diff --git a/e2e.json b/e2e.json index 3723669..1186191 100644 --- a/e2e.json +++ b/e2e.json @@ -2,5 +2,5 @@ "$schema": "http://json-schema.org/draft-07/schema#", "$id": "https://www.krakend.io/schema/e2e.json", "title": "Schema validation for the latest version of KrakenD End to End testing. Consider sticking to the specific version you are using.", - "$ref": "v2.4/e2e.json" + "$ref": "v2.5/e2e.json" } \ No newline at end of file diff --git a/v2.5/.test.json.ignore b/v2.5/.test.json.ignore new file mode 100644 index 0000000..39aafb4 --- /dev/null +++ b/v2.5/.test.json.ignore @@ -0,0 +1,1865 @@ +{ + "$schema": "./krakend.json", + "@comment": "This configuration is not valid from a functionality point of view, it's only used to test the schema.", + "_comment": "Attribute not in schema, but ignored as it starts with _", + "$comment": "Attribute not in schema, but ignored as it starts with $", + "#comment": "Attribute not in schema, but ignored as it starts with #", + "version": 3, + "name": "KrakenD configuration at MyCompany", + "port": 8080, + "host": [ + "http://localhost:8080" + ], + "sequential_start": false, + "timeout": "2s", + "output_encoding": "fast-json", + "read_timeout": "10s", + "write_timeout": "10s", + "dialer_timeout": "10s", + "dialer_keep_alive": "15s", + "dialer_fallback_delay": "300ms", + "disable_compression": false, + "disable_keep_alives": true, + "max_idle_connections": 0, + "max_idle_connections_per_host": 2, + "idle_connection_timeout": "10s", + "response_header_timeout": "10s", + "expect_continue_timeout": "0s", + "disable_rest": true, + "cache_ttl": "300s", + "idle_timeout": "10s", + "read_header_timeout": "10s", + "client_tls": { + "allow_insecure_connections": false, + "cipher_suites": [ + 4865, + 4866, + 4867 + ], + "ca_certs": [ + "ca.pem" + ], + "curve_preferences": [ + 23, + 24, + 25 + ], + "disable_system_ca_pool": false, + "max_version": "TLS13", + "min_version": "TLS12", + "client_certs": [ + { + "certificate": "bart.crt", + "private_key": "bart.key" + } + ] + }, + "tls": { + "public_key": "./cert.pem", + "private_key": "./certs/key.pem", + "disabled": true, + "min_version": "TLS12", + "max_version": "SSL3.0", + "enable_mtls": false, + "curve_preferences": [ + 23, + 24, + 25 + ], + "cipher_suites": [ + 4865 + ], + "disable_system_ca_pool": false, + "ca_certs": [ + "ca.pem" + ] + }, + "plugin": { + "folder": "/opt/krakend/plugins/", + "pattern": ".so" + }, + "async_agent": [ + { + "name": "cool-agent", + "connection": { + "max_retries": 10, + "backoff_strategy": "exponential-jitter", + "health_interval": "10s" + }, + "consumer": { + "topic": "*", + "workers": 1, + "timeout": "150ms", + "max_rate": 0.5 + }, + "encoding": "json", + "backend": [ + { + "host": [ + "http://127.0.0.1:8080" + ], + "input_headers": [ + "Accept" + ], + "url_pattern": "/__debug/", + "extra_config": { + "auth/ntlm": { + "user": "user", + "password": "pass" + }, + "auth/gcp": { + "audience": "https://gcptest-76fewi6rca-uc.a.run.app", + "credentials_file": "/etc/krakend/gcp.json", + "custom_claims": { + "a": 1 + } + }, + "backend/http": { + "return_error_code": true, + "@extra_comment": "here" + }, + "backend/soap": { + "path": "./path/to.xml", + "content_type": "application/xml", + "debug": false + }, + "modifier/body-generator": { + "content_type": "application/json", + "debug": false, + "template": "abcdef" + }, + "modifier/response-body-generator": { + "content_type": "application/json", + "debug": false, + "template": "abcdef" + } + } + } + ], + "extra_config": { + "async/amqp": { + "name": "krakend", + "host": "amqp://guest:guest@localhost:5672/", + "exchange": "foo", + "durable": true, + "delete": false, + "exclusive": false, + "no_wait": true, + "prefetch_count": 5, + "auto_ack": false, + "no_local": true + } + } + } + ], + "endpoints": [ + { + "@comment": "Feature: GRPC", + "endpoint": "/flights", + "input_query_strings": [ + "*" + ], + "backend": [ + { + "host": [ + "localhost:4242" + ], + "disable_host_sanitize": true, + "url_pattern": "/flight_finder.Flights/FindFlight", + "extra_config": { + "backend/static-filesystem": { + "path": "./static/" + }, + "backend/grpc": { + "client_tls": { + "@comment": "Allow untrusted certificates in development stage", + "allow_insecure_connections": true + }, + "input_mapping": { + "lat": "where.latitude", + "lon": "where.longitude" + }, + "header_mapping": { + "X-Tenant": "haha" + }, + "output_duration_as_string": false, + "output_enum_as_string": false, + "output_timestamp_as_string": false, + "response_naming_convention": "snake_case" + } + } + } + ] + }, + { + "endpoint": "/fhir/unrestful${translate}", + "backend": [ + { + "url_pattern": "/user/{translate}" + } + ] + }, + { + "endpoint": "/ws/{room}", + "input_query_strings": [ + "*" + ], + "input_headers": [ + "*" + ], + "backend": [ + { + "extra_config": { + "security/policies": { + "resp": { + "policies": [], + "error": { + "body": "", + "content_type": "text/plain", + "status": 500 + } + }, + "auto_join_policies": false, + "debug": false, + "disable_macros": false, + "req": { + "error": { + "body": "" + }, + "policies": [] + } + } + }, + "url_pattern": "/ws", + "disable_host_sanitize": true, + "host": [ + "ws://localhost:8081" + ] + } + ], + "extra_config": { + "security/policies": { + "jwt": { + "policies": [ + "has(JWT.user_id)" + ] + }, + "req": { + "policies": [], + "error": { + "body": "", + "content_type": "text/plain", + "status": 500 + } + }, + "resp": { + "policies": [], + "error": { + "body": "", + "content_type": "text/plain", + "status": 500 + } + } + }, + "auth/basic": { + "@comment": "Override", + "htpasswd_path": "/path/to/.htpasswd", + "users": { + "admin": "$2y$05$HpdPmv2Z3h3skMCVaf/CEep/UUBuhZ...", + "user2": "$2y$05$HpdPmv2Z3h3skMCVaf/CEep/UUBuhZ..." + } + }, + "plugin/req-resp-modifier": { + "content-replacer": { + "key.a": { + "find": "", + "regexp": false, + "replace": "" + } + } + }, + "websocket": { + "input_headers": [ + "Cookie", + "Authorization" + ], + "connect_event": true, + "disconnect_event": true, + "read_buffer_size": 4096, + "write_buffer_size": 4096, + "message_buffer_size": 4096, + "max_message_size": 3200000, + "write_wait": "10s", + "pong_wait": "60s", + "ping_period": "54s", + "max_retries": 0, + "backoff_strategy": "exponential" + }, + "modifier/response-body-generator": { + "content_type": "application/json", + "debug": false, + "template": "abcdef" + } + } + }, + { + "@endpoint_comment": "here", + "endpoint": "/cel/req-resp/{id}", + "input_headers": [ + "X-Header" + ], + "backend": [ + { + "@backend_comment": "here", + "host": [ + "http://127.0.0.1:8080" + ], + "url_pattern": "/__debug/1/{id}", + "group": "backend1", + "extra_config": { + "validation/cel": [ + { + "@cel_comment": "here", + "check_expr": "int(req_params.Id) % 3 == 0" + } + ], + "modifier/jmespath": { + "expr": "students[?age > `18` ].name" + } + } + }, + { + "host": [ + "http://127.0.0.1:8080" + ], + "url_pattern": "/__debug/2/{id}", + "group": "backend2", + "extra_config": { + "validation/cel": [ + { + "check_expr": "int(req_params.Id) % 5 == 0" + } + ] + } + } + ], + "extra_config": { + "auth/validator": { + "@comment": "The validator can match 2 different schemas, with local path and with jwk_url", + "jwk_local_path": "./jwk.txt", + "alg": "EdDSA" + }, + "auth/api-keys": { + "@comment": "here", + "identifier": "x-some-key", + "strategy": "header", + "roles": [ + "admin" + ], + "client_max_rate": 0.3 + }, + "documentation/openapi": { + "description": "Very long description of what this endpoint does", + "summary": "Get my favourite foo", + "tags": [ + "foo", + "bar", + "baz" + ], + "audience": [ + "gold", + "silver" + ], + "example": { + "response": "ok" + }, + "response_definition": { + "404": { + "@comment": "Some comment", + "description": "Page not found", + "example_schema": "eyJhbGxPZiI6W3sicHJvcGVydGllcyI6eyJ2ZXJzaW9uIjp7InR5cGUiOiJzdHJpbmcifX0sInJlcXVpcmVkIjpbInZlcnNpb24iXSwidHlwZSI6Im9iamVjdCJ9LHsicHJvcGVydGllcyI6eyJkaXJlY3RvcnkiOnsiYWxsT2YiOlt7InByb3BlcnRpZXMiOnsibWV0YWRhdGEiOnsidHlwZSI6Im9iamVjdCIsIngtZ28tdHlwZSI6IkRpcmVjdG9yeU1ldGFkYXRhIn0sIm5hbWUiOnsidHlwZSI6InN0cmluZyIsIngtb2FwaS1jb2RlZ2VuLWV4dHJhLXRhZ3MiOnsiYmluZGluZyI6InJlcXVpcmVkIn19fSwicmVxdWlyZWQiOlsibmFtZSJdLCJ0eXBlIjoib2JqZWN0In0seyJwcm9wZXJ0aWVzIjp7ImNyZWF0ZWRBdCI6eyJmb3JtYXQiOiJkYXRlLXRpbWUiLCJ0eXBlIjoic3RyaW5nIn0sImRlbGV0ZWRBdCI6eyJmb3JtYXQiOiJkYXRlLXRpbWUiLCJ0eXBlIjoic3RyaW5nIn0sImlkIjp7InR5cGUiOiJzdHJpbmciLCJ4LWdvLXR5cGUiOiJEaXJlY3RvcnlJRCJ9LCJwYXJlbnQiOnsib3B0aW9uYWwiOnRydWUsInR5cGUiOiJzdHJpbmciLCJ4LWdvLXR5cGUiOiJEaXJlY3RvcnlJRCJ9LCJ1cGRhdGVkQXQiOnsiZm9ybWF0IjoiZGF0ZS10aW1lIiwidHlwZSI6InN0cmluZyJ9fSwicmVxdWlyZWQiOlsiaWQiLCJjcmVhdGVkQXQiLCJ1cGRhdGVkQXQiXSwidHlwZSI6Im9iamVjdCJ9XX19LCJyZXF1aXJlZCI6WyJkaXJlY3RvcnkiXSwidHlwZSI6Im9iamVjdCJ9XX0=", + "content_type": "application/json", + "example": { + "foo": "bar" + } + } + } + }, + "validation/cel": [ + { + "@cel_comment": "here", + "check_expr": "'something' in req_headers['X-Header']" + }, + { + "check_expr": "int(req_params.Id) % 2 == 0" + } + ], + "modifier/jmespath": { + "expr": "students[?age > `18` ].name" + } + } + }, + { + "endpoint": "/foo/{var}", + "method": "GET", + "output_encoding": "json-collection", + "input_query_strings": [ + "*" + ], + "input_headers": [ + "User-Agent" + ], + "concurrent_calls": 4, + "timeout": "1500ms", + "cache_ttl": "300s", + "backend": [ + { + "url_pattern": "/foo/{var}", + "encoding": "json", + "sd": "static", + "sd_scheme": "http", + "method": "GET", + "disable_host_sanitize": false, + "host": [ + "http://some_host" + ], + "target": "data", + "deny": [ + "a" + ], + "allow": [ + "b" + ], + "group": "backend1", + "mapping": { + "from": "to" + }, + "is_collection": true, + "extra_config": { + "plugin/req-resp-modifier": { + "name": [ + "krakend-debugger" + ], + "ip-filter": { + "allow": false, + "CIDR": [ + "192.168.0.0/24", + "172.17.2.56/32" + ], + "client_ip_headers": [ + "X-Forwarded-For", + "X-Real-IP", + "X-Appengine-Remote-Addr" + ], + "trusted_proxies": [ + "10.0.0.0/16" + ] + }, + "content-replacer": { + "data.credit_card": { + "@comment": "Ridiculous card masking. Take 4 digits and remove the rest. Credit card is inside a data object.", + "find": "(^\\d{4})(.*)", + "replace": "${1}-XXXX", + "regexp": true + }, + "message": { + "@comment": "Replace '6 items left' with '6' on the message field", + "find": " items left", + "replace": "" + } + }, + "response-schema-validator": { + "schema": { + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "properties": { + "user": { + "type": "object", + "properties": { + "username": { + "type": "string" + }, + "user_id": { + "type": "number" + }, + "status": { + "type": "string", + "enum": [ + "registered", + "banned" + ] + } + }, + "required": [ + "username", + "user_id" + ] + } + }, + "required": [ + "user" + ] + }, + "error": { + "body": "We couldn't process you request, try again later.", + "status": 401 + } + } + }, + "plugin/http-client": { + "name": "static-filesystem", + "path": "/var/log/application/" + }, + "backend/pubsub/publisher": { + "topic_url": "", + "@extra_comment": "here" + }, + "backend/pubsub/subscriber": { + "subscription_url": "", + "@extra_comment": "here" + }, + "backend/amqp/consumer": { + "auto_ack": false, + "delete": false, + "durable": true, + "exchange": "some-exchange", + "name": "queue1", + "no_local": false, + "no_wait": false, + "prefetch_count": 10, + "routing_key": [ + "#" + ], + "@extra_comment": "here" + }, + "backend/amqp/producer": { + "name": "queue-1", + "exchange": "some-exchange", + "durable": true, + "delete": false, + "no_wait": true, + "no_local": false, + "routing_key": "#", + "mandatory": false, + "immediate": false, + "@extra_comment": "here" + }, + "backend/lambda": { + "endpoint": "", + "function_name": "", + "function_param_name": "", + "max_retries": 1, + "region": "", + "@extra_comment": "here" + }, + "auth/client-credentials": { + "client_id": "ID1", + "client_secret": "mys3cr3t", + "endpoint_params": { + "audience": [ + "YOUR-AUDIENCE" + ] + }, + "scopes": "scope1, scope2", + "token_url": "https://your.custom.identity.service.tld/token_endpoint", + "@extra_comment": "here" + }, + "modifier/lua-backend": { + "allow_open_libs": true, + "live": true, + "md5": { + "file1.lua": "49ae50f58e35f4821ad4550e1a4d1de0" + }, + "post": "print('Backend response, pre-logic:'); local r = request.load(); print(r:body());", + "pre": "print('Backend response, pre-logic:'); local r = request.load(); print(r:body());", + "skip_next": true, + "sources": [ + "file1.lua" + ], + "@extra_comment": "here" + }, + "modifier/martian": { + "header.Modifier": { + "scope": [ + "request", + "response" + ], + "name": "X-Martian", + "value": "true" + }, + "@extra_comment": "here" + }, + "qos/http-cache": { + "shared": true, + "@extra_comment": "here" + }, + "qos/circuit-breaker": { + "interval": 60, + "log_status_change": true, + "max_errors": 10, + "name": "cb-backend-1", + "timeout": 10, + "@extra_comment": "here" + }, + "qos/ratelimit/proxy": { + "capacity": 1, + "max_rate": 1.1, + "every": "10m", + "@extra_comment": "here" + }, + "proxy": { + "flatmap_filter": [ + { + "type": "move", + "args": [ + "collection", + "coins" + ] + }, + { + "type": "del", + "args": [ + "coins.*.ath_change_percentage", + "coins.*.ath_date", + "coins.*.atl", + "coins.*.atl_change_percentage" + ] + } + ], + "shadow": true + }, + "backend/graphql": { + "operationName": "addMktPreferencesForUser", + "query_path": "./graphql/mutations/marketing.graphql", + "type": "mutation", + "variables": { + "user": "{user_id}", + "other_static_variables": { + "foo": false, + "bar": true + } + }, + "@extra_comment": "here" + }, + "backend/http": { + "return_error_details": "backend_alias", + "@extra_comment": "here" + }, + "backend/http/client": { + "@comment": "Enterprise only", + "no_redirect": false, + "client_tls": { + "allow_insecure_connections": false, + "ca_certs": [ + "custom.pem" + ], + "disable_system_ca_pool": true, + "cipher_suites": [ + 4865, + 4866, + 4867 + ] + }, + "proxy_address": "http://troloro:9099" + } + } + } + ], + "extra_config": { + "validation/json-schema": { + "type": "object", + "properties": { + "number": { + "type": "number" + }, + "street_name": { + "type": "string" + } + }, + "@extra_comment": "here" + }, + "security/cors": { + "allow_origins": [ + "*" + ], + "allow_methods": [ + "GET", + "HEAD", + "POST", + "HEAD", + "OPTIONS" + ], + "expose_headers": [ + "Content-Length", + "Content-Type" + ], + "max_age": "12h", + "allow_headers": [ + "Accept-Language" + ], + "allow_credentials": false, + "debug": false, + "@extra_comment": "here" + }, + "modifier/lua-endpoint": { + "allow_open_libs": true, + "live": true, + "md5": { + "file1.lua": "49ae50f58e35f4821ad4550e1a4d1de0" + }, + "pre": "print('Backend response, pre-logic:'); local r = request.load(); print(r:body());", + "sources": [ + "file1.lua" + ], + "@extra_comment": "here" + }, + "modifier/lua-proxy": { + "pre": "print('Backend response, pre-logic:'); local r = request.load(); print(r:body());", + "@extra_comment": "here" + }, + "qos/ratelimit/router": { + "client_max_rate": 10.2, + "key": "X-TOKEN", + "max_rate": 100.5, + "every": "10m", + "strategy": "ip", + "@extra_comment": "here" + }, + "proxy": { + "combiner": "combiner_name", + "sequential": true, + "static": { + "data": { + "foo": 1 + }, + "strategy": "always", + "@extra_comment": "here" + }, + "flatmap_filter": [ + { + "type": "move", + "args": [ + "collection", + "coins" + ] + }, + { + "type": "del", + "args": [ + "coins.*.ath_change_percentage", + "coins.*.ath_date", + "coins.*.atl", + "coins.*.atl_change_percentage" + ] + } + ], + "@extra_comment": "here" + }, + "security/http": { + "allowed_hosts": [ + "ABC" + ], + "browser_xss_filter": true, + "content_security_policy": "default-src 'self';", + "content_type_nosniff": true, + "custom_frame_options_value": "ALLOW-FROM https://example.com", + "frame_deny": true, + "host_proxy_headers": [ + "X-Forwarded-Hosts" + ], + "hpkp_public_key": "pin-sha256=\"base64==\"; max-age=expireTime [; includeSubDomains][; report-uri=\"reportURI\"]", + "is_development": true, + "referrer_policy": "same-origin", + "ssl_host": "ssl.host.domain", + "ssl_proxy_headers": { + "X-Forwarded-Proto": "https" + }, + "ssl_redirect": true, + "sts_include_subdomains": true, + "sts_seconds": 300, + "@extra_comment": "here" + }, + "security/bot-detector": { + "allow": [ + "MyAndroidClient/1.0" + ], + "@extra_comment": "here" + }, + "auth/validator": { + "alg": "EdDSA", + "jwk_url": "http://KEYCLOAK:8080/auth/realms/master/protocol/openid-connect/certs", + "secret_url": "awskms://keyID", + "cypher_key": "", + "cache": true, + "cache_duration": 900, + "audience": [ + "audience1" + ], + "roles_key": "resource_access.myclient.roles", + "roles_key_is_nested": true, + "roles": [ + "r1" + ], + "scopes": [ + "s1" + ], + "scopes_key": "sk", + "scopes_matcher": "all", + "issuer": "issuer", + "cookie_key": "cookie_jwt", + "disable_jwk_security": true, + "jwk_fingerprints": [], + "cipher_suites": [ + 49199 + ], + "jwk_local_ca": "./ca", + "propagate_claims": [ + [ + "sub", + "x-user" + ] + ], + "key_identify_strategy": "kid", + "operation_debug": true, + "@extra_comment": "here" + }, + "auth/signer": { + "alg": "EdDSA", + "cipher_suites": [ + 49199, + 49195, + 49200, + 49196, + 52392, + 52393 + ], + "disable_jwk_security": true, + "full": false, + "jwk_fingerprints": [], + "jwk_local_ca": "", + "keys_to_sign": [ + "access_token" + ], + "kid": "sim2", + "cypher_key": "", + "jwk_local_path": "./jwk.txt", + "secret_url": "awskms://keyID", + "@extra_comment": "here" + }, + "plugin/req-resp-modifier": { + "name": [ + "krakend-debugger" + ] + } + } + }, + { + "endpoint": "/test/body.Modifier", + "backend": [ + { + "url_pattern": "/__debug/body.Modifier", + "extra_config": { + "modifier/martian": { + "body.Modifier": { + "scope": [ + "request", + "response" + ], + "@comment": "Send a {'msg':'you rock!'}", + "body": "eyJtc2ciOiJ5b3Ugcm9jayEifQ==" + } + } + } + } + ] + }, + { + "endpoint": "/test/cookie.Modifier", + "input_headers": [ + "X-Some" + ], + "output_encoding": "no-op", + "backend": [ + { + "url_pattern": "/__echo/cookie.Modifier", + "encoding": "no-op", + "extra_config": { + "modifier/martian": { + "cookie.Modifier": { + "scope": [ + "request", + "response" + ], + "name": "AcceptCookies", + "value": "yes", + "path": "/some/path", + "domain": "example.com", + "expires": "2025-04-12T23:20:50.52Z", + "secure": true, + "httpOnly": false, + "maxAge": 86400 + } + } + } + } + ] + }, + { + "endpoint": "/test/url.Modifier", + "input_query_strings": [ + "currency", + "amount" + ], + "backend": [ + { + "host": [ + "https://does-not-exist" + ], + "url_pattern": "/neither", + "extra_config": { + "modifier/martian": { + "url.Modifier": { + "scope": [ + "request" + ], + "scheme": "http", + "host": "localhost:8080", + "path": "/__echo/hello", + "query": "flag=true" + } + } + } + } + ] + }, + { + "endpoint": "/test/querystring.Modifier", + "input_query_strings": [ + "currency", + "amount" + ], + "backend": [ + { + "host": [ + "http://localhost:8080" + ], + "url_pattern": "/__echo/querystring.Modifier", + "extra_config": { + "modifier/martian": { + "querystring.Modifier": { + "scope": [ + "request" + ], + "name": "amount", + "value": "75" + } + } + } + } + ] + }, + { + "endpoint": "/test/header.Copy", + "input_headers": [ + "X-Some" + ], + "output_encoding": "no-op", + "backend": [ + { + "host": [ + "http://localhost:8080" + ], + "url_pattern": "/__echo/header.Copy", + "extra_config": { + "modifier/martian": { + "header.Copy": { + "scope": [ + "request", + "response" + ], + "from": "User-Agent", + "to": "X-Browser" + } + } + } + } + ] + }, + { + "endpoint": "/test/header.Modifier", + "output_encoding": "no-op", + "backend": [ + { + "host": [ + "http://localhost:8080" + ], + "url_pattern": "/__echo/header.Modifier", + "extra_config": { + "modifier/martian": { + "header.Modifier": { + "scope": [ + "request", + "response" + ], + "name": "User-Agent", + "value": "Late-Night-Commander v2.3" + } + } + } + } + ] + }, + { + "endpoint": "/test/header.Id", + "backend": [ + { + "url_pattern": "/__echo/header.Id", + "extra_config": { + "modifier/martian": { + "header.Id": { + "scope": [ + "request" + ] + } + } + } + } + ] + }, + { + "endpoint": "/test/stash.Modifier", + "output_encoding": "no-op", + "input_query_strings": [ + "amount", + "currency" + ], + "backend": [ + { + "host": [ + "http://localhost:8080" + ], + "url_pattern": "/__echo/stash.Modifier", + "extra_config": { + "modifier/martian": { + "stash.Modifier": { + "scope": [ + "request", + "response" + ], + "headerName": "X-Stash" + } + } + } + } + ] + }, + { + "endpoint": "/test/header.Blacklist", + "output_encoding": "no-op", + "input_headers": [ + "X-Some" + ], + "backend": [ + { + "host": [ + "http://localhost:8080" + ], + "url_pattern": "/__echo/header.Blacklist", + "extra_config": { + "modifier/martian": { + "header.Blacklist": { + "scope": [ + "request", + "response" + ], + "names": [ + "X-Some", + "User-Agent", + "X-Forwarded-Host", + "X-Forwarded-For" + ] + } + } + } + } + ] + }, + { + "endpoint": "/test/port.Modifier", + "output_encoding": "no-op", + "input_headers": [ + "X-Some" + ], + "backend": [ + { + "host": [ + "http://localhost:1234" + ], + "url_pattern": "/__echo/port.Modifier", + "extra_config": { + "modifier/martian": { + "port.Modifier": { + "scope": [ + "request" + ], + "port": 8080 + } + } + } + } + ] + }, + { + "endpoint": "/test/port.Filter", + "backend": [ + { + "host": [ + "http://localhost:1234" + ], + "url_pattern": "/__echo/port.Filter", + "extra_config": { + "modifier/martian": { + "port.Filter": { + "scope": [ + "request" + ], + "port": 1234, + "modifier": { + "port.Modifier": { + "scope": [ + "request" + ], + "port": 8080 + } + } + } + } + } + } + ] + }, + { + "endpoint": "/test/header.Append", + "input_headers": [ + "X-Some" + ], + "output_encoding": "no-op", + "backend": [ + { + "url_pattern": "/__echo/header.Append", + "encoding": "no-op", + "extra_config": { + "modifier/martian": { + "header.Append": { + "scope": [ + "request", + "response" + ], + "name": "X-Some", + "value": "I am" + } + } + } + } + ] + }, + { + "endpoint": "/test/cookie.Filter", + "input_headers": [ + "Cookie" + ], + "backend": [ + { + "url_pattern": "/__echo/cookie.Filter", + "allow": [ + "req_headers.Accepts-Marketing-Cookies" + ], + "extra_config": { + "modifier/martian": { + "cookie.Filter": { + "scope": [ + "request" + ], + "name": "marketingCookies", + "value": "yes", + "modifier": { + "header.Modifier": { + "scope": [ + "request" + ], + "name": "Accepts-Marketing-Cookies", + "value": "true" + } + }, + "else": { + "header.Modifier": { + "scope": [ + "request" + ], + "name": "Accepts-Marketing-Cookies", + "value": "false" + } + } + } + } + } + } + ] + }, + { + "endpoint": "/test/url.Filter", + "input_query_strings": [ + "legacy" + ], + "backend": [ + { + "url_pattern": "/__echo/url.Filter", + "allow": [ + "req_headers" + ], + "extra_config": { + "modifier/martian": { + "url.Filter": { + "scope": [ + "request", + "response" + ], + "query": "legacy=1", + "host": "localhost:8080", + "modifier": { + "header.Modifier": { + "scope": [ + "request" + ], + "name": "X-Legacy", + "value": "true" + } + }, + "else": { + "header.Modifier": { + "scope": [ + "request" + ], + "name": "X-Legacy", + "value": "false" + } + } + } + } + } + } + ] + }, + { + "endpoint": "/test/querystring.Filter", + "input_query_strings": [ + "param" + ], + "backend": [ + { + "url_pattern": "/__echo/querystring.Filter", + "allow": [ + "req_headers" + ], + "extra_config": { + "modifier/martian": { + "querystring.Filter": { + "scope": [ + "request" + ], + "name": "param", + "value": "true", + "modifier": { + "header.Modifier": { + "scope": [ + "request" + ], + "name": "X-Passed-Param", + "value": "true" + } + } + } + } + } + } + ] + }, + { + "endpoint": "/test/header.Filter", + "input_headers": [ + "X-Tenant" + ], + "backend": [ + { + "url_pattern": "/__echo/header.Filter", + "allow": [ + "req_uri" + ], + "extra_config": { + "modifier/martian": { + "header.Filter": { + "scope": [ + "request" + ], + "name": "X-Tenant", + "value": "v1", + "modifier": { + "querystring.Modifier": { + "scope": [ + "request" + ], + "name": "legacy", + "value": "1" + } + } + } + } + } + } + ] + }, + { + "endpoint": "/test/header.RegexFilter", + "input_headers": [ + "X-App-Version" + ], + "backend": [ + { + "url_pattern": "/__echo/header.RegexFilter", + "allow": [ + "req_uri" + ], + "extra_config": { + "modifier/martian": { + "header.RegexFilter": { + "scope": [ + "request" + ], + "header": "X-App-Version", + "regex": ".