You are browsing documentation for an outdated plugin version.
Configuration
This plugin is partially compatible with DB-less mode.
Consumers and ACLs can be created with declarative configuration.
Admin API endpoints that POST, PUT, PATCH, or DELETE ACLs do not work in DB-less mode.
Compatible protocols
The ACL plugin is compatible with the following protocols:
grpc
, grpcs
, http
, https
Parameters
Here's a list of all the parameters which can be used in this plugin's configuration:
-
name or plugin
string requiredThe name of the plugin, in this case
acl
.- If using the Kong Admin API, Konnect API, declarative configuration, or decK files, the field is
name
. - If using the KongPlugin object in Kubernetes, the field is
plugin
.
- If using the Kong Admin API, Konnect API, declarative configuration, or decK files, the field is
-
service.name or service.id
stringThe name or ID of the service the plugin targets. Set one of these parameters if adding the plugin to a service through the top-level
/plugins
endpoint. Not required if using/services/{serviceName|Id}/plugins
. -
route.name or route.id
stringThe name or ID of the route the plugin targets. Set one of these parameters if adding the plugin to a route through the top-level
/plugins
endpoint. Not required if using/routes/{routeName|Id}/plugins
. -
enabled
boolean default:true
Whether this plugin will be applied.
-
config
record required-
allow
array of typestring
Arbitrary group names that are allowed to consume the Service or Route. One of
config.allow
orconfig.deny
must be specified.
-
deny
array of typestring
Arbitrary group names that are not allowed to consume the Service or Route. One of
config.allow
orconfig.deny
must be specified.
-
hide_groups_header
boolean required default:false
Flag that if enabled (
true
), prevents theX-Consumer-Groups
header to be sent in the request to the Upstream service.
-