You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"description": "Arbitrary group names that are allowed to consume the service or route. One of `config.allow` or `config.deny` must be specified.",
7
+
"items": {
8
+
"required": [],
9
+
"type": "string"
10
+
},
11
+
"type": "array"
12
+
},
13
+
"always_use_authenticated_groups": {
14
+
"default": false,
15
+
"description": "If enabled (`true`), the authenticated groups will always be used even when an authenticated consumer already exists. If the authenticated groups don't exist, it will fallback to use the groups associated with the consumer. By default the authenticated groups will only be used when there is no consumer or the consumer is anonymous.",
16
+
"type": "boolean"
17
+
},
18
+
"deny": {
19
+
"description": "Arbitrary group names that are not allowed to consume the service or route. One of `config.allow` or `config.deny` must be specified.",
20
+
"items": {
21
+
"required": [],
22
+
"type": "string"
23
+
},
24
+
"type": "array"
25
+
},
26
+
"hide_groups_header": {
27
+
"default": false,
28
+
"description": "If enabled (`true`), prevents the `X-Consumer-Groups` header from being sent in the request to the upstream service.",
29
+
"type": "boolean"
30
+
},
31
+
"include_consumer_groups": {
32
+
"default": false,
33
+
"type": "boolean"
34
+
}
35
+
},
36
+
"required": [],
37
+
"type": "object"
38
+
},
39
+
"protocols": {
40
+
"default": [
41
+
"grpc",
42
+
"grpcs",
43
+
"http",
44
+
"https"
45
+
],
46
+
"description": "A set of strings representing HTTP protocols.",
47
+
"items": {
48
+
"enum": [
49
+
"grpc",
50
+
"grpcs",
51
+
"http",
52
+
"https"
53
+
],
54
+
"required": [],
55
+
"type": "string"
56
+
},
57
+
"type": "array"
58
+
},
59
+
"route": {
60
+
"additionalProperties": false,
61
+
"description": "If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.",
62
+
"properties": {
63
+
"id": {
64
+
"type": "string"
65
+
}
66
+
},
67
+
"required": [],
68
+
"type": "object"
69
+
},
70
+
"service": {
71
+
"additionalProperties": false,
72
+
"description": "If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.",
"description": "A string representing a URL, such as https://example.com/path/to/resource?q=search.",
35
+
"type": "string"
36
+
},
37
+
"cert_type": {
38
+
"default": "rsa",
39
+
"description": "The certificate type to create. The possible values are `'rsa'` for RSA certificate or `'ecc'` for EC certificate.",
40
+
"enum": [
41
+
"ecc",
42
+
"rsa"
43
+
],
44
+
"type": "string"
45
+
},
46
+
"domains": {
47
+
"description": "An array of strings representing hosts. A valid host is a string containing one or more labels separated by periods, with at most one wildcard label ('*')",
48
+
"items": {
49
+
"match_all": {
50
+
"pattern": "^[^*]*%*?[^*]*$"
51
+
},
52
+
"match_any": {
53
+
"patterns": [
54
+
"%.%*$",
55
+
"^%*%.",
56
+
"^[^*]*$"
57
+
]
58
+
},
59
+
"required": [],
60
+
"type": "string"
61
+
},
62
+
"type": "array"
63
+
},
64
+
"eab_hmac_key": {
65
+
"description": "External account binding (EAB) base64-encoded URL string of the HMAC key. You usually don't need to set this unless it is explicitly required by the CA.",
66
+
"type": "string"
67
+
},
68
+
"eab_kid": {
69
+
"description": "External account binding (EAB) key id. You usually don't need to set this unless it is explicitly required by the CA.",
70
+
"type": "string"
71
+
},
72
+
"enable_ipv4_common_name": {
73
+
"default": true,
74
+
"description": "A boolean value that controls whether to include the IPv4 address in the common name field of generated certificates.",
75
+
"type": "boolean"
76
+
},
77
+
"fail_backoff_minutes": {
78
+
"default": 5,
79
+
"description": "Minutes to wait for each domain that fails to create a certificate. This applies to both a\nnew certificate and a renewal certificate.",
80
+