*-(alpha|beta|preview)$", + "modifier": { + "querystring.Modifier": { + "scope": [ + "request" + ], + "name": "testing", + "value": "1" + } + } + } + } + } + } + ] + }, + { + "endpoint": "/test/url.RegexFilter", + "output_encoding": "no-op", + "backend": [ + { + "url_pattern": "/__echo/url.RegexFilter", + "encoding": "no-op", + "extra_config": { + "modifier/martian": { + "url.RegexFilter": { + "scope": [ + "request" + ], + "regex": ".*localhost.*", + "modifier": { + "header.Modifier": { + "scope": [ + "request" + ], + "name": "Is-Localhost", + "value": "true" + } + }, + "else": { + "header.Modifier": { + "scope": [ + "request" + ], + "name": "Is-Localhost", + "value": "false" + } + } + } + } + } + } + ] + }, + { + "endpoint": "/test/fifo.Group", + "output_encoding": "no-op", + "backend": [ + { + "url_pattern": "/__echo/fifo.Group", + "extra_config": { + "modifier/martian": { + "fifo.Group": { + "scope": [ + "request", + "response" + ], + "aggregateErrors": true, + "modifiers": [ + { + "body.Modifier": { + "scope": [ + "request" + ], + "body": "eyJtc2ciOiJ5b3Ugcm9jayEifQ==" + } + }, + { + "header.Modifier": { + "scope": [ + "request", + "response" + ], + "name": "X-Martian", + "value": "true" + } + } + ] + } + } + } + } + ] + }, + { + "endpoint": "/test/priority.Group", + "output_encoding": "no-op", + "backend": [ + { + "url_pattern": "/__echo/priority.Group", + "extra_config": { + "modifier/martian": { + "priority.Group": { + "scope": [ + "request", + "response" + ], + "modifiers": [ + { + "priority": 0, + "modifier": { + "querystring.Modifier": { + "scope": [ + "request" + ], + "name": "first", + "value": "0" + } + } + }, + { + "priority": 100, + "modifier": { + "querystring.Modifier": { + "scope": [ + "request" + ], + "name": "last", + "value": "100" + } + } + } + ] + } + } + } + } + ] + } + ], + "extra_config": { + "server/virtualhost": { + "hosts": [ + "host-a.tld", + "host-b.tld" + ] + }, + "server/static-filesystem": { + "prefix": "/media/assets", + "path": "./../../", + "@comment": "static om", + "skip": [ + "/media/ignore/this/directory", + "/media/file.json" + ] + }, + "grpc": { + "catalog": [ + "./grpc/definitions" + ] + }, + "auth/validator": { + "shared_cache_duration": 5, + "@comment": 1 + }, + "auth/basic": { + "htpasswd_path": "/path/to/.htpasswd", + "users": { + "admin": "$2y$05$HpdPmv2Z3h3skMCVaf/CEep/UUBuhZ...", + "user2": "$2y$05$HpdPmv2Z3h3skMCVaf/CEep/UUBuhZ..." + } + }, + "telemetry/newrelic": { + "license": "XXXX", + "debug": true, + "headers_to_pass": [ + "*" + ] + }, + "router": { + "disable_path_decoding": false, + "hide_version_header": false, + "error_body": { + "404": { + "msg": "Unknown endpoint", + "status": 404 + }, + "405": { + "oh-my-god": "What on earth are you requesting?" + } + }, + "app_engine": false, + "auto_options": false, + "disable_handle_method_not_allowed": false, + "disable_access_log": true, + "disable_health": false, + "disable_redirect_fixed_path": false, + "disable_redirect_trailing_slash": false, + "forwarded_by_client_ip": false, + "health_path": "/__health", + "logger_skip_paths": [ + "/__health" + ], + "max_multipart_memory": 1000, + "remote_ip_headers": [], + "remove_extra_slash": false, + "return_error_msg": false, + "trusted_proxies": [], + "@extra_comment": "here" + }, + "qos/ratelimit/service": { + "client_max_rate": 10, + "key": "X-TOKEN", + "max_rate": 100, + "every": "10m", + "strategy": "header", + "@extra_comment": "here" + }, + "security/bot-detector": { + "allow": [ + "MyAndroidClient/1.0" + ], + "cache_size": 100, + "deny": [ + "facebookexternalhit/1.1" + ], + "patterns": [ + "(facebookexternalhit)/.*" + ], + "@extra_comment": "here" + }, + "security/cors": { + "allow_origins": [ + "*" + ], + "allow_methods": [ + "POST", + "GET" + ], + "allow_headers": [ + "Accept-Language" + ], + "expose_headers": [ + "Header-1" + ], + "max_age": "15h", + "allow_credentials": true, + "debug": true, + "@extra_comment": "here" + }, + "security/http": { + "allowed_hosts": [ + "host.known.com:443" + ], + "ssl_proxy_headers": { + "X-Forwarded-Proto": "https" + }, + "host_proxy_headers": [ + "X-Forwarded-Hosts" + ], + "ssl_redirect": true, + "ssl_host": "ssl.host.domain", + "sts_seconds": 300, + "sts_include_subdomains": true, + "frame_deny": true, + "referrer_policy": "same-origin", + "custom_frame_options_value": "ALLOW-FROM https://example.com", + "hpkp_public_key": "pin-sha256=\"base64==\"; max-age=expireTime [; includeSubDomains][; report-uri=\"reportURI\"]", + "content_type_nosniff": true, + "browser_xss_filter": true, + "content_security_policy": "default-src 'self';", + "is_development": true, + "@extra_comment": "here" + }, + "telemetry/logging": { + "level": "CRITICAL", + "prefix": "[KRAKEND]", + "stdout": true, + "syslog": false, + "format": "custom", + "syslog_facility": "local3", + "custom_format": "%{message}", + "@extra_comment": "here" + }, + "telemetry/logstash": { + "enabled": false, + "@extra_comment": "here" + }, + "telemetry/gelf": { + "address": "myGraylogInstance:12201", + "enable_tcp": false, + "@extra_comment": "here" + }, + "telemetry/influx": { + "address": "http://192.168.99.9:8086", + "ttl": "25s", + "buffer_size": 0, + "db": "krakend", + "username": "your-influxdb-user", + "password": "your-influxdb-password", + "@extra_comment": "here" + }, + "github_com/letgoapp/krakend-influx": { + "address": "http://192.168.99.9:8086", + "ttl": "25s", + "buffer_size": 0, + "db": "krakend", + "username": "your-influxdb-user", + "password": "your-influxdb-password", + "@extra_comment": "here" + }, + "telemetry/metrics": { + "backend_disabled": false, + "collection_time": "60s", + "endpoint_disabled": false, + "listen_address": ":8090", + "proxy_disabled": false, + "router_disabled": false, + "@extra_comment": "here" + }, + "telemetry/opencensus": { + "sample_rate": 100, + "reporting_period": 2, + "@extra_comment": "here", + "enabled_layers": { + "backend": false, + "pipe": true, + "router": false, + "@extra_comment": "here" + }, + "exporters": { + "logger": { + "spans": false, + "stats": false, + "@extra_comment": "here" + }, + "zipkin": { + "collector_url": "http://192.168.99.100:9411/api/v2/spans", + "service_name": "krakend", + "@extra_comment": "here" + }, + "jaeger": { + "endpoint": "http://192.168.99.100:14268/api/traces", + "service_name": "krakend", + "@extra_comment": "here", + "buffer_max_count": 1000 + }, + "influxdb": { + "address": "http://192.168.99.100:8086", + "db": "krakend", + "timeout": "1s", + "password": "kr4k3nd", + "username": "krakend", + "@extra_comment": "here" + }, + "prometheus": { + "namespace": "krakend", + "port": 9091, + "tag_host": false, + "tag_method": false, + "tag_path": false, + "tag_statuscode": false, + "@extra_comment": "here" + }, + "xray": { + "access_key_id": "dasdasdas", + "secret_access_key": "dadasdasd", + "region": "eu-west-1", + "version": "latest", + "@extra_comment": "here" + }, + "stackdriver": { + "default_labels": { + "env": "production" + }, + "metric_prefix": "krakend", + "project_id": "1234", + "@extra_comment": "here" + }, + "datadog": { + "disable_count_per_buckets": false, + "global_tags": { + "env": "prod" + }, + "namespace": "krakend", + "service": "gateway", + "stats_address": "localhost:8125", + "tags": [ + "A" + ], + "trace_address": "localhost:8126", + "@extra_comment": "here" + }, + "ocagent": { + "address": "localhost:55678", + "enable_compression": false, + "headers": { + "header1": "value1" + }, + "insecure": true, + "reconnection": "2s", + "service_name": "krakend", + "@extra_comment": "here" + } + } + }, + "auth/revoker": { + "hash_name": "default", + "N": 10000000, + "P": 1e-7, + "port": 1234, + "token_keys": [ + "jti" + ], + "TTL": 1500, + "@extra_comment": "here", + "revoke_server_ping_url": "http://localhost:8081/instances", + "revoke_server_ping_interval": "30s", + "revoke_server_api_key": "639ee23f-f4c5-40c4-855c-912bf01fae87", + "revoke_server_max_workers": 5 + }, + "documentation/openapi": { + "description": "This is a sample server. You can find out more about at [http://blah](http://blah.blah.com)", + "version": "1.0.0", + "host": "my.api.com", + "base_path": "/v1", + "terms_of_service": "http://url.to/tos", + "contact_name": "The wonderful API department", + "contact_email": "contact@example.com", + "contact_url": "https://your.company/developers", + "license_name": "MIT", + "license_url": "https://opensource.org/licenses/MIT", + "tags": [ + "B2B", + "Restricted" + ], + "schemes": [ + "http", + "https" + ] + }, + "auth/api-keys": { + "strategy": "header", + "identifier": "Authorization", + "keys": [ + { + "key": "4d2c61e1-34c4-e96c-9456-15bd983c5019", + "roles": [ + "role1", + "role2" + ], + "@description": "ACME Inc." + }, + { + "key": "58427514-be32-0b52-b7c6-d01fada30497", + "roles": [ + "role1", + "role3" + ], + "@description": "Administrators Inc." + } + ] + }, + "plugin/http-server": { + "name": [ + "a-plugin" + ], + "a_plugin_conf": {}, + "ip-filter": { + "allow": false, + "CIDR": [ + "192.168.0.0/24", + "172.17.2.56/32" + ], + "client_ip_headers": [ + "X-Forwarded-For", + "X-Real-IP", + "X-Appengine-Remote-Addr" + ], + "trusted_proxies": [ + "10.0.0.0/16" + ] + }, + "jwk-aggregator": { + "origins": [ + "https://jwk1.tld/jwk.json", + "http://foo.bar/public_keys" + ], + "port": 9876 + }, + "url-rewrite": { + "literal": { + "/hi-there": "/hello", + "/whatsup": "/hello" + }, + "regexp": [ + [ + "/hi-there/([.+)/bar", + "/hello/${1}" + ] + ] + }, + "geoip": { + "citydb_path": "path/to/GeoIP2-City.mmdb" + }, + "redis-ratelimit": { + "burst": 0, + "host": "redis", + "period": "3s", + "rate": 0, + "tokenizer": "cookie", + "tokenizer_field": "aaa" + }, + "wildcard": { + "endpoints": { + "/__wildcard/foo": [ + "/foo", + "/aliasfoo" + ] + } + } + }, + "modifier/lua-endpoint": { + "pre": "print('Lua service!'); local c = ctx.load(); c:headers('X-from-lua', '1234');" + } + } +} \ No newline at end of file diff --git a/v2.5/.test_e2e.json.ignore b/v2.5/.test_e2e.json.ignore new file mode 100644 index 0000000..d27534a --- /dev/null +++ b/v2.5/.test_e2e.json.ignore @@ -0,0 +1,36 @@ +{ + "$schema": "./e2e.json", + "@comment": "Makes sure that the debug endpoint returns a status ok", + "in": { + "method": "GET", + "url": "http://localhost:8080/__debug/something", + "header": { + "User-Agent": "krakend e2e tool" + } + }, + "out": { + "status_code": 200, + "body": "http://localhost:8080/__debug/something", + "header": { + "content-type": [ + "application/json; charset=utf-8" + ], + "Cache-Control": [ + "" + ], + "X-Krakend-Completed": [ + "true" + ] + }, + "schema": { + "title": "A JSON schema", + "description": "some description", + "type": "object", + "properties": { + "abc": { + "type": "array" + } + } + } + } +} \ No newline at end of file diff --git a/v2.5/async/amqp.json b/v2.5/async/amqp.json new file mode 100644 index 0000000..b958ef4 --- /dev/null +++ b/v2.5/async/amqp.json @@ -0,0 +1,93 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/async/amqp.json", + "title": "Async AMQP Driver", + "description": "The Async AMQP component enables the AMQP driver for the Async functionality.\n\nSee: https://www.krakend.io/docs/async/amqp/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": [ + "name", + "host", + "exchange" + ], + "properties": { + "host": { + "$id": "#async/amqp/host", + "title": "Host", + "description": "The connection string, ends in slash. E.g: `amqp://user:password@host:5672/`.\n\nSee: https://www.krakend.io/docs/async/amqp/", + "type": "string" + }, + "name": { + "$id": "#async/amqp/name", + "title": "Name", + "description": "The queue name.\n\nSee: https://www.krakend.io/docs/async/amqp/", + "type": "string" + }, + "exchange": { + "$id": "#async/amqp/exchange", + "title": "Exchange", + "description": "The entity name where messages are retrieved (it will be created, or it must have a **topic** type if already exists).\n\nSee: https://www.krakend.io/docs/async/amqp/", + "type": "string", + "examples": [ + "some-exchange" + ] + }, + "durable": { + "$id": "#async/amqp/durable", + "title": "Durable", + "description": "Durable queues will survive server restarts and remain when there are no remaining consumers or bindings. Most of the times `true` is recommended, but depends on the use case.\n\nSee: https://www.krakend.io/docs/async/amqp/", + "type": "boolean", + "default": false + }, + "delete": { + "$id": "#async/amqp/delete", + "title": "Delete", + "description": "When `true`, AMQP deletes the queue when there are no remaining connections. This option is **not recommended** in most of the scenarios. If for instance, the connectivity between KrakenD and AMQP is lost for whatever reason and it's the only client, AMQP will delete the queue no matter the number of messages there are inside, and when KrakenD gets the connection again the queue won't exist and future connections will recreate it again.\n\nSee: https://www.krakend.io/docs/async/amqp/", + "type": "boolean", + "default": false + }, + "exclusive": { + "$id": "#async/amqp/exclusive", + "title": "Exclusive", + "description": "When `true`, AMQP will allow **a single KrakenD client** to access the queue. This option is **not recommended** in environments where the gateway needs high availability and you have several instances running.\n\nSee: https://www.krakend.io/docs/async/amqp/", + "type": "boolean", + "default": false + }, + "no_wait": { + "$id": "#async/amqp/no_wait", + "title": "No wait", + "description": "When true, do not wait for the server to confirm the request and immediately begin deliveries. If it is not possible to consume, a channel exception will be raised and the channel will be closed.\n\nSee: https://www.krakend.io/docs/async/amqp/", + "type": "boolean" + }, + "no_local": { + "$id": "#async/amqp/no_local", + "title": "No local", + "description": "The no_local flag is not supported by RabbitMQ.\n\nSee: https://www.krakend.io/docs/async/amqp/", + "type": "boolean" + }, + "prefetch_count": { + "$id": "#async/amqp/prefetch_count", + "title": "Prefetch count", + "description": "The number of messages you want to prefetch prior to consume them.\n\nSee: https://www.krakend.io/docs/async/amqp/", + "type": "integer", + "default": 10 + }, + "prefetch_size": { + "$id": "#async/amqp/prefetch_size", + "title": "Prefetch size", + "description": "The number of bytes you want to use to prefetch messages.\n\nSee: https://www.krakend.io/docs/async/amqp/", + "type": "integer", + "default": 0 + }, + "auto_ack": { + "$id": "#async/amqp/auto_ack", + "title": "Auto ACK", + "description": "When KrakenD retrieves the messages, regardless of the success or failure of the operation, it marks them as ACK. When auto ACK is not used, only successful backend responses do the ACK, and failing messages are requeued. Defaults to `false`.\n\nSee: https://www.krakend.io/docs/async/amqp/", + "type": "boolean", + "default": false + } + } +} \ No newline at end of file diff --git a/v2.5/async_agent.json b/v2.5/async_agent.json new file mode 100644 index 0000000..00f6b02 --- /dev/null +++ b/v2.5/async_agent.json @@ -0,0 +1,136 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/async_agent.json", + "title": "Async Agents", + "description": "Async agents are routines listening to queues or PubSub systems that react to new events and push data to your backends. Through async agents, you can start a lot of consumers to process your events autonomously.\n\nSee: https://www.krakend.io/docs/async/", + "type": "array", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "items": { + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": [ + "name", + "consumer", + "backend", + "extra_config" + ], + "properties": { + "name": { + "$id": "#async_agent/name", + "title": "Name", + "description": "A unique name for this agent. KrakenD shows it in the health endpoint and logs and metrics. KrakenD does not check collision names, so make sure each agent has a different name.\n\nSee: https://www.krakend.io/docs/async/", + "type": "string" + }, + "encoding": { + "$id": "#backend/encoding", + "title": "Backend Encoding", + "description": "Informs KrakenD how to parse the responses of your services.\n\nSee: https://www.krakend.io/docs/backends/supported-encodings/", + "type": "string", + "default": "json", + "enum": [ + "json", + "safejson", + "xml", + "rss", + "string", + "no-op" + ] + }, + "connection": { + "$id": "#async_agent/connection", + "title": "Connection", + "description": "A key defining all the connection settings between the agent and your messaging system.\n\nSee: https://www.krakend.io/docs/async/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "max_retries": { + "title": "Max retries", + "description": "The maximum number of times you will allow KrakenD to retry reconnecting to a broken messaging system. Use 0 for unlimited retries.\n\nSee: https://www.krakend.io/docs/async/", + "type": "integer", + "default": 0 + }, + "health_interval": { + "title": "Health interval", + "description": "The time between pings checking that the agent is connected to the queue and alive. Regardless of the health interval, if an agent fails, KrakenD will restart it again immediately as defined by `max_retries`and `backoff_strategy`.\n\nSee: https://www.krakend.io/docs/async/", + "default": "1s", + "$ref": "timeunits.json#/$defs/timeunit" + }, + "backoff_strategy": { + "title": "Backoff strategy", + "description": "When the connection to your event source gets interrupted for whatever reason, KrakenD keeps trying to reconnect until it succeeds or until it reaches the `max_retries`. The backoff strategy defines the delay in seconds in between consecutive failed retries.\n\nSee: https://www.krakend.io/docs/async/", + "type": "string", + "enum": [ + "linear", + "linear-jitter", + "exponential", + "exponential-jitter", + "fallback" + ], + "default": "fallback" + } + } + }, + "consumer": { + "$id": "#async_agent/consumer", + "title": "Consumer", + "description": "Defines all the settings for each agent consuming messages.\n\nSee: https://www.krakend.io/docs/async/", + "required": [ + "topic" + ], + "properties": { + "timeout": { + "title": "Timeout", + "description": "The maximum time the agent will wait to process an event sent to the backend. If the backend fails to process it, the message is reinserted for later consumption. Defaults to the timeout in the root level, or to `2s` if no value is declared.\n\nSee: https://www.krakend.io/docs/async/", + "$ref": "timeunits.json#/$defs/timeunit" + }, + "topic": { + "title": "Topic", + "description": "The topic name you want to consume. The syntax depends on the driver. Examples for AMQP: `*`, `mytopic`, `lazy.#`, `*`, `foo.*`.\n\nSee: https://www.krakend.io/docs/async/", + "type": "string" + }, + "workers": { + "title": "Workers", + "description": "The number of workers (consuming processes) you want to start simultaneously for this agent.\n\nSee: https://www.krakend.io/docs/async/", + "type": "integer", + "default": 1 + }, + "max_rate": { + "title": "Max Rate", + "description": "The maximum number of messages you allow each worker to consume per second. Use any of `0` or `-1` for unlimited speed.\n\nSee: https://www.krakend.io/docs/async/", + "type": "number", + "default": 0 + } + } + }, + "backend": { + "type": "array", + "title": "Backend definition", + "description": "The [backend definition](/docs/backends/) (as you might have in any endpoint) indicating where the event data is sent. It is a full backend object definition, with all its possible options, transformations, filters, validations, etc.", + "items": { + "$ref": "backend.json" + } + }, + "extra_config": { + "description": "Defines the driver that connects to your queue or PubSub system. In addition, you can place other middlewares to modify the request (message) or the response, apply logic or any other endpoint middleware, but adding the driver is mandatory.\n\nSee: https://www.krakend.io/docs/async/", + "required": [ + "async/amqp" + ], + "properties": { + "async/amqp": { + "$ref": "async/amqp.json", + "title": "Async Agent extra configuration", + "description": "See the configuration for async/amqp" + } + } + } + } + } +} \ No newline at end of file diff --git a/v2.5/auth/api-keys.json b/v2.5/auth/api-keys.json new file mode 100644 index 0000000..220e247 --- /dev/null +++ b/v2.5/auth/api-keys.json @@ -0,0 +1,60 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/auth/api-keys.json", + "title": "API-key Authentication", + "description": "Enterprise only. Enables a Role-Based Access Control (RBAC) mechanism by reading the `Authorization` header of incoming requests.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/api-keys/", + "type": "object", + "required": [ + "keys" + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "strategy": { + "$id": "#auth/api-keys/strategy", + "title": "Strategy", + "description": "Specifies where to expect the user API key, whether inside a header or as part of the query string. The strategy set here is used across all endpoints with API key authentication enabled, but they can override this entry individually.