-
Notifications
You must be signed in to change notification settings - Fork 1
/
schema.lua
53 lines (52 loc) · 1.65 KB
/
schema.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
local typedefs = require "kong.db.schema.typedefs"
return {
name = "jwt-auth-rbac",
fields = {{
-- this plugin will only be applied to services or routes
consumer = typedefs.no_consumer
}, {
-- this plugin will only run within nginx http module
protocols = typedefs.protocols_http
}, {
config = {
type = "record",
fields = {{
roles = {
type = "array",
elements = {
type = "string"
}
}
}, {
roles_claim_name = {
type = "string",
default = "roles"
}
}, {
msg_error_any = {
type = "string",
default = "To be able to use this service you must have at least one of the roles configured"
}
}, {
msg_error_all = {
type = "string",
default = "In order to use this service you must match all the roles configured with the associated ones in the JWT token"
}
}, {
msg_error_not_roles_claimed = {
type = "string",
default = "The claim roles are not informed in the JWT token"
}
}, {
policy = {
type = "string",
default = "any",
one_of = {"any", "all"}
}
}}
}
}},
entity_checks = {{
at_least_one_of = {"config.roles"}
}}
}