Lists all currently defined routes that match the queried resource or its sub-resources.
Multiple routes may match a resource,
but only the most specific route will be selected for events related
to the resource. This endpoint returns all matching routes regardless of
whether or not they would actually be selected, or ignored in favor of
a more specific route.
Requires the “AuditAdmin” role on the metadata service (MDS) cluster
and every Kafka cluster in the cluster registry.
Callable by Admins.
The CRN patterns in the audit log config routes can contain wildcards.
So a route with a CRN pattern like
crn://mds.example.com/kafka=*/topic=finance-*
would match events
associated with the topic at address
crn://mds.example.com/kafka=abc123/topic=finance-deposits
, or
events associated with the topic at
crn://mds.example.com/kafka=xyz789/topic=finance-chargebacks
, but
would not match events associated with the topic
crn://mds.example.com/kafka=abc123/topic=server-deployments
. So a
route’s CRN pattern can match events from more than one resource,
based on where the pattern’s wildcards are.
It is possible to write multiple routes with different CRN patterns
that match a given resource’s CRN. For example: the resource at
crn://mds.example.com/kafka=abc123/topic=finance-chargebacks
is matched by any of the following route CRN patterns:
crn://mds.example.com/kafka=*/topic=*
crn://mds.example.com/kafka=abc123/topic=*
crn://mds.example.com/kafka=*/topic=finance-*
When there are multiple matching routes for an event, we select the
matching route with the most specific CRN pattern. The most specific
CRN pattern is the one with the greatest length before its first
wildcard. So in the above example,
crn://mds.example.com/kafka=abc123/topic=*
wins.
To break a tie, ignore the prefix that the patterns have in common.
So, for example crn://mds.example.com/kafka=*/topic=finance-*
is
more specific than crn://mds.example.com/kafka=*/topic=*
.
This endpoint lists all currently defined routes that match the
queried resource or its sub-resources, regardless of whether or not
they would actually be selected, or ignored in favor of a more
specific route.
A query pattern like …
crn://mds1.example.com/kafka=abcde_FGHIJKL-01234567/connect=qa-test
… would match all of the following routes …
crn://mds1.example.com/kafka=abcde_FGHIJKL-01234567/connect=qa-test/connector=from-db4
crn://mds1.example.com/kafka=abcde_FGHIJKL-01234567/connect=qa-test/connector=*
crn://mds1.example.com/kafka=abcde_FGHIJKL-01234567/connect=*/connector=*
crn://mds1.example.com/kafka=abcde_FGHIJKL-01234567/connect=qa-*
crn://mds1.example.com/kafka=abcde_FGHIJKL-01234567/connect=*
crn://mds1.example.com/kafka=*/connect=qa-*
crn://mds1.example.com/kafka=*/connect=qa-*/connector=*
… but would not match any of these routes …
crn://mds1.example.com/kafka=*/ksql=*
crn://mds1.example.com/kafka=abcde_FGHIJKL-01234567
crn://mds1.example.com/kafka=abcde_FGHIJKL-01234567/connect=stg-*
crn://mds1.example.com/kafka=zyxwv-UTSRQPO_98765432/connect=qa-*
crn://mds1.example.com/kafka=abcde_FGHIJKL-01234567/topic=qa-*
Query Parameters: |
|
- q (string) – A Confluent resource name (CRN) .
|
Example request:
GET /security/1.0/audit/routes HTTP/1.1
Host: example.com