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/api-keys/", + "type": "string", + "enum": ["header","query_string"], + "default": "header" + }, + "identifier": { + "$id": "#auth/api-keys/identifier", + "title": "Identifier", + "description": "The header name or the query string name that contains the API key. Defaults to `key` when using the `query_string` strategy and to `Authorization` when using the `header` strategy. The identifier set here is used across all endpoints with API key authentication enabled, but they can override this entry individually.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/api-keys/", + "type": "string", + "examples": ["Authorization"] + }, + "keys": { + "$id": "#auth/api-keys/keys", + "title": "API Keys", + "description": "A list of objects defining each API Key.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/api-keys/", + "type": "array", + "items": { + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "key": { + "title": "API Key", + "description": "The secret key used by the client to access the resources. Don't have a key? Execute in a terminal `uuidgen` to generate a random one.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/api-keys/", + "type": "string" + }, + "roles": { + "type": "array", + "title": "Roles", + "description": "All the roles this user has. See roles as all the identifying labels that belong to this client.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/api-keys/", + "items": { + "type": "string" + } + } + } + } + + } + } +} \ No newline at end of file diff --git a/v2.5/auth/basic.json b/v2.5/auth/basic.json new file mode 100644 index 0000000..888d6c9 --- /dev/null +++ b/v2.5/auth/basic.json @@ -0,0 +1,35 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/auth/basic.json", + "title": "Enterprise only. The Basic Authentication component protects the access to selected endpoints using basic username and password credentials.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/basic-authentication/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "htpasswd_path": { + "title": "Path to htpasswd file", + "description": "Absolute Path to the `htpasswd` filename (recommended) or relative `./` to the workdir (less secure).\n\nSee: https://www.krakend.io/docs/enterprise/authentication/basic-authentication/", + "type": "string", + "examples": [ + "/path/to/.htpasswd" + ] + }, + "users": { + "title": "Additional users", + "description": "**Additional** users to the `htpasswd` file can be declared directly inside the configuration. The content of both places will be merged (and this list will overwrite users already defined in the htpasswd file). The key of each entry is the username, and the value the bcrypt.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/basic-authentication/", + "type": "object", + "patternProperties":{ + "(.*)": { + "type": "string", + "additionalProperties": false + } + }, + "examples": [{ + "admin": "$2y$05$HpdPmv2Z3h3skMCVaf/CEep/UUBuhZ...", + "user2": "$2y$05$HpdPmv2Z3h3skMCVaf/CEep/UUBuhZ..." + }] + } + } +} \ No newline at end of file diff --git a/v2.5/auth/client-credentials.json b/v2.5/auth/client-credentials.json new file mode 100644 index 0000000..d6e72aa --- /dev/null +++ b/v2.5/auth/client-credentials.json @@ -0,0 +1,61 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/auth/client-credentials.json", + "title": "OAuth2 client-credentials", + "description": "2-legged OAuth2 flow: Request to your authorization server an access token to reach protected resources.\n\nSee: https://www.krakend.io/docs/authorization/client-credentials/", + "type": "object", + "required": [ + "client_id", + "client_secret", + "token_url" + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "endpoint_params": { + "$id": "#auth/client-credentials/endpoint_params", + "title": "Endpoint parameters", + "description": "Any additional parameters you want to include **in the payload** when requesting the token. For instance, adding the `audience` request parameter may denote the target API for which the token should be issued.\n\nSee: https://www.krakend.io/docs/authorization/client-credentials/", + "type": "object", + "examples": [{ + "audience": ["YOUR-AUDIENCE"] + }] + + }, + "client_id": { + "$id": "#auth/client-credentials/client_id", + "title": "Client ID", + "description": "The Client ID provided to the Auth server\n\nSee: https://www.krakend.io/docs/authorization/client-credentials/", + "type": "string" + }, + "token_url": { + "$id": "#auth/client-credentials/token_url", + "title": "Token URL", + "description": "The endpoint URL where the negotiation of the token happens\n\nSee: https://www.krakend.io/docs/authorization/client-credentials/", + "type": "string", + "examples": [ + "https://your.custom.identity.service.tld/token_endpoint" + ] + }, + "client_secret": { + "$id": "#auth/client-credentials/client_secret", + "title": "Client secret", + "description": "The secret string provided to the Auth server.\n\nSee: https://www.krakend.io/docs/authorization/client-credentials/", + "type": "string", + "examples": [ + "mys3cr3t" + ] + }, + "scopes": { + "$id": "#auth/client-credentials/scopes", + "title": "Scopes", + "description": "A comma-separated list of scopes needed, e.g.: `scopeA,scopeB`\n\nSee: https://www.krakend.io/docs/authorization/client-credentials/", + "type": "string", + "examples": [ + "scope1, scope2" + ] + } + } +} \ No newline at end of file diff --git a/v2.5/auth/gcp.json b/v2.5/auth/gcp.json new file mode 100644 index 0000000..fe13b6b --- /dev/null +++ b/v2.5/auth/gcp.json @@ -0,0 +1,72 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/auth/gcp.json", + "title": "GCP Authentication", + "description": "Enterprise only. Enables GCP authentication between KrakenD and Google Cloud service account.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/gcp/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "anyOf": [ + { + "required": [ + "audience" + ] + }, + { + "required": [ + "audience", + "credentials_file" + ] + }, + { + "required": [ + "audience", + "credentials_json" + ] + } + ], + "properties": { + "audience": { + "$id": "#auth/gcp/audience", + "title": "Audience", + "description": "The audience in GCP looks like an URL, and contains the destination service you will ask a token for. Most of the times this URL will match exactly with the `host` entry.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/gcp/", + "type": "string", + "examples": [ + "https://gcptest-76fewi6rca-uc.a.run.app" + ] + }, + "credentials_file": { + "$id": "#auth/gcp/credentials_file", + "title": "Path to credentials file", + "description": "The relative or absolute path to a credentials file in JSON format that contains all the credentials to authenticate API calls to the given service account.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/gcp/", + "type": "string", + "examples": ["/etc/krakend/gcp.json"] + }, + "credentials_json": { + "$id": "#auth/gcp/credentials_json", + "title": "JSON credentials file", + "description": "An inline JSON object containing all the credentials fields to authenticate to GCP.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/gcp/", + "type": "object", + "examples": [{ + "type": "service_account", + "project_id": "project_id", + "private_key_id": "private_key_id", + "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzd9ZdbPLAR4/g\nj+Rodu15kEasMpxf/Mz+gKRb2fmgR2Y18Y/iRBYZ4SkmF2pBSfzvwE/aTCzSPBGl\njHhPzohXnSN029eWoItmxVONlqCbR29pD07aLzv08LGeIGdHIEdhVjhvRwTkYZIF\ndXmlHNDRUU/EbJN9D+3ahw22BNnC4PaDgfIWTs3xIlTCSf2rL39I4DSNLTS/LzxK\n/XrQfBMtfwMWwyQaemXbc7gRgzOy8L56wa1W1zyXx99th97j1bLnoAXBGplhB4Co\n25ohyDAuhxRm+XGMEaO0Mzo7u97kvhj48a569RH1QRhOf7EBf60jO4h5eOmfi5P5\nPV3l7041AgMBAAECggEAEZ0RTNoEeRqM5F067YW+iM/AH+ZXspP9Cn1VpC4gcbqQ\nLXsnw+0qvh97CmIB66Z3TJBzRdl0DK4YjUbcB/kdKHwjnrR01DOtesijCqJd4N+B\n762w73jzSXbV9872U+S3HLZ5k3JE6KUqz55X8fyCAgkY6w4862lEzs2yasrPFHEV\nRoQp3PM0Miif8R3hGDhOWcHxcobullthG6JHAQFfc1ctwEjZI4TK0iWqlzfWGyKN\nT9UgvjUDud5cGvS9el0AiLN6keAf77tcPn1zetUVhxN1KN4bVAm1Q+6O8esl63Rj\n7JXpHzxaRnit9S6/aH/twHsGGtLg5Puw6jey6xs4AQKBgQD2JNy1wzewCRkD+jug\n8CHbJ+LIJVRNIaWa/RK1QD8/UjmFPkIzRQSF3AKC5mRAWSa2FL3yVK3N/DD7hazW\n85XSBB7IDcnoJnA9SkUeWwqQGkDx3EntlU3gX8Kn/+ofF8O9jLXxAa901MAVXVuf\n5YDzrl4PNE3bFnPCdiNmSdRfhQKBgQC6p4DsCpwqbeTu9f5ak9VW/fQP47Fgt+Mf\nwGjBnKP5PbbNJpHCfamF7jqSRH83Xy0KNssH7jD/NZ2oT594sMmiQPUC5ni9VYY6\nsuYB0JbD5Mq+EjKIVhYtxaQJ76LzHreEI+G4z6k3H7/hRpr3/C48n9G/uVkT9DbJ\noplxxEx68QKBgQCdJ23vcwO0Firtmi/GEmtbVHz70rGfSXNFoHz4UlvPXv0wsE5u\nE4vOt2i3EMhDOWh46odYGG6bzH+tp2xyFTW70Dui+QLHgPs6dpfoyLHWzZxXj5F3\n6lK9hgZvYvqk/XRRKmzjwnK2wjsdqOyeC1covlR5mqh20D/6kZkKbur0TQKBgAwy\nCZBimRWEnKKoW/gbFKNccGfhXqONID/g2Hdd/rC4QYth68AjacIgcJ9B7nX1uAGk\n1tsryvPB0w0+NpMyKdp6GAgaeuUUA3MuYSzZLiCagEyu77JMvaI7+Z3UlHcCGMd/\neK4Uk1/QqT7U2Cc/yN2ZK6E1QQa2vCWshA4U31JhAoGAbtbSSSsul1c+PsJ13Cfk\n6qVnqYzPqt23QTyOZmGAvUHH/M4xRiQpOE0cDF4t/r5PwenAQPQzTvMmWRzj6uAY\n3eaU0eAK7ZfoweCoOIAPnpFbbRLrXfoY46H7MYh7euWGXOKEpxz5yzuEkd9ByNUE\n86vSEidqbMIiXVgEgnu/k08=\n-----END PRIVATE KEY-----\n", + "client_email": "xyz@developer.gserviceaccount.com", + "client_id": "123", + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://accounts.google.com/o/oauth2/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/xyz%40developer.gserviceaccount.com" + }] + }, + "custom_claims": { + "$id": "#auth/gcp/credentials_json", + "title": "Custom claims", + "description": "Custom private claims that you can optionally add to an ID token.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/gcp/", + "type": "object" + } + } +} \ No newline at end of file diff --git a/v2.5/auth/jose.json b/v2.5/auth/jose.json new file mode 100644 index 0000000..a7ee441 --- /dev/null +++ b/v2.5/auth/jose.json @@ -0,0 +1,20 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/auth/jose.json", + "title": "Enables global configurations for the HTTP client responsible of downloading and caching the JWK URLs for token validation and signing.", + "type": "object", + "required": [ + "shared_cache_duration" + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "shared_cache_duration": { + "title": "Shared cache duration", + "description": "The cache duration in seconds for the JWK client retrieving the `jwk_url`. The endpoint must enable the `cache` option in order to use this second level cache.\n\nSee: https://www.krakend.io/docs/authorization/jwk-caching/", + "type": "integer" + } + } +} \ No newline at end of file diff --git a/v2.5/auth/ntlm.json b/v2.5/auth/ntlm.json new file mode 100644 index 0000000..369a2e7 --- /dev/null +++ b/v2.5/auth/ntlm.json @@ -0,0 +1,35 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/auth/ntlm.json", + "title": "NTLM Authentication", + "description": "Enterprise only. Enables NTLM authentication between KrakenD and a Microsoft server such as Dynamics.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/ntlm/", + "type": "object", + "required": [ + "user", + "password" + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "user": { + "$id": "#auth/ntlm/user", + "title": "User", + "description": "The username you will send as NTLM authentication user.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/ntlm/", + "type": "string", + "examples": [ + "krakendclient" + ] + }, + "password": { + "$id": "#auth/ntlm/password", + "title": "Password", + "description": "The password you will use, in clear text.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/ntlm/", + "type": "string", + "examples": [ + "myp4ssw0rd" + ] + } + } +} \ No newline at end of file diff --git a/v2.5/auth/revoker.json b/v2.5/auth/revoker.json new file mode 100644 index 0000000..c0280ac --- /dev/null +++ b/v2.5/auth/revoker.json @@ -0,0 +1,111 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/auth/revoker.json", + "title": "The API Gateway authorizes users that provide valid tokens according to your criteria, but at some point, you might want to change your mind and decide to revoke JWT tokens that are still valid.", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": [ + "N", + "P", + "hash_name", + "TTL", + "port", + "token_keys" + ], + "properties": { + "N": { + "$id": "#auth/revoker/N", + "title": "Bot detector", + "description": "The maximum `N`umber of elements you want to keep in the bloom filter. Tens of millions work fine on machines with low resources.\n\nSee: https://www.krakend.io/docs/authorization/revoking-tokens/", + "type": "integer", + "examples": [ + 10000000 + ] + }, + "P": { + "$id": "#auth/revoker/P", + "title": "Probability", + "description": "The `P`robability of returning a false positive. E.g.,`1e-7` for one false positive every 10 million different tokens. The values `N` and `P` determine the size of the resulting bloom filter to fulfill your expectations. E.g: 0.0000001\n\nSee: https://www.krakend.io/docs/authorization/revoking-tokens/", + "type": "number", + "examples": [ + 0.0000001 + ] + }, + "hash_name": { + "$id": "#auth/revoker/hash_name", + "title": "Hash function name", + "description": "Either `optimal` (recommended) or `default`. The `optimal` consumes less CPU but has less entropy when generating the hash, although the loss is negligible.\n\nSee: https://www.krakend.io/docs/authorization/revoking-tokens/", + "type": "string", + "enum": [ + "optimal", + "default" + ] + }, + "TTL": { + "$id": "#auth/revoker/TTL", + "title": "Time To Live", + "description": "The lifespan of the JWT you are generating in seconds. The value must match the expiration you are setting in the identity provider when creating the tokens.\n\nSee: https://www.krakend.io/docs/authorization/revoking-tokens/", + "type": "integer" + }, + "port": { + "$id": "#auth/revoker/port", + "title": "Port", + "description": "The port number exposed on each KrakenD instance for the RPC service to interact with the bloomfilter. This port is allocated only to the clients (running KrakenDs).\n\nSee: https://www.krakend.io/docs/authorization/revoking-tokens/", + "type": "integer" + }, + "token_keys": { + "$id": "#auth/revoker/token_keys", + "title": "Token keys", + "description": "The list with all the claims in your JWT payload that need watching. These fields establish the criteria to revoke accesses in the future. The Revoker does not use this value, only the clients.\n\nSee: https://www.krakend.io/docs/authorization/revoking-tokens/", + "type": "array", + "examples": [ + "jti" + ] + }, + "revoke_server_max_workers": { + "$id": "#auth/revoker/revoke_server_max_workers", + "title": "Max workers", + "description": "How many workers are used concurrently to execute an action (e.g., push a token) to all registered instances, allowing you to limit the amount of memory consumed by the server. For example, if you have 100 KrakenD servers and need to push 5MB of data each, you need to send 500MB in total. A max_workers=5 will consume a maximum of `5MB x 5 workers = 25MB` of memory in a given instant. Defaults to the same number of CPUs available.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/revoke-server/", + "type": "integer", + "default": 5 + }, + "revoke_server_ping_interval": { + "$id": "#auth/revoker/revoke_server_ping_interval", + "title": "Revoke Server ping interval", + "description": "Time the server and the client wait to verify they are alive with each other (health check). Defaults to `30s`. Do not lower this value a lot; otherwise, you will have a lot of internal traffic.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/revoke-server/", + "type": "string", + "$ref": "../timeunits.json#/$defs/timeunit", + "examples": [ + "30s" + ] + }, + "revoke_server_ping_url": { + "$id": "#auth/revoker/revoke_server_ping_url", + "title": "Revoke Server Ping URL", + "description": "The address to the `/instances` endpoint in the Revoke Server.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/revoke-server/", + "type": "string", + "examples": [ + "http://revoke-server:8081/instances" + ] + }, + "revoke_server_api_key": { + "$id": "#auth/revoker/revoke_server_api_key", + "title": "Revoke Server Ping URL", + "description": "A string used as an exchange API key to secure the communication between the Revoke Server and the KrakenD instances and to consume the REST API of the Revoker Server as well. E.g., a string generated with `uuidgen`.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/revoke-server/", + "type": "string", + "examples": [ + "639ee23f-f4c5-40c4-855c-912bf01fae87" + ] + }, + "revoke_server_max_retries": { + "$id": "#auth/revoker/revoke_server_max_retries", + "title": "Revoke Server Max Retries", + "description": "Maximum number of retries after a connection fails. When the value is less than zero it is changed automatically to zero.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/revoke-server/", + "type": "integer", + "default": 0 + } + } +} \ No newline at end of file diff --git a/v2.5/auth/signer.json b/v2.5/auth/signer.json new file mode 100644 index 0000000..d8bf8cb --- /dev/null +++ b/v2.5/auth/signer.json @@ -0,0 +1,180 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/auth/signer.json", + "title": "JWT signer", + "description": "creates a wrapper for your login endpoint that signs with your secret key the selected fields of the backend payload right before returning the content to the end-user.\n\nSee: https://www.krakend.io/docs/authorization/jwt-signing/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": [ + "alg", + "kid", + "keys_to_sign" + ], + "oneOf": [ + { + "required": [ + "alg", + "jwk_local_path", + "disable_jwk_security" + ] + }, + { + "required": [ + "alg", + "jwk_url" + ] + } + ], + "properties": { + "alg": { + "$id": "#auth/signer/alg", + "title": "Algorithm", + "description": "The hashing algorithm used by the issuer. Usually `RS256`. The algorithm you choose directly affects the CPU consumption.\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "string", + "enum": [ + "EdDSA", + "HS256", + "HS384", + "HS512", + "RS256", + "RS384", + "RS512", + "ES256", + "ES384", + "ES512", + "PS256", + "PS384", + "PS512" + ] + }, + "jwk_url": { + "$id": "#auth/signer/jwk_url", + "title": "JWK URL", + "description": " The URL to the JWK endpoint with the private keys used to sign the token.\n\nSee: https://www.krakend.io/docs/authorization/jwt-signing/", + "type": "string", + "examples": [ + "http://your-backend/jwk/symmetric.json" + ] + }, + "jwk_local_path": { + "$id": "#auth/validator/jwk_local_path", + "title": "JWK local path", + "description": "Local path to the JWK public keys, has preference over `jwk_url`. Instead of pointing to an external URL (with `jwk_url`), public keys are kept locally, in a plain JWK file (security alert!), or encrypted. When encrypted, also add `secret_url` and `cypher_key`.\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "string", + "examples": [ + "./jwk.txt" + ] + }, + "secret_url": { + "$id": "#auth/validator/secret_url", + "title": "Secret's URL", + "description": "An URL with a custom scheme using one of the supported providers (e.g.: `awskms://keyID`) ([see providers](/docs/authorization/jwt-validation/#accepted-providers-for-encrypting-payloads)).\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "string", + "pattern": "(base64key|awskms|azurekeyvault|gcpkms|hashivault)://(.*)", + "examples": [ + "base64key://smGbjm71Nxd1Ig5FS0wj9SlbzAIrnolCz9bQQ6uAhl4=", + "awskms://keyID", + "azurekeyvault://keyID", + "gcpkms://projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEY_RING]/cryptoKeys/[KEY]", + "hashivault://keyID" + ] + }, + "cypher_key": { + "$id": "#auth/validator/cypher_key", + "title": "Cypher key", + "description": "The cyphering key.\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "string" + }, + "jwk_local_ca": { + "$id": "#auth/signer/jwk_local_ca", + "title": "Local CA", + "description": "Path to the CA’s certificate verifying a secure connection when downloading the JWK. Use when not recognized by the system (e.g., self-signed certificates).\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "string" + }, + "kid": { + "$id": "#auth/signer/kid", + "title": "Kid", + "description": "The key ID purpose is to match a specific key, as the jwk_url might contain several keys.\n\nSee: https://www.krakend.io/docs/enterprise/authorization/jwt-validation/", + "type": "string", + "examples": [ + "sim2" + ] + }, + "keys_to_sign": { + "$id": "#auth/signer/keys_to_sign", + "title": "Keys to sign", + "description": "List of all the specific keys that need signing (e.g., `refresh_token` and `access_token`).\n\nSee: https://www.krakend.io/docs/authorization/jwt-signing/", + "type": "array", + "examples": [ + "access_token", + "refresh_token" + ] + }, + "full": { + "$id": "#auth/signer/full", + "title": "Full format", + "description": "Use JSON format instead of the compact form JWT provides.\n\nSee: https://www.krakend.io/docs/enterprise/authorization/jwt-validation/", + "type": "boolean", + "default": false + }, + "disable_jwk_security": { + "$id": "#auth/signer/disable_jwk_security", + "title": "Disable_jwk_security", + "description": "Disables HTTP security of the JWK client and allows insecure connections (plain HTTP) to download the keys. The flag should be `false` when you use HTTPS, and `true` when using plain HTTP or loading the key from a local file.\n\nSee: https://www.krakend.io/docs/enterprise/authorization/jwt-validation/", + "type": "boolean", + "default": false + }, + "cipher_suites": { + "$id": "#auth/signer/cipher_suites", + "title": "Cipher suites", + "description": "Override the default cipher suites (see [JWT validation](/docs/authorization/jwt-validation/)). Unless you have a legacy JWK, **you don't need to set this value**.", + "type": "array", + "default": [ + 49199, + 49195, + 49200, + 49196, + 52392, + 52393 + ], + "items": { + "title": "Items", + "description": "\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "integer", + "enum": [ + 5, + 10, + 47, + 53, + 60, + 156, + 157, + 49159, + 49161, + 49162, + 49169, + 49170, + 49171, + 49172, + 49187, + 49191, + 49199, + 49195, + 49200, + 49196, + 52392, + 52393 + ] + } + }, + "jwk_fingerprints": { + "$id": "#auth/signer/jwk_fingerprints", + "title": "JWK Fingerprints", + "description": "A list of fingerprints (the unique identifier of the certificate) for certificate pinning and avoid man in the middle attacks. Add fingerprints in base64 format.\n\nSee: https://www.krakend.io/docs/authorization/jwt-signing/", + "type": "array" + } + } +} \ No newline at end of file diff --git a/v2.5/auth/validator.json b/v2.5/auth/validator.json new file mode 100644 index 0000000..9ab57ab --- /dev/null +++ b/v2.5/auth/validator.json @@ -0,0 +1,283 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/auth/validator.json", + "title": "JWT validator", + "description": "Protect endpoints from public usage by validating JWT tokens generated by any industry-standard OpenID Connect (OIDC) integration.