for each cluster within the same PoolMember
.ServiceAccountBinding
that binds the service account to the PoolMember
sts:AssumeRole
on arn1
and arn2
. You must still add a trust policy on arn1
and arn2
to allow the newly created role to assume them.ServiceAccountBinding
to create the IAM role
status.conditions
array should include a condition with type: IAMAccountReady
and status: "True"
, indicating the IAM role was created successfully.sab-[binding-name]-[org-id]
is created;In AWS, an IAM role role/StreamNative/sncloud-role/authorization.streamnative.io/iamaccounts/IamAccount-[org-id]-sab-[binding-name]
is created;In GCP, a service account with display name: IamAccount/[org-id]/sab-[binding-name]
is created.snctl
to manage Pulsar IO Connectors with Service Accountsnctl
integrates the pulsar admin apis and allows to be used as the pulsar admin CLI to directly access to the StreamNative Cloud cluster. You can use snctl
to make the target StreamNative Cloud cluster as the service context, and access to it with selected Service Account.
snctl config set --organization $ORG
to your StreamNative Cloud organization.snctl context use
to interactivly select your target StreamNative Cloud cluster.snctl pulsar admin --as-service-account $SERVICE_ACCOUNT_NAME ...
or snctl pulsar admin --use-service-account ...
to send pulsar admin requests with selected Service Account.pulsarctl
or pulsar-admin
, Rest Api
to manage Pulsar IO Connectors with Service Accountpulsarctl
or pulsar-admin
, Rest Api
.
b. Download the selected CLI tool.
c. Select the service account you created.
d. Select OAuth2 as the authentication type and download the key file to your local machine.
e. Set up your CLI tool with that key file, and the steps vary depending on the CLI tool you use.