Kong · Schema

ACL

Apply Kafka ACLs to virtual cluster traffic.

API GatewayAI GatewayAI ConnectivityAgent GatewayEvent GatewayMCP RegistryService MeshLLMKafkaKonnectOpen Source

Properties

Name Type Description
type string The type name of the policy.
name string A unique user-defined name of the policy.
description string A human-readable description of the policy.
enabled boolean Whether the policy is enabled.
labels object
config object The configuration of the policy.
condition string A string containing the boolean expression that determines whether the policy is applied.
View JSON Schema on GitHub

JSON Schema

kong-eventgatewayaclspolicy-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "#/components/schemas/EventGatewayACLsPolicy",
  "title": "ACL",
  "description": "Apply Kafka ACLs to virtual cluster traffic.",
  "type": "object",
  "properties": {
    "type": {
      "description": "The type name of the policy.",
      "type": "string",
      "const": "acls",
      "maxLength": 255,
      "minLength": 1
    },
    "name": {
      "description": "A unique user-defined name of the policy.",
      "type": "string",
      "maxLength": 255,
      "x-unicode-pattern": "^[\\p{L}\\p{N}][\\p{L}\\p{N} _\\-\\.:/+']*[\\p{L}\\p{N}]$"
    },
    "description": {
      "description": "A human-readable description of the policy.",
      "type": "string",
      "default": "",
      "maxLength": 512
    },
    "enabled": {
      "description": "Whether the policy is enabled.",
      "type": "boolean",
      "default": true
    },
    "labels": {
      "$ref": "#/components/schemas/Labels"
    },
    "config": {
      "description": "The configuration of the policy.",
      "type": "object",
      "$ref": "#/components/schemas/EventGatewayACLPolicyConfig"
    },
    "condition": {
      "description": "A string containing the boolean expression that determines whether the policy is applied.",
      "type": "string",
      "example": "context.auth.principal.name == \"this-user\"",
      "default": "",
      "maxLength": 1000,
      "x-expression": {
        "type": "boolean",
        "fields": [
          {
            "name": "context.auth.principal.name",
            "type": "string",
            "description": "Name of authenticated principal. Username in case of PLAIN/SCRAM, `sub` claim in case of OAUTHBEARER."
          },
          {
            "name": "context.auth.type",
            "type": "string",
            "description": "The matched authentication type from a virtual cluster: anonymous, sasl_plain, sasl_scram_sha256, sasl_scram_sha512, sasl_oauth_bearer.\n"
          }
        ]
      }
    }
  },
  "required": [
    "type",
    "config"
  ]
}