\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "object", + "oneOf": [ + { + "required": [ + "alg", + "jwk_local_path" + ] + }, + { + "required": [ + "alg", + "jwk_url" + ] + } + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "alg": { + "$id": "#auth/validator/alg", + "title": "Algorithm", + "description": "The hashing algorithm used by the token issuer.\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "string", + "default": "RS256", + "enum": [ + "EdDSA", + "HS256", + "HS384", + "HS512", + "RS256", + "RS384", + "RS512", + "ES256", + "ES384", + "ES512", + "PS256", + "PS384", + "PS512" + ] + }, + "jwk_url": { + "$id": "#auth/validator/jwk_url", + "title": "JWK URL", + "description": "The URL to the JWK endpoint with the public keys used to verify the token's authenticity and integrity. Use with `cache` to avoid re-downloading the key on every request. Consider enabling [shared caching](/docs/authorization/jwk-caching/) too. The identity server will receive an HTTP(s) request from KrakenD with a KrakenD user agent, and the identity server must reply with a JSON object and a content-type `application/jwk-set+json` or `application/json`.\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "string", + "examples": [ + "https://some-domain.auth0.com/.well-known/jwks.json", + "http://KEYCLOAK:8080/auth/realms/master/protocol/openid-connect/certs", + "https://yourOktaBaseUrl/v1/keys" + ] + }, + "jwk_local_path": { + "$id": "#auth/validator/jwk_local_path", + "title": "JWK local path", + "description": "Local path to the JWK public keys, has preference over `jwk_url`. Instead of pointing to an external URL (with `jwk_url`), public keys are kept locally, in a plain JWK file (security alert!), or encrypted. When encrypted, also add `secret_url` and `cypher_key`.\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "string", + "examples": [ + "./jwk.txt" + ] + }, + "secret_url": { + "$id": "#auth/validator/secret_url", + "title": "Secret's URL", + "description": "An URL with a custom scheme using one of the supported providers (e.g.: `awskms://keyID`) (see providers).\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "string", + "pattern": "(base64key|awskms|azurekeyvault|gcpkms|hashivault)://(.*)", + "examples": [ + "base64key://smGbjm71Nxd1Ig5FS0wj9SlbzAIrnolCz9bQQ6uAhl4=", + "awskms://keyID", + "azurekeyvault://keyID", + "gcpkms://projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEY_RING]/cryptoKeys/[KEY]", + "hashivault://keyID" + ] + }, + "cypher_key": { + "$id": "#auth/validator/cypher_key", + "title": "Cypher key", + "description": "The cyphering key.\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "string" + }, + "scopes": { + "$id": "#auth/validator/scopes", + "title": "Scopes", + "description": "A list of scopes to validate. Make sure to use a list `[]` in the config, but when passing the token, the scopes should be separated by spaces, e.g.: `\"my_scopes\": \"resource1:action1 resource3:action7\"`.\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "array", + "items": { + "type": "string" + } + }, + "scopes_key": { + "$id": "#auth/validator/scopes_key", + "title": "Scopes key", + "description": "The key name where KrakenD can find the scopes. The key can be a nested object using the `.` dot notation, e.g.: `data.access.my_scopes`.\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "string" + }, + "scopes_matcher": { + "$id": "#auth/validator/scopes_matcher", + "title": "Scopes matcher", + "description": "Defines if the user needs to have in its token at least one of the listed claims (`any`), or `all` of them.\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "string", + "enum": [ + "any", + "all" + ], + "default": "any" + + }, + "issuer": { + "$id": "#auth/validator/issuer", + "title": "Issuer", + "description": "When set, tokens not matching the issuer are rejected.\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "string", + "examples": [ + "issuer" + ] + }, + "audience": { + "$id": "#auth/validator/audience", + "title": "Audience", + "description": "Reject tokens that do not contain ALL audiences declared in the list.\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "array", + "items": { + "type": "string" + }, + "examples": [ + "audience1" + ] + }, + "roles": { + "$id": "#auth/validator/roles", + "title": "Roles", + "type": "array", + "description": " When set, the JWT token not having at least one of the listed roles is rejected.\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "items": { + "type": "string" + } + }, + "roles_key": { + "$id": "#auth/validator/roles_key", + "title": "Roles key", + "description": "When validating users through roles, provide the key name inside the JWT payload that lists their roles. If this key is nested inside another object, add `roles_key_is_nested` and use the dot notation `.` to traverse each level. E.g.: `resource_access.myclient.roles` represents the payload `{resource_access: { myclient: { roles: [\"myrole\"] } }`. Notice that the roles object you choose is a list, not a map.\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "string", + "examples": [ + "resource_access.myclient.roles" + ] + }, + "roles_key_is_nested": { + "$id": "#auth/validator/roles_key_is_nested", + "title": "Roles key is nested", + "description": "If the roles key uses a nested object using the `.` dot notation, you must set it to `true` to traverse the object.\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "boolean" + }, + "cookie_key": { + "$id": "#auth/validator/cookie_key", + "title": "Cookie key", + "description": "Add the key name of the cookie containing the token when it is not passed in the headers\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "string", + "examples": [ + "cookie_jwt" + ] + }, + "cipher_suites": { + "$id": "#auth/validator/cipher_suites", + "title": "Cipher suites", + "description": "Override the default cipher suites. Use it if you want to enforce an even higher security standard.\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "array", + "default": [ + 49199, + 49195, + 49200, + 49196, + 52392, + 52393 + ], + "items": { + "title": "Items", + "description": "\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "integer", + "enum": [ + 5, + 10, + 47, + 53, + 60, + 156, + 157, + 49159, + 49161, + 49162, + 49169, + 49170, + 49171, + 49172, + 49187, + 49191, + 49199, + 49195, + 49200, + 49196, + 52392, + 52393 + ] + } + }, + "jwk_local_ca": { + "$id": "#auth/validator/jwk_local_ca", + "title": "Local CA", + "description": "Path to the CA's certificate verifying a secure connection when downloading the JWK. Use when not recognized by the system (e.g., self-signed certificates).\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "string" + }, + "cache": { + "$id": "#auth/validator/cache", + "title": "Cache", + "description": "Set this value to `true` (recommended) to stop downloading keys on every request and store them in memory for the next `cache_duration` period and avoid hammering the key server, as recommended for performance. Do not use this flag when using `jwk_local_ca`.\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "boolean", + "default": false + }, + "cache_duration": { + "$id": "#auth/validator/cache_duration", + "title": "Cache duration", + "description": "The cache duration in seconds when the `cache` is enabled. 15 minutes when unset.\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "integer", + "default": 900 + }, + "disable_jwk_security": { + "$id": "#auth/validator/disable_jwk_security", + "title": "Disable_jwk_security", + "description": "When true, disables security of the JWK client and allows insecure connections (plain HTTP) to download the keys. Useful for development environments.\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "boolean", + "default": false + }, + "jwk_fingerprints": { + "$id": "#auth/validator/jwk_fingerprints", + "title": "Roles", + "type": "array", + "description": "A list of fingerprints (the certificate's unique identifier) for certificate pinning and avoid man-in-the-middle attacks. Add fingerprints in base64 format.\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "items": { + "type": "string" + } + }, + "propagate_claims": { + "$id": "#auth/validator/propagate_claims", + "title": "Claims to propagate", + "type": "array", + "description": "Enables passing claims in the backend's request header. You can pass nested claims using the dot `.` operator. E.g.: `realm_access.roles`.\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "items": { + "type": "array", + "minItems": 2, + "maxItems": 2, + "items": { + "type": "string" + } + } + }, + "key_identify_strategy": { + "$id": "#auth/validator/key_identify_strategy", + "title": "Key identify strategy", + "description": "Allows strategies other than `kid` to load keys.\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "string", + "enum": [ + "kid", + "x5t", + "kid_x5t" + ] + }, + "operation_debug": { + "$id": "#auth/validator/operation_debug", + "title": "Debug", + "description": "When `true`, any JWT **validation operation** gets printed in the log with a level `ERROR`. You will see if a client does not have sufficient roles, the allowed claims, scopes, and other useful information.\n\nSee: https://www.krakend.io/docs/authorization/jwt-validation/", + "type": "boolean", + "default": false + } + + } + +} \ No newline at end of file diff --git a/v2.5/backend.json b/v2.5/backend.json new file mode 100644 index 0000000..c8a8dfa --- /dev/null +++ b/v2.5/backend.json @@ -0,0 +1,184 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/backend.json", + "title": "Backends", + "description": "A backend object is an array of all the services that an endpoint connects to. It defines the list of hostnames that connects to and the URL to send or receive the data.", + "type": "object", + "required": [ + "url_pattern" + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "url_pattern": { + "$id": "#backend/url_pattern", + "title": "URL Pattern", + "description": "The path inside the service (no protocol, no host, no method). E.g: `/users`. Some functionalities under `extra_config` might drop the requirement of declaring a valid `url_pattern`, but they are exceptions. The URL must be RESTful, if it is not (e.g.: `/url.{some_variable}.json`), then see how to [disable RESTful checking](#disable-restful-checking).\n\nSee: https://www.krakend.io/docs/backends/", + "type": "string", + "examples": [ + "/users", + "/user/{id_user}" + ] + }, + "encoding": { + "$id": "#backend/encoding", + "title": "Backend Encoding", + "description": "Defines your [needed encoding](/docs/backends/supported-encodings/) to set how to parse the response. Defaults to the value of its endpoint's `encoding`, or to `json` if not defined anywhere else.\n\nSee: https://www.krakend.io/docs/backends/supported-encodings/", + "type": "string", + "default": "json", + "enum": [ + "json", + "safejson", + "fast-json", + "xml", + "rss", + "string", + "no-op" + ] + }, + "input_headers": { + "$id": "#backend/input_headers", + "title": "Allowed Headers In", + "description": "A second level of header filtering that defines the list of all headers allowed to reach this backend when different than the endpoint.\nBy default, all headers in the endpoint `input_headers` reach the backend, unless otherwise specified here. An empty list `[]` is considered a zero-value and allows all headers to pass. Use `[\"\"]` to explicitly remove all headers. See [headers forwarding](/docs/endpoints/parameter-forwarding/#headers-forwarding)", + "type": "array", + "uniqueItems": true, + "default": [], + "items": { + "$id": "#backend/input_headers/items", + "type": "string", + "examples": [ + "User-Agent", + "Accept", + "*" + ] + } + }, + "input_query_strings": { + "$id": "#backend/input_query_strings", + "title": "Allowed Querystrings In", + "description": "A second level of query string filtering that defines the list of all query strings allowed to reach this backend when different than the endpoint.\nBy default, all query strings in the endpoint `input_query_strings` reach the backend, unless otherwise specified here. An empty list `[]` is considered a zero-value and allows all headers to pass. Use `[\"\"]` to explicitly remove all query strings. See [query strings forwarding](/docs/endpoints/parameter-forwarding//#query-string-forwarding)", + "type": "array", + "uniqueItems": true, + "default": [], + "items": { + "$id": "#backend/input_headers/items", + "type": "string", + "examples": [ + "User-Agent", + "Accept", + "*" + ] + } + }, + "sd": { + "$id": "#backend/sd", + "title": "Service Discovery", + "description": "The [Service Discovery](/docs/backends/service-discovery/) system to resolve your backend services. Defaults to `static` (no external Service Discovery). Use `dns` to use DNS SRV records.\n\nSee: https://www.krakend.io/docs/backends/", + "type": "string", + "default": "static", + "enum": [ + "static", + "dns" + ] + }, + "sd_scheme": { + "$id": "#backend/sd", + "title": "Service Discovery Scheme", + "description": "The [Service Discovery](/docs/backends/service-discovery/) scheme to connect to your backend services.\n\nSee: https://www.krakend.io/docs/backends/", + "type": "string", + "default": "http", + "examples": [ + "http", + "https" + ] + }, + "method": { + "$id": "#backend/method", + "title": "Method", + "description": "The method sent to this backend in **uppercase**. The method does not need to match the endpoint's method. When the value is omitted, it uses the same endpoint's method.\n\nSee: https://www.krakend.io/docs/backends/", + "type": "string", + "enum": [ + "GET", + "POST", + "PUT", + "PATCH", + "DELETE" + ], + "default": "GET" + }, + "extra_config": { + "type": "object", + "title": "Backend Extra configuration", + "description": "When there is additional configuration related to a specific component or middleware (like a circuit breaker, rate limit, etc.), it is declared under this section.", + "$ref": "backend_extra_config.json" + }, + "disable_host_sanitize": { + "$id": "#backend/disable_host_sanitize", + "title": "Disable host sanitize", + "description": "Set it to `true` when the host doesn't need to be checked for an HTTP protocol. This is the case of `sd=dns` or when using other protocols like `amqp://`, `nats://`, `kafka://`, etc. When set to true, and the protocol is not HTTP, KrakenD fails with an `invalid host` error.", + "type": "boolean", + "default": false + }, + "host": { + "$id": "#backend/host", + "title": "Host array", + "description": "An array with all the available hosts to [load balance](/docs/throttling/load-balancing/#balancing-egress-traffic-to-upstream) requests, including the schema (when possible) `schema://host:port`. E.g.: ` https://my.users-ms.com`. If you are in a platform where hosts or services are balanced (e.g., a K8S service), write a single entry in the array with the service name/balancer address. Defaults to the `host` declaration at the configuration's root level, and the service fails starting when there is none.", + "type": "array" + }, + "target": { + "$id": "#backend/target", + "title": "Target (data manipulation)", + "description": "Removes the matching object from the reponse and returns only its contents.\n\nSee: https://www.krakend.io/docs/backends/data-manipulation/", + "type": "string", + "examples": [ + "data", + "content", + "response" + ] + }, + "deny": { + "$id": "#backend/deny", + "title": "Deny (data manipulation)", + "description": "**Don't return the fields in the list**. All matching fields (case-sensitive) defined in the list, are removed from the response. Use a dot `.` separator to definr nested attributes, e.g.: `a.b` removes `{\"a\":{\"b\": true}}`.\n\nSee: https://www.krakend.io/docs/backends/data-manipulation/", + "type": "array", + "uniqueItems": true + }, + "allow": { + "$id": "#backend/allow", + "title": "Allow (data manipulation)", + "description": "**Only return the fields in the list**. Only the matching fields (case-sensitive) are returned in the final response. Use a dot `.` separator to define nested attributes, e.g.: `a.b` removes `{\"a\":{\"b\": true}}` \n\nSee: https://www.krakend.io/docs/backends/data-manipulation/", + "type": "array", + "uniqueItems": true, + "examples": [ + "token", + "CVV", + "password" + ] + }, + "group": { + "$id": "#backend/group", + "title": "Group (data manipulation)", + "description": "Instead of placing all the response attributes in the root of the response, create a new key and encapsulate the response inside.\n\nSee: https://www.krakend.io/docs/backends/data-manipulation/", + "type": "string", + "default": "backend1" + }, + "mapping": { + "$id": "#backend/mapping", + "title": "Mapping", + "description": "Mapping, or also known as renaming, let you change the name of the fields of the generated responses, so your composed response would be as close to your use case as possible without changing a line on any backend.\n\nSee: https://www.krakend.io/docs/backends/data-manipulation/", + "type": "object", + "examples": [ + { "from": "to" } + ] + }, + "is_collection": { + "$id": "#backend/is_collection", + "title": "Is a collection/array", + "description": "Set to true when your API does not return an object {} but a collection []\n\nSee: https://www.krakend.io/docs/backends/data-manipulation/", + "type": "boolean", + "default": true + } + } +} diff --git a/v2.5/backend/amqp/consumer.json b/v2.5/backend/amqp/consumer.json new file mode 100644 index 0000000..e4aa080 --- /dev/null +++ b/v2.5/backend/amqp/consumer.json @@ -0,0 +1,108 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/backend/amqp/consumer.json", + "title": "AMQP Consumer", + "description": "The AMQP component allows to send and receive messages to and from a queue through the API Gateway.\n\nSee: https://www.krakend.io/docs/backends/amqp-consumer/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": [ + "name", + "exchange", + "routing_key" + ], + "properties": { + "name": { + "$id": "#backend/amqp/consumer/name", + "title": "Name", + "description": "Queue name.\n\nSee: https://www.krakend.io/docs/backends/amqp-consumer/", + "type": "string" + }, + "exchange": { + "$id": "#backend/amqp/consumer/exchange", + "title": "Exchange", + "description": "The exchange name (must have a **topic** type if already exists).\n\nSee: https://www.krakend.io/docs/backends/amqp-consumer/", + "type": "string", + "examples": [ + "some-exchange" + ] + }, + "routing_key": { + "$id": "#backend/amqp/consumer/routing_key", + "title": "Routing keys", + "description": "The list of routing keys you will use to consume messages.\n\nSee: https://www.krakend.io/docs/backends/amqp-consumer/", + "type": "array", + "examples": [ + "#" + ] + }, + "durable": { + "$id": "#backend/amqp/consumer/durable", + "title": "Durable", + "description": "Durable queues will survive server restarts and remain when there are no remaining consumers or bindings. `true` is recommended, but depends on the use case. \n\nSee: https://www.krakend.io/docs/backends/amqp-consumer/", + "type": "boolean", + "default": false + }, + "delete": { + "$id": "#backend/amqp/consumer/delete", + "title": "Delete", + "description": "When `true`, AMQP deletes the queue when there are no remaining connections. This option is **not recommended** in most of the scenarios. If for instance, the connectivity between KrakenD and AMQP is lost for whatever reason and it's the only client, AMQP will delete the queue no matter the number of messages there are inside, and when KrakenD gets the connection again the queue won't exist and future connections will recreate it again.\n\nSee: https://www.krakend.io/docs/backends/amqp-consumer/", + "type": "boolean", + "default": false + }, + "no_wait": { + "$id": "#backend/amqp/consumer/no_wait", + "title": "No wait", + "description": "When true, do not wait for the server to confirm the request and immediately begin deliveries. If it is not possible to consume, a channel exception will be raised and the channel will be closed.\n\nSee: https://www.krakend.io/docs/backends/amqp-consumer/", + "type": "boolean" + }, + "no_local": { + "$id": "#backend/amqp/consumer/no_local", + "title": "No local", + "description": "The no_local flag is not supported by RabbitMQ.\n\nSee: https://www.krakend.io/docs/backends/amqp-consumer/", + "type": "boolean" + }, + "prefetch_count": { + "$id": "#backend/amqp/consumer/prefetch_count", + "title": "Prefetch count", + "description": "The number of messages you want to prefetch prior to consume them.\n\nSee: https://www.krakend.io/docs/backends/amqp-consumer/", + "type": "integer", + "default": 0 + }, + "auto_ack": { + "$id": "#backend/amqp/consumer/auto_ack", + "title": "Auto ACK", + "description": "When KrakenD retrieves the messages, regardless of the success or failure of the operation, it marks them as `ACK`nowledge.\n\nSee: https://www.krakend.io/docs/backends/amqp-consumer/", + "type": "boolean", + "default": false + }, + "exclusive": { + "$id": "#backend/amqp/consumer/exclusive", + "title": "Exclusive", + "description": "When `true`, AMQP will allow **a single KrakenD instance** to access the queue. This option is **not recommended** in environments where the gateway needs high availability and you have several instances running.\n\nSee: https://www.krakend.io/docs/backends/amqp-consumer/", + "type": "boolean", + "default": false + }, + "max_retries": { + "title": "Max retries", + "description": "The maximum number of times you will allow KrakenD to retry reconnecting to a broken messaging system. During startup KrakenD will wait for a maximum of 3 retries before starting to use this policy. Use 0 for unlimited retries.\n\nSee: https://www.krakend.io/docs/backends/amqp-consumer/", + "type": "integer", + "default": 0 + }, + "backoff_strategy": { + "title": "Backoff strategy", + "description": "When the connection to your event source gets interrupted for whatever reason, KrakenD keeps trying to reconnect until it succeeds or until it reaches the `max_retries`. The backoff strategy defines the delay in seconds in between consecutive failed retries. [Check the meaning of each strategy](https://www.krakend.io/docs/async/#backoff-strategies).\n\nSee: https://www.krakend.io/docs/backends/amqp-consumer/", + "type": "string", + "enum": [ + "linear", + "linear-jitter", + "exponential", + "exponential-jitter", + "fallback" + ], + "default": "fallback" + } + } +} \ No newline at end of file diff --git a/v2.5/backend/amqp/producer.json b/v2.5/backend/amqp/producer.json new file mode 100644 index 0000000..4e7f1d9 --- /dev/null +++ b/v2.5/backend/amqp/producer.json @@ -0,0 +1,141 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/backend/amqp/producer.json", + "title": "AMQP Producer", + "description": "Send messages to a queue through the API Gateway.