Confluent
Configuring the Veza Integration for Confluent
Overview
The Veza integration for Confluent enables the discovery of Users, Groups, Roles, Clusters, and Environments from the Confluent platform. Veza uses Confluent APIs to populate the Authorization Graph with entities and metadata.
This document explains how to enable and create a Confluent integration. See Notes and Supported Entities for more details.
Configuring Confluent
Before adding the integration to Veza, create a Confluent Cloud API key for the connection.
Refer to Cloud API Keys for up-to-date instructions for creating an API key.
Using Confluent Cloud Console:
Before creating an API key associated with a service account, use RBAC to restrict access to applications that use the key.
From the Administration menu, click Cloud API keys or go to https://confluent.cloud/settings/api-keys.
Click Add key.
Choose Granular Access as the scope.
Choose whether to create the key associated with your user account or a service account.
The API key and secret are generated and displayed.
Click Copy to copy the key and secret to a secure location.
Important:
The secret for the key is only exposed initially in the Create API key dialog and cannot be viewed or retrieved later from the web interface. Store the secret and its corresponding key in a secure location. Do not share the secret for your API key.
(Optional, but recommended) Enter a description of the API key to describe the intended use and distinguish it from other API keys.
Select the check box to confirm you have saved your key and secret.
Click Save. The key is added to the keys table.
Using Confluent CLI:
Before creating a Cloud API key associated with a service account, use RBAC to restrict access to applications that use the key.
Create the Cloud API key using the
confluent api-key createcommand, specifying the resource (--resource) ascloud. By default, this associates the key with your user account. If you want to associate the key with a service account instead, specify the service account flag (--service-account). A description (--description) is optional but recommended.Save the API key and secret output in a secure location. The secret is not retrievable later.
Record the API Key and API Secret values after creating the key.
Configuring Confluent on the Veza Platform
To enable Veza to gather data from the Confluent Cloud Platform:
In Veza, navigate to Configuration > Integrations
Click Add Integration and select Confluent as the type of integration to add.
Enter the required information and click Create Integration
| Field | Notes |
|---|---|
API Key | The API key created on the Confluent Cloud platform |
API Secret | The API secret created on the Confluent Cloud platform |
Notes and Supported Entities
The Confluent integration discovers the following entities and attributes:
Confluent Cluster
| Attribute | Notes |
|---|---|
resource_name | The Confluent Resource Name / URI of the cluster resource |
Confluent Environment
| Attribute | Notes |
|---|---|
resource_name | The Confluent Resource name / URI of the environment resource |
Confluent Group
| Attribute | Notes |
|---|---|
filter | The Common Expression Language filter expression that defines the group mapping |
resource_name | The Confluent Resource Name / URI of the group mapping |
state | A string representing the enabled/disabled state of the group mapping |
Confluent User
| Attribute | Notes |
|---|---|
auth_type | The user's authentication method (either |
description | Optional string description of the user account |
The user's email address | |
resource_name | The Confluent Resource name / URI of the environment resource |
Confluent Role
Confluent roles are discovered and assigned to security principals; no additional metadata is gathered.
Last updated