"type": "number"
81
+
},
82
+
"preferred_chain": {
83
+
"description": "A string value that specifies the preferred certificate chain to use when generating certificates.",
84
+
"type": "string"
85
+
},
86
+
"renew_threshold_days": {
87
+
"default": 14,
88
+
"description": "Days remaining to renew the certificate before it expires.",
89
+
"type": "number"
90
+
},
91
+
"rsa_key_size": {
92
+
"default": 4096,
93
+
"description": "RSA private key size for the certificate. The possible values are 2048, 3072, or 4096.",
94
+
"enum": [
95
+
2048,
96
+
3072,
97
+
4096
98
+
],
99
+
"type": "integer"
100
+
},
101
+
"storage": {
102
+
"default": "shm",
103
+
"description": "The backend storage type to use. The possible values are `'kong'`, `'shm'`, `'redis'`, `'consul'`, or `'vault'`. In DB-less mode, `'kong'` storage is unavailable. Note that `'shm'` storage does not persist during Kong restarts and does not work for Kong running on different machines, so consider using one of `'kong'`, `'redis'`, `'consul'`, or `'vault'` in production. Please refer to the Hybrid Mode sections below as well.",
104
+
"enum": [
105
+
"consul",
106
+
"kong",
107
+
"redis",
108
+
"shm",
109
+
"vault"
110
+
],
111
+
"type": "string"
112
+
},
113
+
"storage_config": {
114
+
"properties": {
115
+
"consul": {
116
+
"properties": {
117
+
"host": {
118
+
"description": "A string representing a host name, such as example.com.",
119
+
"type": "string"
120
+
},
121
+
"https": {
122
+
"default": false,
123
+
"description": "Boolean representation of https.",
124
+
"type": "boolean"
125
+
},
126
+
"kv_path": {
127
+
"description": "KV prefix path.",
128
+
"type": "string"
129
+
},
130
+
"port": {
131
+
"description": "An integer representing a port number between 0 and 65535, inclusive.",
132
+
"maximum": 65535,
133
+
"minimum": 0,
134
+
"type": "integer"
135
+
},
136
+
"timeout": {
137
+
"description": "Timeout in milliseconds.",
138
+
"type": "number"
139
+
},
140
+
"token": {
141
+
"description": "Consul ACL token.",
142
+
"type": "string"
143
+
}
144
+
},
145
+
"required": [],
146
+
"type": "object"
147
+
},
148
+
"kong": {
149
+
"additionalProperties": true,
150
+
"properties": {},
151
+
"required": [],
152
+
"type": "object"
153
+
},
154
+
"redis": {
155
+
"properties": {
156
+
"database": {
157
+
"default": 0,
158
+
"description": "Database to use for the Redis connection when using the `redis` strategy",
159
+
"type": "integer"
160
+
},
161
+
"extra_options": {
162
+
"description": "Custom ACME Redis options",
163
+
"properties": {
164
+
"namespace": {
165
+
"default": "",
166
+
"description": "A namespace to prepend to all keys stored in Redis.",
167
+
"minLength": 0,
168
+
"type": "string"
169
+
},
170
+
"scan_count": {
171
+
"default": 10,
172
+
"description": "The number of keys to return in Redis SCAN calls.",
173
+
"type": "number"
174
+
}
175
+
},
176
+
"required": [],
177
+
"type": "object"
178
+
},
179
+
"host": {
180
+
"description": "A string representing a host name, such as example.com.",
181
+
"type": "string"
182
+
},
183
+
"password": {
184
+
"description": "Password to use for Redis connections. If undefined, no AUTH commands are sent to Redis.",
185
+
"minLength": 0,
186
+
"type": "string"
187
+
},
188
+
"port": {
189
+
"default": 6379,
190
+
"description": "An integer representing a port number between 0 and 65535, inclusive.",
191
+
"maximum": 65535,
192
+
"minimum": 0,
193
+
"type": "integer"
194
+
},
195
+
"server_name": {
196
+
"description": "A string representing an SNI (server name indication) value for TLS.",
197
+
"type": "string"
198
+
},
199
+
"ssl": {
200
+
"default": false,
201
+
"description": "If set to true, uses SSL to connect to Redis.",
202
+
"type": "boolean"
203
+
},
204
+
"ssl_verify": {
205
+
"default": false,
206
+