\n\nSee: https://www.krakend.io/docs/backends/amqp-producer/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": [ + "name", + "exchange", + "routing_key" + ], + "properties": { + "name": { + "$id": "#backend/amqp/consumer/name", + "title": "Name", + "description": "Queue name.\n\nSee: https://www.krakend.io/docs/backends/amqp-producer/", + "type": "string" + }, + "exchange": { + "$id": "#backend/amqp/consumer/exchange", + "title": "Exchange", + "description": "The exchange name (must have a topic type if already exists).\n\nSee: https://www.krakend.io/docs/backends/amqp-producer/", + "type": "string", + "examples": [ + "some-exchange" + ] + }, + "routing_key": { + "$id": "#backend/amqp/producer/routing_key", + "title": "Routing key", + "description": "The routing key you will use to send messages, case sensitive.\n\nSee: https://www.krakend.io/docs/backends/amqp-producer/", + "type": "string", + "default": "#" + }, + "static_routing_key": { + "$id": "#backend/amqp/producer/static_routing_key", + "title": "Static Routing key", + "description": "Defines whether the `routing_key` will have a static value or not, instead of taking the value from a parameter.\n\nSee: https://www.krakend.io/docs/backends/amqp-producer/", + "type": "boolean", + "default": false + }, + "exp_key": { + "$id": "#backend/amqp/consumer/exp_key", + "title": "Expiration key", + "description": "Take a parameter from a `{placeholder}` in the endpoint definition to use as the expiration key. The key must have the first letter uppercased. For instance, when an endpoint parameter is defined as `{id}`, you must write `Id`.\n\nSee: https://www.krakend.io/docs/backends/amqp-producer/", + "type": "string", + "default": "" + }, + "reply_to_key": { + "$id": "#backend/amqp/consumer/reply_to_key", + "title": "Expiration key", + "description": "Take a parameter from a `{placeholder}` in the endpoint definition to use as the reply key. The key must have the first letter uppercased. For instance, when an endpoint parameter is defined as `{id}`, you must write `Id`.\n\nSee: https://www.krakend.io/docs/backends/amqp-producer/", + "type": "string", + "default": "" + }, + "msg_id_key": { + "$id": "#backend/amqp/consumer/msg_id_key", + "title": "Expiration key", + "description": "Take a parameter from a `{placeholder}` in the endpoint definition to use as the message identifier. The key must have the first letter uppercased. For instance, when an endpoint parameter is defined as `{id}`, you must write `Id`.\n\nSee: https://www.krakend.io/docs/backends/amqp-producer/", + "type": "string", + "default": "" + }, + "priority_key": { + "$id": "#backend/amqp/consumer/priority_key", + "title": "Expiration key", + "description": "Take a parameter from a `{placeholder}` in the endpoint definition to use as the reply key. The key must have the first letter uppercased. For instance, when an endpoint parameter is defined as `{id}`, you must write `Id`.\n\nSee: https://www.krakend.io/docs/backends/amqp-producer/", + "type": "string", + "default": "" + }, + "durable": { + "$id": "#backend/amqp/consumer/durable", + "title": "Durable", + "description": "true is recommended, but depends on the use case. Durable queues will survive server restarts and remain when there are no remaining consumers or bindings.\n\nSee: https://www.krakend.io/docs/backends/amqp-producer/", + "type": "boolean", + "default": false + }, + "delete": { + "$id": "#backend/amqp/consumer/delete", + "title": "Delete", + "description": "When `true`, AMQP deletes the queue when there are no remaining connections. This option is **not recommended** in most of the scenarios. If for instance, the connectivity between KrakenD and AMQP is lost for whatever reason and it's the only client, AMQP will delete the queue no matter the number of messages there are inside, and when KrakenD gets the connection again the queue won't exist and future connections will recreate it again.\n\nSee: https://www.krakend.io/docs/backends/amqp-producer/", + "type": "boolean", + "default": false + }, + "no_wait": { + "$id": "#backend/amqp/consumer/no_wait", + "title": "No wait", + "description": "When true, do not wait for the server to confirm the request and immediately begin deliveries. If it is not possible to consume, a channel exception will be raised and the channel will be closed.\n\nSee: https://www.krakend.io/docs/backends/amqp-producer/", + "type": "boolean" + }, + "no_local": { + "$id": "#backend/amqp/consumer/no_local", + "title": "No local", + "description": "The no_local flag is not supported by RabbitMQ.\n\nSee: https://www.krakend.io/docs/backends/amqp-consumer/", + "type": "boolean" + }, + "mandatory": { + "$id": "#backend_extra_config/backend/amqp/producer/mandatory", + "title": "Mandatory", + "description": "The exchange must have at least one queue bound when true.\n\nSee: https://www.krakend.io/docs/backends/amqp-producer/", + "type": "boolean", + "default": false + }, + "immediate": { + "$id": "#backend_extra_config/backend/amqp/producer/immediate", + "title": "Immediate", + "description": "A consumer must be connected to the queue when true.\n\nSee: https://www.krakend.io/docs/backends/amqp-producer/", + "type": "boolean", + "default": false + }, + "exclusive": { + "$id": "#backend/amqp/producer/exclusive", + "title": "Exclusive", + "description": "When `true`, AMQP will allow **a single KrakenD instance** to access the queue. This option is **not recommended** in environments where the gateway needs high availability and you have several instances running.\n\nSee: https://www.krakend.io/docs/backends/amqp-producer/", + "type": "boolean", + "default": false + }, + "max_retries": { + "title": "Max retries", + "description": "The maximum number of times you will allow KrakenD to retry reconnecting to a broken messaging system. During startup KrakenD will wait for a maximum of 3 retries before starting to use this policy. Use 0 for unlimited retries.\n\nSee: https://www.krakend.io/docs/backends/amqp-producer/", + "type": "integer", + "default": 0 + }, + "backoff_strategy": { + "title": "Backoff strategy", + "description": "When the connection to your event source gets interrupted for whatever reason, KrakenD keeps trying to reconnect until it succeeds or until it reaches the `max_retries`. The backoff strategy defines the delay in seconds in between consecutive failed retries. [Check the meaning of each strategy](https://www.krakend.io/docs/async/#backoff-strategies).\n\nSee: https://www.krakend.io/docs/backends/amqp-producer/", + "type": "string", + "enum": [ + "linear", + "linear-jitter", + "exponential", + "exponential-jitter", + "fallback" + ], + "default": "fallback" + } + } +} \ No newline at end of file diff --git a/v2.5/backend/graphql.json b/v2.5/backend/graphql.json new file mode 100644 index 0000000..f992804 --- /dev/null +++ b/v2.5/backend/graphql.json @@ -0,0 +1,64 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/backend/graphql.json", + "title": "REST to GraphQL", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "oneOf": [ + { + "required": [ + "type", + "query" + ] + }, + { + "required": [ + "type", + "query_path" + ] + } + ], + "properties": { + "type": { + "title": "Query type", + "description": "The type of query you are declaring, `query` (read), or `mutation` (write).\n\nSee: https://www.krakend.io/docs/backends/graphql/", + "enum": [ + "query", + "mutation" + ], + "type": "string" + }, + "query": { + "title": "Query", + "description": "An inline GraphQL query you want to send to the server. Use this attribute for simple and inline queries, use `query_path` instead for larger queries. Use escaping when needed.\n\nSee: https://www.krakend.io/docs/backends/graphql/", + "type": "string", + "examples": [ + "{ \n find_follower(func: uid(\"0x3\")) {\n name \n }\n }" + ] + }, + "query_path": { + "title": "Query path", + "description": "Path to the file containing the query. This file is loaded during startup and never checked again, if it changes KrakenD will be unaware of it.\n\nSee: https://www.krakend.io/docs/backends/graphql/", + "type": "string", + "examples": [ + "./graphql/mutations/marketing.graphql" + ] + }, + "variables": { + "title": "Variables", + "description": "A dictionary defining all the variables sent to the GraphQL server. You can use `{placeholders}` to inject parameters from the endpoint URL.\n\nSee: https://www.krakend.io/docs/backends/graphql/", + "type": "object" + }, + "operationName": { + "title": "Operation name", + "description": "A meaningful and explicit name for your operation, required in multi-operation documents and for helpful debugging and server-side logging.\n\nSee: https://www.krakend.io/docs/backends/graphql/", + "type": "string", + "examples": [ + "addMktPreferencesForUser" + ] + } + } +} \ No newline at end of file diff --git a/v2.5/backend/grpc.json b/v2.5/backend/grpc.json new file mode 100644 index 0000000..a245b9b --- /dev/null +++ b/v2.5/backend/grpc.json @@ -0,0 +1,103 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/backend/grpc.json", + "title": "gRPC backend connection", + "description": "Enterprise only. Handles the communication with a backend using gRPC, after having defined the protocol buffer definitions.\n\nSee: https://www.krakend.io/docs/backends/grpc/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "client_tls": { + "title": "Enable TLS client options", + "description": "Enables specific TLS connection options when using the gRPC service. Supports all options under [TLS client settings](https://www.krakend.io/docs/service-settings/tls/#client-tls-settings).\n\nSee: https://www.krakend.io/docs/backends/grpc/", + "$ref": "../client_tls.json" + }, + "response_naming_convention": { + "title": "Response naming convention", + "description": "Defines the naming convention used to format the returned data. By default, the gateway uses `snake_case` which makes use of the standard `encoding/json` package, while when you choose `camelCase` the `protobuf/encoding` deserialization is used instead.\n\nSee: https://www.krakend.io/docs/backends/grpc/", + "type": "string", + "enum": ["camelCase", "snake_case"], + "default": "snake_case" + }, + "request_naming_convention": { + "title": "Request naming convention", + "description": "Defines the naming convention used to format the request. Applies to query strings and JSON field names. By default, the gateway uses `snake_case` which makes use of the standard `encoding/json` package, while when you choose `camelCase` the `protobuf/encoding` deserialization is used instead.\n\nSee: https://www.krakend.io/docs/backends/grpc/", + "type": "string", + "enum": ["camelCase", "snake_case"], + "default": "snake_case" + }, + "output_enum_as_string": { + "title": "Output enum types as string", + "description": "Enum types are returned as numeric values (flag set to `false`). Set this flag to `true` to return the string representation of the enum value. For instance, an enum representing allergies, such as `['NUTS', 'MILK', ' SOY', 'WHEAT']` would return a value `SOY` when this flag is `true`, or `2` when `false`.\n\nSee: https://www.krakend.io/docs/backends/grpc/", + "type": "boolean", + "default": false + }, + "output_timestamp_as_string": { + "title": "Output timestamps types as string", + "description": "Well-known Timestamp types (`google.protobuf.Timestamp`) are returned as a struct containing fields with `seconds` and `nanos` fields (flag set to `false`). Setting this flag to `true` transforms the timestamps into a string representation in RFC3999 format.\n\nSee: https://www.krakend.io/docs/backends/grpc/", + "type": "boolean", + "default": false + }, + "output_duration_as_string": { + "title": "Output duration types as string", + "description": "Well-known Duration types (`google.protobuf.Duration`) are returned as a struct containing fields with `seconds` and `nanos` fields (flag set to `false`). Setting this flag to `true` transforms the timestamps into a string representation in seconds.\n\nSee: https://www.krakend.io/docs/backends/grpc/", + "type": "boolean", + "default": false + }, + "output_remove_unset_values": { + "title": "Output removes unset values", + "description": "When the response has missing fields from the definition, they are returned with default values. Setting this flag to `true` removes those fields from the response, while setting it to `false` or not setting it, returns all the fields in the definition.\n\nSee: https://www.krakend.io/docs/backends/grpc/", + "type": "boolean", + "default": false + }, + "input_mapping": { + "title": "Mapping of parameters", + "description": "A dictionary that converts query string parameters and parameters from `{placeholders}` into a different field during the backend request. When passing parameters using `{placeholder}` the parameter capitalizes the first letter, so you receive `Placeholder`.\n\nSee: https://www.krakend.io/docs/backends/grpc/", + "type": "object", + "examples": [ + { + "lat": "where.latitude", + "lon": "where.longitude" + } + ], + "additionalProperties": false, + "patternProperties": { + ".*": { + "type": "string" + } + } + }, + "header_mapping": { + "title": "Mapping of headers", + "description": "A dictionary that rename the received header (key) to a new header name (value). If the header starts with `grpc` they will be renamed to `in-grpc-*` as the word is reserved.\n\nSee: https://www.krakend.io/docs/backends/grpc/", + "type": "object", + "examples": [ + { + "X-Tenant": "customerid" + } + ], + "additionalProperties": false, + "patternProperties": { + ".*": { + "type": "string" + } + } + }, + "use_request_body": { + "title": "Use body", + "description": "Enables the use of the sent body to fill the gRPC request. Take into account that when you set this flag to `true` a body is expected, and this body is **consumed** in the first backend. If the endpoint that uses this gRPC backend has additional backends (either gRPC or HTTP) that also expect to consume the payload, these requests might fail.\n\nSee: https://www.krakend.io/docs/backends/grpc/", + "type": "boolean", + "default": false + }, + "disable_query_params": { + "title": "Disable query parameters", + "description": "When `true`, it does not use URL parameters (`{placeholders}` in endpoints) or query strings to fill the gRPC payload to send. If `use_request_body` is not set, or set to `false`, and this option is set to `true`, there will be no input used for the gRPC message to send. That is still a valid option, when we just want to send the message with its default values, or when the input for the gRPC calls is just the [empty message](https://github.com/protocolbuffers/protobuf/blob/main/src/google/protobuf/empty.proto).\n\nSee: https://www.krakend.io/docs/backends/grpc/", + "type": "boolean", + "default": false + } + + + } +} \ No newline at end of file diff --git a/v2.5/backend/http_client.json b/v2.5/backend/http_client.json new file mode 100644 index 0000000..7c5a795 --- /dev/null +++ b/v2.5/backend/http_client.json @@ -0,0 +1,31 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/backend/http_client.json", + "title": "HTTP Client options", + "description": "Enterprise only. Allows you to set the different HTTP client options with the backend, like TLS, no redirect or connect via a proxy.\n\nSee: https://www.krakend.io/docs/enterprise/backends/http-client/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "no_redirect": { + "type": "boolean", + "title": "No redirect", + "description": "Set `no_redirect` to true if you don't want KrakenD to follow redirects and let the consuming user to receive the `30x` status code.\n\nSee: https://www.krakend.io/docs/enterprise/backends/http-client/", + "default": false + }, + "proxy_address": { + "title": "Proxy address", + "description": "The proxy address used to forward the traffic. The address must contain the protocol and the port.\n\nSee: https://www.krakend.io/docs/enterprise/backends/http-client/", + "examples": [ + "http://proxy.corp:9099" + ] + }, + "client_tls": { + "title": "TLS Client settings", + "description": "Allows to set specific transport settings when using TLS in your upstream services. See the global [Client TLS options](/docs/service-settings/tls/#client-tls-settings) for the list of all supported options.", + "$ref": "../client_tls.json" + } + } +} \ No newline at end of file diff --git a/v2.5/backend/lambda.json b/v2.5/backend/lambda.json new file mode 100644 index 0000000..7284e04 --- /dev/null +++ b/v2.5/backend/lambda.json @@ -0,0 +1,45 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/backend/lambda.json", + "title": "AWS Lambda functions", + "description": "Invoke Amazon Lambda functions on a KrakenD endpoint call.\n\nSee: https://www.krakend.io/docs/backends/lambda/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "function_name": { + "$id": "#backend_extra_config/backend/lambda/function_name", + "title": "Function name", + "description": "Name of the lambda function as saved in the AWS service. You have to choose between function_name and function_param_name but not both.\n\nSee: https://www.krakend.io/docs/backends/", + "type": "string" + }, + "function_param_name": { + "$id": "#backend_extra_config/backend/lambda/function_param_name", + "title": "Function_param_name", + "description": "The endpoint {placeholder} that sets the function name, with the **first letter uppercased**. You have to choose between `function_name` and `function_param_name` but not both. If your endpoint defines the route `/foo/{bar}` the value of `function_param_name` must be `Bar` with the uppercased B.\n\nSee: https://www.krakend.io/docs/backends/", + "type": "string" + }, + "max_retries": { + "$id": "#backend_extra_config/backend/lambda/max_retries", + "title": "Max retries", + "description": "Maximum times you want to execute the function until you have a successful response. The value -1 defers the max retry setting to the service specific configuration.\n\nSee: https://www.krakend.io/docs/backends/", + "type": "integer", + "default": 0 + }, + "region": { + "$id": "#backend_extra_config/backend/lambda/region", + "title": "AWS Region", + "description": "The AWS identifier region\n\nSee: https://www.krakend.io/docs/backends/", + "type": "string", + "examples": ["us-east-1", "eu-west-2"] + }, + "endpoint": { + "$id": "#backend_extra_config/backend/lambda/endpoint", + "title": "Endpoint", + "description": "An optional parameter to customize the Lambda endpoint to call. Useful when Localstack is used for testing instead of direct AWS usage.\n\nSee: https://www.krakend.io/docs/backends/", + "type": "string" + } + } +} \ No newline at end of file diff --git a/v2.5/backend/pubsub/publisher.json b/v2.5/backend/pubsub/publisher.json new file mode 100644 index 0000000..681a8fb --- /dev/null +++ b/v2.5/backend/pubsub/publisher.json @@ -0,0 +1,22 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/backend/pubsub/subscriber.json", + "title": "Pubsub subscriber", + "description": "Publishes to a topic using the desired driver.\n\nSee: https://www.krakend.io/docs/backends/pubsub/", + "type": "object", + "additionalProperties": false, + "required": [ + "topic_url" + ], + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "topic_url": { + "$id": "#backend/pubsub/publisher", + "title": "Topic URL", + "description": "Topic URL according to the selected driver\n\nSee: https://www.krakend.io/docs/backends/pubsub/", + "type": "string" + } + } +} \ No newline at end of file diff --git a/v2.5/backend/pubsub/subscriber.json b/v2.5/backend/pubsub/subscriber.json new file mode 100644 index 0000000..b8fdf46 --- /dev/null +++ b/v2.5/backend/pubsub/subscriber.json @@ -0,0 +1,22 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/backend/pubsub/subscriber.json", + "title": "Pubsub subscriber", + "description": "Subscribes a backend using the desired driver.\n\nSee: https://www.krakend.io/docs/backends/pubsub/", + "type": "object", + "additionalProperties": false, + "required": [ + "subscription_url" + ], + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "subscription_url": { + "$id": "#backend/pubsub/subscriber", + "title": "Subscription URL", + "description": "Subscription URL according to the selected driver\n\nSee: https://www.krakend.io/docs/backends/pubsub/", + "type": "string" + } + } +} \ No newline at end of file diff --git a/v2.5/backend/soap.json b/v2.5/backend/soap.json new file mode 100644 index 0000000..d2b3a5c --- /dev/null +++ b/v2.5/backend/soap.json @@ -0,0 +1,51 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/backend/soap.json", + "title": "SOAP Template modifier", + "description": "Enterprise only. Build and modify requests to communicate with SOAP services.\n\nSee: https://www.krakend.io/docs/backends/soap/", + "type": "object", + "minItems": 1, + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "oneOf": [ + { + "required": ["path"] + }, + { + "required": ["template"] + } + ], + "properties": { + "template": { + "title": "Template", + "description": "An inline base64 encoded Go template with the body XML content you want to send to the SOAP service. This option is useful if you don't want to rely on external files and embed the template in the configuration.\n\nSee: https://www.krakend.io/docs/backends/soap/", + "type": "string" + }, + "path": { + "title": "Path to template", + "description": "The path to the Go template file you want to use to craft the body.\n\nSee: https://www.krakend.io/docs/backends/soap/", + "type": "string", + "examples": [ + "./path/to.xml" + ] + }, + "content_type": { + "title": "Content-Type", + "description": "The `Content-Type` used in your template, and that will be sent to the SOAP server. This is not the content-type the end-user sent in the request.\n\nSee: https://www.krakend.io/docs/backends/soap/", + "type": "string", + "examples": [ + "application/xml", + "text/xml" + ], + "default": "text/xml" + }, + "debug": { + "title": "Enable debug", + "description": "When `true`, shows useful information in the logs with `DEBUG` level about the input received and the body generated. Do not enable in production. Debug logs are multiline and designed fore developer readibility, not machine processing.\n\nSee: https://www.krakend.io/docs/backends/soap/", + "type": "boolean", + "default": false + } + } +} \ No newline at end of file diff --git a/v2.5/backend/static-filesystem.json b/v2.5/backend/static-filesystem.json new file mode 100644 index 0000000..036aabb --- /dev/null +++ b/v2.5/backend/static-filesystem.json @@ -0,0 +1,26 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/backend/static-filesystem.json", + "title": "Enterprise only. Allows you to fetch and serve static content from the disk instead of a remote server, and you can use it to mock data.