Edit this page
Report an issue
You are browsing documentation for an outdated plugin version.
Configuration
This plugin is partially compatible with DB-less mode.
Consumers and ACLs can be created with declarative configuration.
Admin API endpoints that POST, PUT, PATCH, or DELETE ACLs do not work in DB-less mode.
Compatible protocols
The ACL plugin is compatible with the following protocols:
grpc, grpcs, http, https
Parameters
Here's a list of all the parameters which can be used in this plugin's configuration:
-
name or plugin
string requiredThe name of the plugin, in this case
acl.- If using the Kong Admin API, Konnect API, declarative configuration, or decK files, the field is
name. - If using the KongPlugin object in Kubernetes, the field is
plugin.
- If using the Kong Admin API, Konnect API, declarative configuration, or decK files, the field is
-
service.name or service.id
stringThe name or ID of the service the plugin targets. Set one of these parameters if adding the plugin to a service through the top-level
/pluginsendpoint. Not required if using/services/{serviceName|Id}/plugins. -
route.name or route.id
stringThe name or ID of the route the plugin targets. Set one of these parameters if adding the plugin to a route through the top-level
/pluginsendpoint. Not required if using/routes/{routeName|Id}/plugins. -
enabled
boolean default:trueWhether this plugin will be applied.
-
config
record required-
allow
array of typestringArbitrary group names that are allowed to consume the Service or Route. One of
config.alloworconfig.denymust be specified.
-
deny
array of typestringArbitrary group names that are not allowed to consume the Service or Route. One of
config.alloworconfig.denymust be specified.
-
hide_groups_header
boolean required default:falseFlag that if enabled (
true), prevents theX-Consumer-Groupsheader to be sent in the request to the Upstream service.
-
-
blacklist
array of typestringDeprecation notice:
-
whitelist
array of typestringDeprecation notice: