Hello, It would be better to ask such question on the user mailing list.
The reason is that the group is created automatically when a consumer joins it. It is not created explicitly so it can be restricted. In your case, you could setup a ACL to authorize the application to only use the group you have defined. It would prevent the application from creating new groups. (READ Acl on Group resource with a specific name). Best, David On Mon, Aug 19, 2019 at 9:01 PM Adam Bellemare <adam.bellem...@gmail.com> wrote: > Hi All > > I am looking through the Confluent docs and core Kafka docs and don't see > an ACL for group creation: > https://docs.confluent.io/current/kafka/authorization.html#acl-format > and > https://kafka.apache.org/documentation/#security_authz > > My scenario is simple: We use the consumer group as the means of > identifying a single application, including tooling for managing > application resets, offset management, lag monitoring, etc. We often have > situations where someone resets their consumer group by appending an > incremented integer ("cg" to "cg1"), but it throws the rest of the > monitoring and management tooling out of whack. > > Is there a reason why we do not have ACL-based CREATE restrictions to a > particular consumer group? I am willing to do the work to implement this > and test it out, but I wanted to validate that there isn't a reason I am > missing. > > Thanks > Adam >