\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/serve-static-content/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": [ + "path" + ], + "properties": { + "path": { + "title": "Path", + "description": "The folder in the filesystem containing the static files. Relative to the working dir where KrakenD config is (e.g.: `./assets`) or absolute (e.g.: `/var/www/assets`).\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/serve-static-content/", + "type": "string", + "examples": ["./static/"] + }, + "directory_listing": { + "type": "boolean", + "description": "Whether to allow directory listings or not", + "default": false + } + } +} \ No newline at end of file diff --git a/v2.5/backend_extra_config.json b/v2.5/backend_extra_config.json new file mode 100644 index 0000000..c89b5f9 --- /dev/null +++ b/v2.5/backend_extra_config.json @@ -0,0 +1,154 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/backend_extra_config.json", + "title": "Extra configuration for backends", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "plugin/req-resp-modifier": { + "$ref": "plugin/req-resp-modifier.json" + }, + "plugin/http-client": { + "$ref": "plugin/http-client.json" + }, + "auth/client-credentials": { + "$ref": "auth/client-credentials.json" + }, + "auth/ntlm": { + "$ref": "auth/ntlm.json" + }, + "auth/gcp": { + "$ref": "auth/gcp.json" + }, + "backend/amqp/consumer": { + "$ref": "backend/amqp/consumer.json" + }, + "backend/amqp/producer": { + "$ref": "backend/amqp/producer.json" + }, + "backend/grpc": { + "$ref": "backend/grpc.json" + }, + "backend/pubsub/subscriber": { + "$ref": "backend/pubsub/subscriber.json" + }, + "backend/pubsub/publisher": { + "$ref": "backend/pubsub/publisher.json" + }, + "backend/lambda": { + "$ref": "backend/lambda.json" + }, + "backend/soap": { + "$ref": "backend/soap.json" + }, + "modifier/body-generator": { + "$ref": "modifier/body-generator.json" + }, + "modifier/request-body-generator": { + "$ref": "modifier/body-generator.json" + }, + "modifier/response-body-generator": { + "$ref": "modifier/body-generator.json" + }, + "modifier/lua-backend": { + "$ref": "modifier/lua.json" + }, + "modifier/martian": { + "type": "object", + "title": "Martian modifiers", + "$ref": "modifier/martian.json", + "description": "Transform requests and responses through a simple DSL definition in the configuration file.\n\nSee: https://www.krakend.io/docs/backends/martian/" + }, + "modifier/jmespath": { + "$ref": "modifier/jmespath.json" + }, + "qos/http-cache": { + "type": "object", + "title": "Backend Cache", + "description": "Enable in-memory caching for backend responses for as long as its Cache-Control header permits.\n\nSee: https://www.krakend.io/docs/backends/caching/", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "shared": { + "type": "boolean", + "title": "Shared cache", + "description": "The `shared` cache makes that different backend definitions with this flag enabled can reuse the cache. When the `shared` flag is missing or set to false, the backend uses its own cache private context.\n\nSee: https://www.krakend.io/docs/backends/detailed-errors/" + } + } + }, + "qos/circuit-breaker": { + "$ref": "qos/circuit-breaker.json" + }, + "qos/ratelimit/proxy": { + "$ref": "qos/ratelimit/proxy.json" + }, + "proxy": { + "$ref": "proxy.json" + }, + "backend/graphql": { + "$ref": "backend/graphql.json" + }, + "backend/http": { + "properties": { + "return_error_details": { + "type": "string", + "title": "Return error details", + "description": "Returns to the client details of a failing request.\n\nSee: https://www.krakend.io/docs/backends/detailed-errors/" + }, + "return_error_code": { + "type": "boolean", + "title": "Return error code", + "description": "Returns the HTTP status code of the backend (when there is only one). The headers are not returned.\n\nSee: https://www.krakend.io/docs/backends/detailed-errors/" + } + }, + "oneOf": [ + { + "required": [ + "return_error_details" + ] + }, + { + "required": [ + "return_error_code" + ] + } + ] + }, + "backend/http/client": { + "$ref": "backend/http_client.json" + }, + "backend/static-filesystem": { + "$ref": "backend/static-filesystem.json" + }, + "validation/cel": { + "$ref": "validation/cel.json" + }, + "security/policies": { + "anyOf": [ + { + "required": [ + "req" + ] + }, + { + "required": [ + "resp" + ] + } + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "not": { + "required": ["jwt"] + }, + "$ref": "./security/policies.json" + } + } +} \ No newline at end of file diff --git a/v2.5/client_tls.json b/v2.5/client_tls.json new file mode 100644 index 0000000..ee8c97b --- /dev/null +++ b/v2.5/client_tls.json @@ -0,0 +1,126 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/client_tls.json", + "title": "TLS client settings", + "description": "TLS options to connect to upstream services.\n\nSee: https://www.krakend.io/docs/service-settings/tls/", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "allow_insecure_connections": { + "$id": "#client_tls/allow_insecure_connections", + "title": "Allow insecure connections", + "description": "By default, KrakenD verifies every SSL connection. This option allows you to connect to backends considered **insecure**, for instance when you are using self-signed certificates", + "type": "boolean", + "default": false + }, + "ca_certs": { + "$id": "#client_tls/ca_certs", + "title": "CA certificates", + "description": "An array with all the CA certificates you would like to validate the server you are connecting to.\n\nSee: https://www.krakend.io/docs/service-settings/tls/", + "type": "array", + "examples": [ + [ + "ca.pem" + ] + ], + "default": [] + }, + "disable_system_ca_pool": { + "$id": "#client_tls/disable_system_ca_pool", + "title": "Disable system's CA", + "description": "Ignore any certificate in the system's CA. The only certificates loaded will be the ones in the `ca_certs` list when true.\n\nSee: https://www.krakend.io/docs/service-settings/http-server-settings/", + "type": "boolean", + "default": false + }, + "min_version": { + "$id": "client_tls/min_version", + "type": "string", + "title": "Minimum TLS version", + "description": "Minimum TLS version supported. When specifiying very old and insecure versions under TLS12 you must provide the `ciphers_list`.\n\nSee: https://www.krakend.io/docs/service-settings/tls/", + "enum": [ + "SSL3.0", + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "default": "TLS13" + }, + "max_version": { + "$id": "client_tls/max_version", + "type": "string", + "title": "Maximum TLS version", + "description": "Maximum TLS version supported.\n\nSee: https://www.krakend.io/docs/service-settings/tls/", + "enum": [ + "SSL3.0", + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "default": "TLS13" + }, + "curve_preferences": { + "$id": "client_tls/curve_preferences", + "title": "Curve identifiers", + "description": "The list of all the identifiers for the curve preferences. Use `23` for CurveP256, `24` for CurveP384 or `25` for CurveP521.\n\nSee: https://www.krakend.io/docs/service-settings/tls/", + "type": "array", + "uniqueItems": true, + "default": [ + 23, + 24, + 25 + ], + "items": { + "enum": [ + 23, + 24, + 25 + ] + } + }, + "cipher_suites": { + "$id": "client_tls/cipher_suites", + "title": "Cipher Suites", + "description": "The list of cipher suites as defined in the documentation.\n\nSee: https://www.krakend.io/docs/service-settings/tls/", + "type": "array", + "uniqueItems": true, + "default": [ + 4865, + 4866, + 4867 + ] + }, + "client_certs": { + "$id": "client_tls/cipher_suites", + "title": "Cipher Suites", + "description": "The list of cipher suites as defined in the documentation.\n\nSee: https://www.krakend.io/docs/service-settings/tls/", + "type": "array", + "items": { + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": [ + "certificate", + "private_key" + ], + "properties": { + "certificate": { + "type": "string", + "title": "Certificate", + "description": "The path to the certificate you will use for mTLS connections." + }, + "private_key": { + "type": "string", + "title": "Private key", + "description": "The path to the private key you will use for mTLS connections." + } + } + } + } + } +} \ No newline at end of file diff --git a/v2.5/documentation/openapi.json b/v2.5/documentation/openapi.json new file mode 100644 index 0000000..a21efb3 --- /dev/null +++ b/v2.5/documentation/openapi.json @@ -0,0 +1,205 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/documentation/openapi.json", + "title": "Generate documentation using OpenAPI", + "description": "Enterprise only. Generates OpenAPI documentation automatically through `krakend openapi export` command.\n\nSee: https://www.krakend.io/docs/enterprise/developer/openapi/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "description": { + "$id": "#documentation/openapi/description", + "title": "API Description", + "description": "An introductory, optionally verbose, explanation supporting [CommonMark](http://commonmark.org/help/) syntax. If you'd like to load an **external markdown file**, you can use flexible configuration, for instance `\"description\": {{include \"openapi/intro.md\" | toJson }}`\n\nSee: https://www.krakend.io/docs/enterprise/developer/openapi/", + "type": "string", + "examples": [ + "Hi there, I am [OpenAPI](https://www.krakend.io/docs/enterprise/endpoints/openapi/)" + ] + }, + "summary": { + "$id": "#documentation/openapi/summary", + "title": "Summary", + "description": "A short summary for the endpoint. Use the description field for the longest explanation.\n\nSee: https://www.krakend.io/docs/enterprise/developer/openapi/", + "type": "string" + }, + "version": { + "$id": "#documentation/openapi/version", + "title": "Version", + "description": "The version numbering you want to apply to this release of API., e.g.: `1.0`.\n\nSee: https://www.krakend.io/docs/enterprise/developer/openapi/", + "type": "string", + "examples": [ + "1.0" + ] + }, + "host": { + "$id": "#documentation/openapi/host", + "title": "Host", + "description": "The hostname where you will publish your API.\n\nSee: https://www.krakend.io/docs/enterprise/developer/openapi/", + "type": "string", + "examples": [ + "my.api.com" + ] + }, + "base_path": { + "$id": "#documentation/openapi/base_path", + "title": "Base path", + "description": "A starting path that is appended to any endpoint.\n\nSee: https://www.krakend.io/docs/enterprise/developer/openapi/", + "type": "string", + "examples": [ + "/v1" + ] + }, + "terms_of_service": { + "$id": "#documentation/openapi/terms_of_service", + "title": "Terms of Service", + "description": "The URL to the terms of service for using this API.\n\nSee: https://www.krakend.io/docs/enterprise/developer/openapi/", + "type": "string", + "examples": [ + "/v1" + ] + }, + "contact_name": { + "$id": "#documentation/openapi/contact_name", + "title": "Contact name", + "description": "Contact name.\n\nSee: https://www.krakend.io/docs/enterprise/developer/openapi/", + "type": "string", + "examples": [ + "/v1" + ] + }, + "contact_url": { + "$id": "#documentation/openapi/contact_url", + "title": "Contact URL", + "description": "Contact URL that users of your API can read.\n\nSee: https://www.krakend.io/docs/enterprise/developer/openapi/", + "type": "string", + "examples": [ + "/v1" + ] + }, + "contact_email": { + "$id": "#documentation/openapi/contact_email", + "title": "Contact email", + "description": "Email where users of your API can write to.\n\nSee: https://www.krakend.io/docs/enterprise/developer/openapi/", + "type": "string", + "examples": [ + "/v1" + ] + }, + "license_name": { + "$id": "#documentation/openapi/license_name", + "title": "License name", + "description": "The license name (e.g.: Apache License)\n\nSee: https://www.krakend.io/docs/enterprise/developer/openapi/", + "type": "string", + "examples": [ + "/v1" + ] + }, + "license_url": { + "$id": "#documentation/openapi/license_url", + "title": "License URL", + "description": "The URL where the license is hosted\n\nSee: https://www.krakend.io/docs/enterprise/developer/openapi/", + "type": "string", + "examples": [ + "/v1" + ] + }, + "tags": { + "$id": "#documentation/openapi/tags", + "title": "Tags", + "description": "You can assign a list of tags to each API operation. Tagged operations may be handled differently by tools and libraries. For example, Swagger UI uses tags to group the displayed operations.\n\nSee: https://www.krakend.io/docs/enterprise/developer/openapi/", + "type": "array" + }, + "schemes": { + "$id": "#documentation/openapi/schemes", + "title": "Supported schemes", + "description": "The list of schemes supported by the API, e.g. `http` or `https`\n\nSee: https://www.krakend.io/docs/enterprise/developer/openapi/", + "type": "array", + "examples": [ + [ + "https", + "http" + ] + ], + "default": [ + "http" + ] + }, + "audience": { + "$id": "#documentation/openapi/audience", + "title": "Audience", + "description": "The list of audiences that will consume this endpoint. These values **do not define the gateway logic** in any way. They are a way to group endpoints and filter them out when generating the OpenAPI documentation. Use `*` to indicate an endpoint will be present in any audience generated.\n\nSee: https://www.krakend.io/docs/enterprise/developer/openapi/", + "type": "array", + "examples": [ + [ + "gold", + "silver", + "*" + ] + ] + }, + "example": { + "$id": "#documentation/openapi/example", + "title": "Example", + "description": "**Deprecated in OAS3** (use `response_definition` instead). A free form JSON object or a string you would like to show as a sample response of the endpoint. The examples assume they are JSON content types except when using the `output_encoding=string`.\n\nSee: https://www.krakend.io/docs/enterprise/developer/openapi/", + "type": [ + "object", + "string" + ] + }, + "response_definition": { + "$id": "#documentation/openapi/error_definition", + "title": "Definition of errors (OAS3 only)", + "description": "Describes the different status codes returned by this endpoint. Each key is the definition of the status code, represented by a string. E.g., `200` (success), `500` (internal error), etc.\n\nSee: https://www.krakend.io/docs/enterprise/developer/openapi/", + "type": [ + "object" + ], + "examples": [ + { + "404": { + "@comment": "Some comment", + "description": "Page not found", + "example": { + "status": "KO" + }, + "content_type": "application/json" + } + } + ], + "additionalProperties": false, + "patternProperties":{ + "default|^[0-9]+$": { + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": ["content_type"], + "properties": { + "description": { + "type": ["string"], + "title": "Description", + "description": "The description of this error code, e.g., `Page not found`.\n\nSee: https://www.krakend.io/docs/enterprise/developer/openapi/" + }, + "example_schema": { + "type": ["string"], + "pattern": "^[a-zA-Z0-9+/=_-]+$", + "description": "A JSON schema that describes the response format for the selected status code, encoded as a base64 string. Use either example or example_schema, but not both." + }, + "example": { + "type": ["string","object","array","boolean","integer","null","number"], + "title": "Content Type", + "description": "A free form JSON object or a string you would like to show as a sample response of the endpoint. The examples assume they are JSON content types except when using the `output_encoding=string`.\n\nSee: https://www.krakend.io/docs/enterprise/developer/openapi/" + }, + "content_type": { + "type": "string", + "title": "Content Type", + "description": "The content type returned by this error, e.g., `application/json`" + } + } + } + } + } + } +} \ No newline at end of file diff --git a/v2.5/e2e.json b/v2.5/e2e.json new file mode 100644 index 0000000..3fa0a5b --- /dev/null +++ b/v2.5/e2e.json @@ -0,0 +1,151 @@ +{ + "definitions": {}, + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Schema validation for End To End testing specs", + "type": "object", + "required": [ + "in", + "out" + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "in": { + "title": "Input", + "description": "The parameters used to build the request to a running KrakenD with your configuration", + "type": "object", + "required": [ + "url" + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "method": { + "title": "Method", + "description": "The method sent in the request", + "type": "string", + "enum": [ + "GET", + "POST", + "PUT", + "PATCH", + "DELETE" + ], + "default": "GET" + }, + "url": { + "title": "URL", + "description": "The full URL you want to use in the request, including schema, host, port, path, and any additional query string parameters you might need.", + "type": "string", + "examples": [ + "http://localhost:8080/__debug/something" + ] + }, + "header": { + "title": "Headers", + "description": "An optional map of headers to include in the request.", + "type": "object", + "examples": [ + { + "User-Agent": "krakend e2e tool" + } + ] + }, + "body": { + "title": "Body", + "description": "An optional payload you can send in the request as data.", + "type": [ + "object", + "array", + "string" + ] + } + } + }, + "out": { + "title": "Output", + "description": "The expected response from the server", + "type": "object", + "anyOf": [ + { + "required": [ + "status_code" + ] + }, + { + "required": [ + "status_code", + "body" + ] + }, + { + "required": [ + "status_code", + "schema" + ] + } + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "status_code": { + "title": "Status code", + "description": "The integer value of the HTTP status code returned by the server.", + "type": "integer", + "examples": [ + 200 + ] + }, + "body": { + "title": "Body", + "description": "The expected returned body by the response as a string or JSON object. Remove this body field when you don’t want to check its contents, when the response does not have a body, or when you want to use the schema instead.", + "type": [ + "string", + "object" + ], + "examples": [ + "http://localhost:8080/__debug/something" + ] + }, + "header": { + "title": "Headers", + "description": "Checks that all headers included in the response match the provided values. You only need to declare the relevant headers you want, as the rest are ignored. As headers, by RFC definition, can be multiple, you must always use an array to express the values you want to check. You can also check that **a specific header does not exist** in the response declaring an empty value `[\"\"]`.", + "type": "object", + "patternProperties": { + ".*": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "examples": [ + { + "content-type": [ + "application/json; charset=utf-8" + ], + "Cache-Control": [ + "" + ], + "X-Krakend-Completed": [ + "true" + ] + } + ] + }, + "schema": { + "title": "JSON Schema", + "description": "A JSON Schema object that validates the response. This option allows you to work with responses that the literal value is not that important and you want to check the structure of the returned document instead. If the response matches the schema definition, the test passes. If you define a `schema` and a `body` simultaneously only the schema is validated.", + "type": "object", + "$ref": "http://json-schema.org/draft-07/schema#" + } + } + } + } +} \ No newline at end of file diff --git a/v2.5/endpoint.json b/v2.5/endpoint.json new file mode 100644 index 0000000..3c52f30 --- /dev/null +++ b/v2.5/endpoint.json @@ -0,0 +1,146 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/endpoint.json", + "title": "Schema definition for KrakenD endpoints", + "type": "object", + "required": [ + "endpoint", + "backend" + ], + "default": + { + "endpoint": "/foo", + "backend": [ + { + "url_pattern": "/url" + } + ] + } + , + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "endpoint": { + "$id": "#endpoint/endpoint", + "title": "Endpoint", + "description": "The exact string resource URL you want to expose. You can use `{placeholders}` to use variables when needed. URLs do not support colons `:` in their definition. Endpoints should start with slash `/`. Example: `/foo/{var}`. If `{vars}` are placed in the middle words, like in `/var{iable}` you must set in the root level `disable_rest` strict checking. You can also add an ending `/*` in the path to enable [wildcards](/docs/enterprise/endpoints/wildcard/) (Enterprise only)\n\nSee: https://www.krakend.io/docs/endpoints/", + "type": "string", + "examples": [ + "/new-endpoint", + "/foo/{var}", + "/foo/{var1}/{var2}" + ], + "pattern": "^\\/[^\\*\\?\\&\\%]*(\\/\\*)?$" + }, + "method": { + "$id": "#endpoint/method", + "title": "Method", + "description": "The method supported by this endpoint. Create multiple endpoint entries if you need different methods.\n\nSee: https://www.krakend.io/docs/endpoints/", + "type": "string", + "enum": [ + "GET", + "POST", + "PUT", + "PATCH", + "DELETE" + ], + "default": "GET" + }, + "output_encoding": { + "$id": "#endpoint/output_encoding", + "title": "Output encoding", + "description": "The gateway can work with several content types, even allowing your clients to choose how to consume the content. See the [supported encodings](/docs/endpoints/content-types/)", + "type": "string", + "default": "json", + "enum": [ + "json", + "json-collection", + "fast-json", + "xml", + "negotiate", + "string", + "no-op" + ] + }, + "input_query_strings": { + "$id": "#endpoint/input_query_strings", + "title": "Allowed Query String parameters", + "description": "Defines the exact list of quey strings parameters that are allowed to reach the backend.\nBy default, KrakenD won't pass any query string to the backend.\n\nSee: https://www.krakend.io/docs/endpoints/parameter-forwarding/", + "type": "array", + "uniqueItems": true, + "default": [], + "items": { + "$id": "#endpoint/input_query_strings/items", + "type": "string", + "examples": [ + "page", + "limit", + "*" + ] + } + }, + "input_headers": { + "$id": "#endpoint/input_headers", + "title": "Allowed Headers In", + "description": "Defines the list of all headers allowed to reach the backend when passed.\nBy default, KrakenD won't pass any header from the client to the backend. See [headers forwarding](/docs/endpoints/parameter-forwarding/#headers-forwarding)", + "type": "array", + "uniqueItems": true, + "default": [], + "items": { + "$id": "#endpoint/input_headers/items", + "type": "string", + "examples": [ + "User-Agent", + "Accept", + "*" + ] + } + }, + "concurrent_calls": { + "$id": "#endpoint/concurrent_calls", + "title": "Concurrent calls", + "description": "The concurrent requests are an excellent technique to improve the response times and decrease error rates by requesting in parallel the same information multiple times. Yes, you make the same request to several backends instead of asking to just one. When the first backend returns the information, the remaining requests are canceled.