"description": "If set to true, verifies the validity of the server SSL certificate. If setting this parameter, also configure `lua_ssl_trusted_certificate` in `kong.conf` to specify the CA (or server) certificate used by your Redis server. You may also need to configure `lua_ssl_verify_depth` accordingly.",
207
+
"type": "boolean"
208
+
},
209
+
"timeout": {
210
+
"default": 2000,
211
+
"description": "An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.",
212
+
"maximum": 2147483646,
213
+
"minimum": 0,
214
+
"type": "integer"
215
+
},
216
+
"username": {
217
+
"description": "Username to use for Redis connections. If undefined, ACL authentication won't be performed. This requires Redis v6.0.0+. To be compatible with Redis v5.x.y, you can set it to `default`.",
218
+
"type": "string"
219
+
}
220
+
},
221
+
"required": [],
222
+
"shorthand_fields": {
223
+
"auth": {
224
+
"minLength": 0,
225
+
"translate_backwards": [
226
+
"password"
227
+
],
228
+
"type": "string"
229
+
},
230
+
"namespace": {
231
+
"minLength": 0,
232
+
"translate_backwards": [
233
+
"extra_options",
234
+
"namespace"
235
+
],
236
+
"type": "string"
237
+
},
238
+
"scan_count": {
239
+
"translate_backwards": [
240
+
"extra_options",
241
+
"scan_count"
242
+
],
243
+
"type": "integer"
244
+
},
245
+
"ssl_server_name": {
246
+
"translate_backwards": [
247
+
"server_name"
248
+
],
249
+
"type": "string"
250
+
}
251
+
},
252
+
"type": "object"
253
+
},
254
+
"shm": {
255
+
"properties": {
256
+
"shm_name": {
257
+
"default": "kong",
258
+
"description": "Name of shared memory zone used for Kong API gateway storage",
259
+
"type": "string"
260
+
}
261
+
},
262
+
"required": [],
263
+
"type": "object"
264
+
},
265
+
"vault": {
266
+
"properties": {
267
+
"auth_method": {
268
+
"default": "token",
269
+
"description": "Auth Method, default to token, can be 'token' or 'kubernetes'.",
270
+
"enum": [
271
+
"kubernetes",
272
+
"token"
273
+
],
274
+
"type": "string"
275
+
},
276
+
"auth_path": {
277
+
"description": "Vault's authentication path to use.",
278
+
"type": "string"
279
+
},
280
+
"auth_role": {
281
+
"description": "The role to try and assign.",
282
+
"type": "string"
283
+
},
284
+
"host": {
285
+
"description": "A string representing a host name, such as example.com.",
286
+
"type": "string"
287
+
},
288
+
"https": {
289
+
"default": false,
290
+
"description": "Boolean representation of https.",
291
+
"type": "boolean"
292
+
},
293
+
"jwt_path": {
294
+
"description": "The path to the JWT.",
295
+
"type": "string"
296
+
},
297
+
"kv_path": {
298
+
"description": "KV prefix path.",
299
+
"type": "string"
300
+
},
301
+
"port": {
302
+
"description": "An integer representing a port number between 0 and 65535, inclusive.",
303
+
"maximum": 65535,
304
+
"minimum": 0,
305
+
"type": "integer"
306
+
},
307
+
"timeout": {
308
+
"description": "Timeout in milliseconds.",
309
+
"type": "number"
310
+
},
311
+
"tls_server_name": {
312
+
"description": "SNI used in request, default to host if omitted.",
313
+
"type": "string"
314
+
},
315
+
"tls_verify": {
316
+
"default": true,
317
+
"description": "Turn on TLS verification.",
318
+
"type": "boolean"
319
+
},
320
+
"token": {
321
+
"description": "Consul ACL token.",
322
+
"type": "string"
323
+
}
324
+
},
325
+
"required": [],
326
+
"type": "object"
327
+
}
328
+
},
329
+
"required": [],
330
+
"type": "object"
331
+
},
332
+
"tos_accepted": {
333
+
"default": false,
334
+
"description": "If you are using Let's Encrypt, you must set this to `true` to agree the terms of service.",
335
+
"type": "boolean"
336
+
}
337
+
},
338
+
"required": [],
339
+
"type": "object"
340
+
},
341
+
"protocols": {
342
+
"default": [
343
+
"grpc",
344
+
"grpcs",
345
+
"http",
346
+
"https"
347
+
],
348
+
"description": "A set of strings representing HTTP protocols.",
0 commit comments