\n\nSee: https://www.krakend.io/docs/endpoints/concurrent-requests/", + "type": "integer", + "minimum": 1, + "maximum": 5, + "default": 1 + }, + "timeout": { + "$id": "#endpoint/timeout", + "title": "Timeout", + "description": "The duration you write in the timeout represents the **whole duration of the pipe**, so it counts the time all your backends take to respond and the processing of all the components involved in the endpoint (the request, fetching data, manipulation, etc.). Usually specified in seconds (`s`) or milliseconds (`ms`. e.g.: `2000ms` or `2s`). If you don't set any timeout, the timeout is taken from the entry in the service level, or to the system's default", + "type": "string", + "$ref": "timeunits.json#/$defs/timeunit", + "examples": [ + "2s", + "1500ms" + ], + "default": "2s" + }, + "cache_ttl": { + "$id": "#endpoint/cache_ttl", + "title": "Cache TTL", + "description": "Sets or overrides the cache headers to inform for how long the client or CDN can cache the request to this endpoint. Setting this value to a zero-value will use the `cache_ttl` of the service if any. Related: [caching backend responses](/docs/backends/caching/).", + "$ref": "timeunits.json#/$defs/timeunit" + }, + "backend": { + "type": "array", + "title": "Backend", + "description": "List of all the [backend objects](/docs/backends/) queried for this endpoint", + "items": { + "type": "object", + "$ref": "backend.json" + }, + "minItems": 1 + }, + "extra_config": { + "type": "object", + "title": "Extra configuration", + "description": "Configuration entries for additional components that are executed within this endpoint, during the request, response or merge operations.", + "$ref": "endpoint_extra_config.json" + } + + } +} \ No newline at end of file diff --git a/v2.5/endpoint_extra_config.json b/v2.5/endpoint_extra_config.json new file mode 100644 index 0000000..0753569 --- /dev/null +++ b/v2.5/endpoint_extra_config.json @@ -0,0 +1,175 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/endpoint_extra_config.json", + "title": "Schema definition for extra_config of endpoints", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "plugin/req-resp-modifier": { + "$ref": "plugin/req-resp-modifier.json" + }, + "qos/ratelimit/router": { + "$ref": "qos/ratelimit/router.json", + "title": "Router Rate-limiting", + "description": "The router rate limit feature allows you to set a number of maximum requests per second a KrakenD endpoint will accept.\n\nSee: https://www.krakend.io/docs/endpoints/rate-limit/" + }, + "proxy": { + "$id": "#endpoint_extra_config/proxy", + "title": "Proxy", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "combiner": { + "$id": "#endpoint_extra_config/proxy/combiner", + "title": "Custom combiner", + "description": "For custom builds of KrakenD only", + "type": "string", + "examples": [ + "combiner_name" + ] + }, + "sequential": { + "$id": "#endpoint_extra_config/proxy/sequential", + "title": "Sequential proxy", + "description": "The sequential proxy allows you to chain backend requests, making calls dependent one of each other.\n\nSee: https://www.krakend.io/docs/endpoints/sequential-proxy/", + "type": "boolean", + "default": true + }, + "static": { + "$id": "#endpoint_extra_config/proxy/static", + "title": "Static response", + "description": "The static proxy injects static data in the final response when the selected strategy matches.\n\nSee: https://www.krakend.io/docs/endpoints/static-proxy/", + "type": "object", + "required": [ + "data", + "strategy" + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "data": { + "$id": "#endpoint_extra_config/proxy/static/data", + "title": "Data", + "description": "The static data (as a JSON object) that you will return.\n\nSee: https://www.krakend.io/docs/endpoints/static-proxy/", + "type": "object" + }, + "strategy": { + "$id": "#endpoint_extra_config/proxy/static/strategy", + "title": "Strategy", + "description": "One of the supported strategies\n\nSee: https://www.krakend.io/docs/endpoints/static-proxy/", + "type": "string", + "enum": [ + "always", + "success", + "complete", + "errored", + "incomplete" + ] + } + } + }, + "flatmap_filter": { + "$id": "#proxy/flatmap_filter", + "title": "Flatmap (Array manipulation)", + "description": "The list of operations to **execute sequentially** (top down). Every operation is defined with an object containing two properties:\n\nSee: https://www.krakend.io/docs/backends/flatmap/", + "type": "array", + "$ref": "proxy/flatmap.json" + } + } + }, + "security/http": { + "$ref": "security/http.json" + }, + "security/cors": { + "$ref": "security/cors.json" + }, + "security/policies": { + "$ref": "security/policies.json" + }, + "auth/validator": { + "$ref": "auth/validator.json" + }, + "auth/signer": { + "$ref": "auth/signer.json" + }, + "auth/basic": { + "$ref": "auth/basic.json" + }, + "security/bot-detector": { + "$ref": "security/bot-detector.json" + }, + "modifier/lua-proxy": { + "$ref": "modifier/lua.json" + }, + "modifier/lua-endpoint": { + "$ref": "modifier/lua.json" + }, + "modifier/jmespath": { + "$ref": "modifier/jmespath.json" + }, + "modifier/request-body-generator": { + "$ref": "modifier/body-generator.json" + }, + "modifier/response-body-generator": { + "$ref": "modifier/body-generator.json" + }, + "validation/json-schema": { + "title": "Validating the body with the JSON Schema", + "description": "apply automatic validations using the JSON Schema vocabulary before the content passes to the backends. The json schema component allows you to define validation rules on the body, type definition, or even validate the fields' values.\n\nSee: https://www.krakend.io/docs/endpoints/json-schema/", + "type": "object" + }, + "validation/cel": { + "$ref": "validation/cel.json" + }, + "websocket": { + "$ref": "websocket.json" + }, + "documentation/openapi": { + "$ref": "documentation/openapi.json" + }, + "auth/api-keys": { + "type": "object", + "title": "API-key validation", + "description": "Enterprise only. Validates that users of this endpoint pass a valid API-key containing one of the declared roles.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/api-keys/", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "roles": { + "type": "array", + "title": "", + "description": "The list of roles allowed to access the endpoint. Values must match (case sensitive) definitions in the `keys` section at the service level of `auth/api-keys`. API Keys not having the right role, or unauthenticated requests, will receive a `401 Unauthorized`.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/api-keys/", + "items": { + "type": "string" + } + }, + "client_max_rate": { + "type": "number", + "title": "Max rate", + "description": "If you want to limit the endpoint usage to this specific user at a number of requests per second. Exceeding the number of requests per second will give the client a `429 Too Many Requests` HTTP status code.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/api-keys/" + }, + "identifier": { + "title": "Override Identifier", + "description": "The header name or the query string name that contains the API key. By default uses any value declared in the `auth/api-keys` component in the service level.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/api-keys/", + "type": "string" + }, + "strategy": { + "$id": "#auth/api-keys/strategy", + "title": "Strategy", + "description": "Specifies where to expect the user API key, whether inside a header or as part of the query string. When you change the strategy at the endpoint level, **you should also set the identifier**, otherwise you could have for instance, a query string strategy expecting to have a URL like `/foo?Authorization=YOUR-KEY`.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/api-keys/", + "type": "string", + "enum": ["header","query_string"] + } + } + } + } +} \ No newline at end of file diff --git a/v2.5/grpc.json b/v2.5/grpc.json new file mode 100644 index 0000000..57f201b --- /dev/null +++ b/v2.5/grpc.json @@ -0,0 +1,28 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/grpc.json", + "title": "gRPC catalog definition", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": [ + "catalog" + ], + "properties": { + "catalog": { + "title": "Catalog definition", + "description": "The paths to the different `.pb` files you want to load, or the paths to directories containing `.pb` files. All content is scanned in the order of the list, and after fetching all files it resolves the dependencies of their imports. The order you use here is not important to resolve imports, but it matters when there are conflicts (different files using the same namespace and package type).\n\nSee: https://www.krakend.io/docs/backends/grpc/", + "type": "array", + "examples": [ + "./grpc/flights.pb", + "./grpc/definitions", + "/etc/krakend/grpc" + ], + "items": { + "type": "string" + } + } + } +} \ No newline at end of file diff --git a/v2.5/krakend.json b/v2.5/krakend.json new file mode 100644 index 0000000..48934ed --- /dev/null +++ b/v2.5/krakend.json @@ -0,0 +1,292 @@ +{ + "definitions": {}, + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/krakend.json", + "title": "Schema validation for KrakenD", + "type": "object", + "required": [ + "version" + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "version": { + "$id": "#service/version", + "type": "integer", + "title": "Version of this syntax", + "description": "The syntax version tells KrakenD how to read this configuration. This is not the KrakenD version. Each KrakenD version is linked to a syntax version, and since KrakenD v2.0 the version must be `3`", + "enum": [ + 3 + ] + }, + "host": { + "$id": "#service/host", + "title": "Default host", + "description": "The default host list for all backends if they specify none.", + "type": "array", + "items": { + "type": "string" + } + }, + "debug_endpoint": { + "$id": "#service/debug_endpoint", + "title": "Debug endpoint", + "description": "Enables the `/__debug/` endpoint for this configuration. You can safely enable it in production.", + "type": "boolean", + "default": false + }, + "echo_endpoint": { + "$id": "#service/echo_endpoint", + "title": "Echo endpoint", + "description": "Enables the `/__echo/` endpoint for this configuration, that returns information about the incoming request. When using /__echo as a backend you can check the actual headers and content a backend receives after all the zero-trust filtering.", + "type": "boolean", + "default": false + }, + "sequential_start": { + "$id": "#service/sequential_start", + "title": "Sequential start", + "description": "A sequential start registers all async agents in order, allowing you to have the starting logs in sequential order. A non-sequential start is much faster, but logs are harder to follow.\n\nSee: https://www.krakend.io/docs/service-settings/http-server-settings/", + "type": "boolean", + "default": false + }, + "async_agent": { + "$ref": "async_agent.json" + }, + "name": { + "$id": "#service/name", + "title": "Name", + "description": "Used in telemetry. A friendly name, title, date, version or any other short description that helps you recognize the configuration.", + "default": "KrakenD configuration at MyCompany", + "type": "string" + }, + "port": { + "$id": "#service/port", + "title": "Port", + "description": "The TCP port where KrakenD is listening to. Recommended value is in the range 1024-65535 to run as an unpriviliged user", + "type": "integer", + "minimum": 0, + "maximum": 65535, + "default": 8080 + }, + "listen_ip": { + "$id": "#service/listen_ip", + "title": "Listen IP", + "description": "The IP address that KrakenD listens to in IPv4, IPv6, or IPv4-mapped IPv6 formats. An empty string, or no declaration at all means listening on all interfaces. The inclusion of `::` is meant for IPv6 format only (**this is not the port**). Examples of valid addresses are `192.0.2.1` (IPv4), `2001:db8::68` (IPv6), or `::ffff:192.0.2.1` (IPv4-mapped IPv6).", + "type": "string", + "default": "", + "examples": ["172.12.1.1","::1","::1:127.0.0.1"] + }, + "timeout": { + "$id": "#service/timeout", + "title": "Global timeout", + "description": "Defines a default timeout for all endpoints. Can be overriden per endpoint.\n\nSee: https://www.krakend.io/docs/service-settings/http-transport-settings/#global-timeout", + "type": "string", + "$ref": "timeunits.json#/$defs/timeunit", + "default": "2s" + }, + "cache_ttl": { + "$id": "#service/cache_ttl", + "title": "Cache TTL", + "description": "Sets a default `Cache-Control: public, max-age=%d` header to all endpoints where `%d` is the conversion to seconds of any duration you write, indicating for how long the client (or CDN) can cache the content of the request. You can override this value per endpoint, but setting an endpoint to 0 will use the default value instead. Notice that KrakenD does not cache the content with this parameter, but tells the client how to do it. Defaults to `0s` (no cache). **For KrakenD cache, see [backend caching](/docs/backends/caching/)**.", + "type": "string", + "default": "0s", + "$ref": "timeunits.json#/$defs/timeunit" + }, + "output_encoding": { + "$id": "#service/output_encoding", + "title": "Output Encoding", + "description": "The encoding used to display the content to the end-user.\n\nSee: https://www.krakend.io/docs/endpoints/content-types/", + "type": "string", + "default": "json", + "enum": [ + "json", + "fast-json", + "json-collection", + "xml", + "negotiate", + "string", + "no-op" + ] + }, + "read_timeout": { + "$id": "#service/read_timeout", + "title": "HTTP read timeout", + "description": "Is the maximum duration for reading the entire request, including the body. Because `read_timeout` does not let Handlers make per-request decisions on each request body's acceptable deadline or upload rate, most users will prefer to use `read_header_timeout`. It is valid to use them both.\n\nSee: https://www.krakend.io/docs/service-settings/http-server-settings/", + "type": "string", + "default": "0s", + "$ref": "timeunits.json#/$defs/timeunit" + }, + "read_header_timeout": { + "$id": "#service/read_header_timeout", + "title": "HTTP Idle timeout", + "description": "The amount of time allowed to read request headers. The connection's read deadline is reset after reading the headers and the Handler can decide what is considered too slow for the body.\n\nSee: https://www.krakend.io/docs/service-settings/http-server-settings/", + "type": "string", + "default": "0s", + "$ref": "timeunits.json#/$defs/timeunit" + }, + "write_timeout": { + "$id": "#service/write_timeout", + "title": "HTTP write timeout", + "description": "Maximum duration before timing out writes of the response.\n\nSee: https://www.krakend.io/docs/service-settings/http-server-settings/", + "type": "string", + "default": "0s", + "$ref": "timeunits.json#/$defs/timeunit" + }, + "idle_timeout": { + "$id": "#service/idle_timeout", + "title": "HTTP Idle timeout", + "description": "The maximum amount of time to wait for the next request when keep-alives are enabled. If `idle_timeout` is zero, the value of `read_timeout` is used. If both are zero, there is no timeout.\n\nSee: https://www.krakend.io/docs/service-settings/http-server-settings/", + "type": "string", + "default": "0s", + "$ref": "timeunits.json#/$defs/timeunit" + }, + "dialer_timeout": { + "$id": "#service/dialer_timeout", + "title": "Dialer Timeout", + "description": "The timeout of the dial function for creating connections.The default is no timeout. With or without a timeout, the operating system may impose its own earlier timeout.\n\nSee: https://www.krakend.io/docs/service-settings/http-transport-settings/", + "type": "string", + "default": "0s", + "$ref": "timeunits.json#/$defs/timeunit" + }, + "dialer_keep_alive": { + "$id": "#service/dialer_keep_alive", + "title": "Dialer keep alive", + "description": "The interval between keep-alive probes for an active network connection. If zero, keep-alive probes are sent with a default value (currently 15 seconds), if supported by the protocol and operating system. Network protocols or operating systems that do not support keep-alives ignore this field. If negative, keep-alive probes are disabled.\n\nSee: https://www.krakend.io/docs/service-settings/http-transport-settings/", + "type": "string", + "$ref": "timeunits.json#/$defs/timeunit", + "default": "15s" + }, + "dialer_fallback_delay": { + "$id": "#service/dialer_fallback_delay", + "title": "Dialer fallback delay", + "description": "Specifies the length of time to wait before spawning a RFC 6555 Fast Fallback connection. If zero, a default delay of 300ms is used.\n\nSee: https://www.krakend.io/docs/service-settings/http-transport-settings/", + "type": "string", + "$ref": "timeunits.json#/$defs/timeunit", + "default": "300ms" + }, + "disable_compression": { + "$id": "#service/disable_compression", + "title": "Disable compression", + "description": "When true prevents requesting compression with an `Accept-Encoding: gzip` request header when the Request contains no existing Accept-Encoding value. If the Transport requests gzip on its own and gets a gzipped response, it's transparently decoded. However, if the user explicitly requested gzip it is not automatically uncompressed.\n\nSee: https://www.krakend.io/docs/service-settings/http-transport-settings/", + "type": "boolean", + "default": false + }, + "disable_keep_alives": { + "$id": "#service/disable_keep_alives", + "title": "Disable keep alives", + "description": "When true it disables HTTP keep-alives and will only use the connection to the server for a single HTTP request.\n\nSee: https://www.krakend.io/docs/service-settings/http-transport-settings/", + "type": "boolean", + "default": false + }, + "max_idle_connections": { + "$id": "#service/max_idle_connections", + "title": "Max idle connections", + "description": "The maximum number of idle (keep-alive) connections across all hosts. Zero means no limit.\n\nSee: https://www.krakend.io/docs/service-settings/http-transport-settings/", + "type": "integer", + "default": 0 + }, + "max_idle_connections_per_host": { + "$id": "#service/max_idle_connections_per_host", + "title": "Max idle connections per host", + "description": "If non-zero, controls the maximum idle (keep-alive) connections to keep per-host. If zero, `250` is used instead.\n\nSee: https://www.krakend.io/docs/service-settings/http-transport-settings/", + "type": "integer", + "default": 250 + }, + "idle_connection_timeout": { + "$id": "#service/idle_connection_timeout", + "title": "HTTP Idle timeout", + "description": "The maximum number of idle (keep-alive) connections across all hosts. Zero means no limit.\n\nSee: https://www.krakend.io/docs/service-settings/http-transport-settings/", + "type": "string", + "default": "0s", + "$ref": "timeunits.json#/$defs/timeunit" + }, + "response_header_timeout": { + "$id": "#service/response_header_timeout", + "title": "Response header timeout", + "description": "If non-zero, specifies the amount of time to wait for a server's response headers after fully writing the request (including its body, if any). This time does not include the time to read the response body.\n\nSee: https://www.krakend.io/docs/service-settings/http-transport-settings/", + "type": "string", + "default": "0s", + "$ref": "timeunits.json#/$defs/timeunit" + }, + "expect_continue_timeout": { + "$id": "#service/expect_continue_timeout", + "title": "Expect_continue_timeout", + "description": "If non-zero, specifies the amount of time to wait for a server's first response headers after fully writing the request headers if the request has an `Expect: 100-continue` header. Zero means no timeout and causes the body to be sent immediately, without waiting for the server to approve. This time does not include the time to send the request header.\n\nSee: https://www.krakend.io/docs/service-settings/http-transport-settings/", + "type": "string", + "default": "0s", + "$ref": "timeunits.json#/$defs/timeunit" + }, + "disable_rest": { + "$id": "#service/disable_rest", + "title": "Disable RESTful URLs", + "description": "Only RESTful URL patterns are valid to access backends. Set to true if your backends aren't RESTful, e.g.: `/url.{some_variable}.json`", + "type": "boolean", + "default": false + }, + "client_tls": { + "title": "TLS Client settings", + "description": "Allows to set specific transport settings when using TLS in your upstream services. See [TLS Client](/docs/service-settings/tls/) for more settings", + "$ref": "client_tls.json" + }, + "tls": { + "$ref": "tls.json" + }, + "plugin": { + "$id": "#service/plugin", + "title": "Plugin", + "description": "Enables external plugins that are copied in a specific folder", + "type": "object", + "required": [ + "pattern", + "folder" + ], + "properties": { + "pattern": { + "$id": "#service/plugin/pattern", + "title": "Pattern", + "description": "The pattern narrows down the contents of the folder. It represents the substring that must be present in the plugin name to load.", + "type": "string", + "examples": [ + ".so", + "-production.so" + ], + "default": ".so" + }, + "folder": { + "$id": "#service/plugin/folder", + "title": "Folder", + "description": "The path in the filesystem where all the plugins you want to load are. MUST END IN SLASH. The folder can be a relative or absolute path. KrakenD Enterprise uses /opt/krakend/plugins/ for all plugins.", + "type": "string", + "examples": [ + "/opt/krakend/plugins/", + "./plugins/" + ], + "default": "/opt/krakend/plugins/" + } + } + }, + "endpoints": { + "type": "array", + "title": "Endpoints", + "description": "Your API contract, or the list of all paths recognized by this gateway. The paths `/__health/`, `/__debug/`, `/__echo/`, `/__catchall`, and `/__stats/` are reserved by the system and you cannot declare them. Their existence depends on their respective settings.\n\nSee: https://www.krakend.io/docs/endpoints/", + "items": { + "type": "object", + "$ref": "endpoint.json" + } + }, + "extra_config": { + "title": "Extra configuration", + "description": "The optional configuration that extends the core functionality of the gateway is specified here. The `extra_config` at this level enables service components, meaning that they apply globally to all endpoints or activity.", + "type": "object", + "$ref": "service_extra_config.json" + }, + "use_h2c": { + "title": "Enable h2c", + "description": "Enable the support for HTTP/2 with no TLS (clear text). This option is less secure and less performant, use with caution.\n\nSee: https://www.krakend.io/docs/service-settings/router-options/", + "type": "boolean", + "default": false + } + } +} \ No newline at end of file diff --git a/v2.5/modifier/body-generator.json b/v2.5/modifier/body-generator.json new file mode 100644 index 0000000..1baaa72 --- /dev/null +++ b/v2.5/modifier/body-generator.json @@ -0,0 +1,53 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/modifier/body-generator.json", + "title": "Template-based body generator", + "description": "Enterprise only. Crafts the body/payload using a templating system.\n\nSee: https://www.krakend.io/backends/body-generator/", + "@comment": "This schema is used by modifier/request-body-generator and modifier/body-generator simultaneously", + "type": "object", + "minItems": 1, + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "oneOf": [ + { + "required": ["path"] + }, + { + "required": ["template"] + } + ], + "properties": { + "template": { + "title": "Template", + "description": "An inline base64 encoded Go template with the body you want to generate. This option is useful if you want to have the template embedded in the configuration instead of an external file.\n\nSee: https://www.krakend.io/docs/backends/body-generator/", + "type": "string" + }, + "path": { + "title": "Path to template", + "description": "The path to the Go template file you want to use to craft the body.\n\nSee: https://www.krakend.io/docs/backends/body-generator/", + "type": "string", + "examples": [ + "./path/to.tmpl" + ] + }, + "content_type": { + "title": "Content-Type", + "description": "The `Content-Type` you are generating in the template, so it can be recognized by whoever is using it.\n\nSee: https://www.krakend.io/docs/backends/body-generator/", + "type": "string", + "examples": [ + "application/json", + "application/xml", + "text/xml" + ], + "default": "application/json" + }, + "debug": { + "title": "Enable debug", + "description": "When `true`, shows useful information in the logs with `DEBUG` level about the input received and the body generated. Do not enable in production. Debug logs are multiline and designed fore developer readibility, not machine processing.\n\nSee: https://www.krakend.io/docs/backends/body-generator/", + "type": "boolean", + "default": false + } + } +} \ No newline at end of file diff --git a/v2.5/modifier/jmespath.json b/v2.5/modifier/jmespath.json new file mode 100644 index 0000000..811716d --- /dev/null +++ b/v2.5/modifier/jmespath.json @@ -0,0 +1,21 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/modifier/body-generator.json", + "description": "The JMESPath query language allows you to select, slice, filter, map, project, flatten, sort, and all sorts of operations on data.\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/jmespath/", + "title": " JMESPath: Response manipulation with query language", + "type": "object", + "required": [ + "expr" + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "expr": { + "title": "Expression", + "description": "The JMESPath expression you want to apply to this endpoint.\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/jmespath/", + "type": "string" + } + } +} \ No newline at end of file diff --git a/v2.5/modifier/lua.json b/v2.5/modifier/lua.json new file mode 100644 index 0000000..7c2dcf3 --- /dev/null +++ b/v2.5/modifier/lua.json @@ -0,0 +1,62 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/modifier/lua.json", + "title": "Lua modifier", + "description": "Scripting with Lua is an additional choice to extend your business logic, and is compatible with the rest of options such as CEL, Martian, or other Go plugins and middlewares.\n\nSee: https://www.krakend.io/docs/endpoints/lua/", + "type": "object", + "minItems": 1, + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "sources": { + "title": "Sources", + "description": "An array with all the Lua files that will be processed. If no path is provided (e.g., `myfile.lua`) the file loads from the working directory (same place you loaded the configuration, usually `/etc/krakend`)\n\nSee: https://www.krakend.io/docs/endpoints/lua/", + "type": "array" + }, + "md5": { + "title": "MD5 Checksum", + "description": "The md5sum is an extra security feature to make sure that once you have coded the Lua script, the MD5 of what is loaded into memory matches what you expect and has not been tampered by a malicious 3rd party. The key of the object must match **exactly** the filename under sources, **including all the path**.\n\nSee: https://www.krakend.io/docs/endpoints/lua/", + "type": "object", + "examples": [ + { "./path/to/file1.lua": "49ae50f58e35f4821ad4550e1a4d1de0"} + ] + }, + "pre": { + "title": "Pre-execution code", + "description": "The Lua code that is executed **before** performing the request. Unlike `post`, it's available in all sections. You can write all the Lua code inline (e.g., `print('Hi'); print('there!')` but you can also call functions that live inside one of the files under `sources` (e.g., `my_function()`).\n\nSee: https://www.krakend.io/docs/endpoints/lua/", + "type": "string", + "examples": [ + "print('Backend response, pre-logic:'); local r = request.load(); print(r:body());" + ] + }, + "live": { + "title": "Live reload", + "description": "For security and efficiency, the Lua script is loaded once into memory and not reloaded even if the file contents change. Set this flag to `true` if you want to modify the Lua script while KrakenD is running and apply the changes live (mostly during development to avoid the snippet being cached).\n\nSee: https://www.krakend.io/docs/endpoints/lua/", + "type": "boolean", + "default": false + }, + "allow_open_libs": { + "title": "Open external libs", + "description": "As an efficiency point the Lua component does not load the standard libraries by default. If you need to import Lua libraries (e.g, the I/O, String, etc.), then you must set this flag to true.\n\nSee: https://www.krakend.io/docs/endpoints/lua/", + "type": "boolean", + "default": false + }, + + "skip_next": { + "title": "Skip next", + "description": "Available on the `backend` section only. Instead of connecting to next backend in the pipe, returns an empty response and executes the `post` lua function.\n\nSee: https://www.krakend.io/docs/endpoints/lua/", + "type": "boolean", + "default": false + }, + "post": { + "title": "post-execution code", + "description": "The Lua code that is executed **after** performing the request. Available when used in the `backend` section. You can write all the Lua code inline (e.g., `print('Hi'); print('there!')` but you can also call functions that live inside one of the files under `sources` (e.g., `my_function()`).\n\nSee: https://www.krakend.io/docs/endpoints/lua/", + "type": "string", + "examples": [ + "local r = response.load(); r:headers('Set-Cookie', 'key1='.. r:data('response'));" + ] + } + } +} \ No newline at end of file diff --git a/v2.5/modifier/martian.json b/v2.5/modifier/martian.json new file mode 100644 index 0000000..0f4f2fa --- /dev/null +++ b/v2.5/modifier/martian.json @@ -0,0 +1,587 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/modifier/martian.json", + "title": "Martian modifiers", + "description": "The Martian component allows you to modify requests and responses with static data through a simple DSL definition in the configuration file.\n\nSee: https://www.krakend.io/docs/endpoints/martian/", + "type": "object", + "minItems": 1, + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "body.Modifier": { + "title": "Body Modifier", + "description": "The body.Modifier changes or sets the body of a request or response. The body must be uncompressed and Base64 encoded.\n\nSee: https://www.krakend.io/docs/backends/martian/", + "type": "object", + "required": ["scope", "body"], + "properties": { + "scope": { + "title": "Scope", + "description": "Scopes in which this modifier acts", + "type": "array", + "enum": [["request", "response"],["request"], ["response"]] + }, + "body": { + "title": "Body in base64", + "description": "The body you want to set, formatted in base64.", + "type": "string" + } + } + }, + "cookie.Modifier": { + "title": "Cookie Modifier", + "description": "Adds a cookie to a request or a response. If you set cookies in a response, the cookies are only set to the client when you use no-op encoding.\n\nSee: https://www.krakend.io/docs/backends/martian/", + "type": "object", + "required": ["scope", "name", "value"], + "properties": { + "scope": { + "title": "Scope", + "description": "Scopes in which this modifier acts", + "type": "array", + "enum": [["request", "response"],["request"], ["response"]] + }, + "name": { + "description": "Name of the Cookie you want to set", + "type": "string" + }, + "value": { + "description": "Value of the Cookie you want to set", + "type": "string" + }, + "path": { + "description": "Path of the Cookie you want to set", + "type": "string", + "examples": ["/path/to"] + }, + "domain": { + "description": "Domain of the Cookie you want to set", + "type": "string", + "examples": ["example.com"] + }, + "expires": { + "description": "Date in RFC 3339 format and is absolute, not relative to the current time.", + "type": "string", + "examples": ["2025-04-12T23:20:50.52Z"] + }, + "secure": { + "description": "Cookie secure flag. When `true`, the user agent will include the cookie in the request when using https only", + "type": "boolean", + "default": false + }, + "httpOnly": { + "description": "Create the Cookie with the httpOnly flag. When `true`, mitigates the risk of client side script accessing the protected cookie (if the browser supports it), mitigating the Most Common XSS", + "type": "boolean", + "default": false + }, + "maxAge": { + "description": "For how long this Cookie is valid, in seconds. `0` means that the attribute is not set. `maxAge<0` means delete cookie now", + "type": "integer", + "default": 0 + } + } + }, + "url.Modifier": { + "title": "URL Modifier", + "description": "The url.Modifier allows you to change the URL despite what is set in the host and url_pattern combination.\n\nSee: https://www.krakend.io/docs/backends/martian/", + "type": "object", + "required": ["scope"], + "properties": { + "scope": { + "title": "Scope", + "description": "Scopes in which this modifier acts", + "type": "array", + "enum": [["request"]] + }, + "scheme": { + "description": "The scheme to apply", + "type": "string", + "examples": ["http", "https"] + }, + "host": { + "description": "The hostname part of the URL including the port", + "type": "string", + "examples": ["example.com", "localhost:8080"] + }, + "path": { + "description": "The path part of the URL", + "type": "string", + "examples": ["/path/to"] + }, + "query": { + "description": "Sets the query string parameters you want to pass, overwriting anything passed in the request. Notice that if you set a `query`, if the user passes other query string parameters listed under `input_query_strings`, they will be lost, and only the values passed in the modifier will be sent. For such uses, see the `querystring.Modifier`", + "type": "string", + "examples": ["param=1","key1=val&key2=val"] + } + } + }, + "querystring.Modifier": { + "title": "Querystring Modifier", + "description": "The querystring.Modifier adds a new query string or modifies existing ones in the request.\n\nSee: https://www.krakend.io/docs/backends/martian/", + "type": "object", + "required": ["scope", "name", "value"], + "properties": { + "scope": { + "title": "Scope", + "description": "Scopes in which this modifier acts", + "type": "array", + "enum": [["request"]] + }, + "name": { + "description": "Name of the query string you want to set", + "type": "string", + "examples": ["page", "limit"] + }, + "value": { + "description": "The value of the query string you want to set", + "type": "string" + } + } + }, + "header.Copy": { + "title": "Header Copy", + "description": "The header.Copy lets you duplicate a header using another name\n\nSee: https://www.krakend.io/docs/backends/martian/", + "type": "object", + "required": ["scope", "from", "to"], + "properties": { + "scope": { + "title": "Scope", + "description": "Scopes in which this modifier acts", + "type": "array", + "enum": [["request", "response"],["request"], ["response"]] + }, + "from": { + "description": "The origin header you want to copy. When the header is provided by the user it must be included in the `input_headers` list.", + "type": "string" + }, + "to": { + "description": "The destination header you want to create. If this header is returned to the end-user you must use `no-op` in the `output_encoding` of the endpoint.", + "type": "string" + } + } + }, + "stash.Modifier": { + "title": "Stash Modifier", + "description": "The stash.Modifier creates a new header (or replaces an existing one with a matching name) containing the value of the original URL and all its query string parameters.\n\nSee: https://www.krakend.io/docs/backends/martian/", + "type": "object", + "required": ["scope", "headerName"], + "properties": { + "scope": { + "title": "Scope", + "description": "Scopes in which this modifier acts", + "type": "array", + "enum": [["request", "response"],["request"], ["response"]] + }, + "headerName": { + "description": "The header you want to create. If this header is returned to the end-user you must use `no-op` in the `output_encoding` of the endpoint.", + "type": "string" + } + } + }, + "header.Modifier": { + "title": "Header Modifier", + "description": "The header.Modifier adds a new header or changes the value of an existing one.\n\nSee: https://www.krakend.io/docs/backends/martian/", + "type": "object", + "required": ["scope", "name", "value"], + "properties": { + "scope": { + "title": "Scope", + "description": "Scopes in which this modifier acts", + "type": "array", + "enum": [["request", "response"],["request"], ["response"]] + }, + "name": { + "description": "Value of the header you want to set", + "type": "string" + }, + "value": { + "description": "Name of the header you want to set", + "type": "string" + } + } + }, + "header.Id": { + "title": "Header Id", + "description": "\n\nSee: https://www.krakend.io/docs/backends/martian/", + "type": "object", + "required": ["scope"], + "properties": { + "scope": { + "title": "Scope", + "description": "Scopes in which this modifier acts", + "type": "array", + "enum": [["request"]] + } + } + }, + "header.Append": { + "title": "Append a header", + "description": "\n\nSee: https://www.krakend.io/docs/backends/martian/", + "type": "object", + "required": ["scope", "name", "value"], + "properties": { + "scope": { + "title": "Scope", + "description": "Scopes in which this modifier acts", + "type": "array", + "enum": [["request", "response"],["request"], ["response"]] + }, + "name": { + "description": "Name of the header you want to append a value. Add the same name under the `input_headers` list to append more values to an existing header passed by the client. In addition, to see the header in the response, you must use `no-op`.", + "type": "string" + }, + "value": { + "description": "The value you want to add or append.", + "type": "string" + } + } + }, + "header.Blacklist": { + "title": "Blacklist headers", + "description": "The header.Blacklist removes the listed headers under names in the request and response of the backend.\n\nSee: https://www.krakend.io/docs/backends/martian/", + "type": "object", + "required": ["scope", "names"], + "properties": { + "scope": { + "title": "Scope", + "description": "Scopes in which this modifier acts", + "type": "array", + "enum": [["request", "response"],["request"], ["response"]] + }, + "names": { + "description": "List of all the headers you want to supress from the request or the response. If you want to see the headers in the client, you must use the `output_encoding: no-op`, and if you want the client headers to propagate to the backend, you need to use `input_headers` too.", + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "port.Modifier": { + "title": "Port Modifier", + "description": "The port.Modifier alters the request URL and Host header to use the provided port.\n\nSee: https://www.krakend.io/docs/backends/martian/", + "type": "object", + "oneOf": [ + { + "required": ["scope","port"] + }, + { + "required": ["scope","defaultForScheme"] + }, + { + "required": ["scope","remove"] + } + ], + "properties": { + "scope": { + "title": "Scope", + "description": "Scopes in which this modifier acts", + "type": "array", + "enum": [["request"]] + }, + "port": { + "description": "Defines which port will be used.", + "type": "integer" + }, + "defaultForScheme": { + "description": "Uses the default port of the schema. `80` for `http://` or `443` for `https://`. Other schemas are ignored.", + "type": "boolean" + }, + "remove": { + "description": "Removes the port from the host string when `true`.", + "type": "boolean" + } + + } + + }, + "cookie.Filter": { + "title": "Cookie Filter", + "description": "The cookie.Filter executes the contained modifier when a cookie is provided under the name.\n\nSee: https://www.krakend.io/docs/backends/martian/", + "type": "object", + "required": ["scope", "modifier", "name"], + "properties": { + "scope": { + "title": "Scope", + "description": "Scopes in which this modifier acts", + "type": "array", + "enum": [["request"]] + }, + "modifier": { + "description": "The modifier you want to execute when the cookie name (and value if provided) matches", + "type": "object", + "$ref": "./martian.json" + }, + "name": { + "description": "The name of the Cookie you want to check. Notice that the `input_headers` must contain `Cookie` in the list when you want to check cookies sent by the client.", + "type": "string" + }, + "value": { + "description": "If besides the cookie name, you set this value, it ensures the cookie has a literal match." + }, + "else": { + "description": "The modifier you want to execute when the condition does not match", + "type": "object", + "$ref": "./martian.json" + } + + } + }, + "url.Filter": { + "title": "URL Filter", + "description": "The url.Filter executes its contained modifier if the request URL matches all of the provided parameters.\n\nSee: https://www.krakend.io/docs/backends/martian/", + "type": "object", + "required": ["scope", "modifier"], + "properties": { + "scope": { + "title": "Scope", + "description": "Scopes in which this modifier acts", + "type": "array", + "enum": [["request","response"],["request"],["response"]] + }, + "modifier": { + "description": "The modifier you want to execute when the condition matches", + "type": "object", + "$ref": "./martian.json" + }, + "scheme": { + "description": "The literal scheme it must match", + "type": "string", + "examples": ["http","https"] + }, + "host": { + "description": "The literal hostname that must match, including the port", + "type": "string", + "examples": ["localhost:8080"] + }, + "path": { + "description": "The `/path` of the URL, without query strings.", + "type": "string", + "examples": ["/path/to"] + }, + "query": { + "description": "The query strings you want to check. Use `key1=value1&key2=value2` to check that the request has exactly these keys and values (order is irrelevant, but content not). Suppose the request has more query strings than declared here because the `input_query_strings` allowed them to pass. In that case, the evaluation will be `false`, and the `else` modifier will be executed.", + "type": "string", + "examples": ["/path/to"] + }, + "else": { + "description": "The modifier you want to execute when the condition does not match", + "type": "object", + "$ref": "./martian.json" + } + } + }, + "url.RegexFilter": { + "title": "URL RegexFilter", + "description": "The url.RegexFilter evaluates a regular expression (RE2 syntax) and executes the modifier desired when it matches, and the modifier declared under else when it does not.\n\nSee: https://www.krakend.io/docs/backends/martian/", + "type": "object", + "required": ["scope", "modifier", "regex"], + "properties": { + "scope": { + "title": "Scope", + "description": "Scopes in which this modifier acts", + "type": "array", + "enum": [["request"]] + }, + "modifier": { + "description": "The modifier you want to execute when the condition matches", + "type": "object", + "$ref": "./martian.json" + }, + "regex": { + "description": "The regular expression you want to check against the URL", + "type": "string" + }, + "else": { + "description": "The modifier you want to execute when the condition does not match", + "type": "object", + "$ref": "./martian.json" + } + + } + }, + "querystring.Filter": { + "title": "QueryString Filter", + "description": "The querystring.Filter executes the modifier if the request or response contains a query string parameter that matches the defined name and value in the filter.\n\nSee: https://www.krakend.io/docs/backends/martian/", + "type": "object", + "required": ["scope", "modifier", "name"], + "properties": { + "scope": { + "title": "Scope", + "description": "Scopes in which this modifier acts", + "type": "array", + "enum": [["request","response"],["request"],["response"]] + }, + "modifier": { + "description": "The modifier you want to execute when the condition matches", + "type": "object", + "$ref": "./martian.json" + }, + "name": { + "description": "Name of the query string you want to check", + "type": "string", + "examples": ["page", "limit"] + }, + "value": { + "description": "Value of the query string you want to check", + "type": "string" + }, + "else": { + "description": "The modifier you want to execute when the condition does not match", + "type": "object", + "$ref": "./martian.json" + } + + } + }, + "header.Filter": { + "title": "Header Filter", + "description": "The header.Filter executes its contained modifier if the request or response contain a header that matches the defined name and value. The value is optional, and only the header’s existence evaluates when undefined.\n\nSee: https://www.krakend.io/docs/backends/martian/", + "type": "object", + "required": ["scope", "modifier", "name"], + "properties": { + "scope": { + "title": "Scope", + "description": "Scopes in which this modifier acts", + "type": "array", + "enum": [["request","response"],["request"],["response"]] + }, + "modifier": { + "description": "The modifier you want to execute when the condition matches", + "type": "object", + "$ref": "./martian.json" + }, + "name": { + "description": "Name of the header you want to check. You must add under `input_headers` the `name` included in the filter.", + "type": "string", + "examples": ["X-Some", "Content-Type"] + }, + "value": { + "description": "Value of the header you want to check", + "type": "string" + }, + "else": { + "description": "The modifier you want to execute when the condition does not match", + "type": "object", + "$ref": "./martian.json" + } + } + }, + "header.RegexFilter": { + "title": "Header RegexFilter", + "description": "The header.RegexFilter checks that a regular expression (RE2 syntax) passes on the target header and, if it does, executes the modifier.\n\nSee: https://www.krakend.io/docs/backends/martian/", + "type": "object", + "required": ["scope", "modifier", "header", "regex"], + "properties": { + "scope": { + "title": "Scope", + "description": "Scopes in which this modifier acts", + "type": "array", + "enum": [["request","response"],["request"],["response"]] + }, + "modifier": { + "description": "The modifier you want to execute when the condition matches", + "type": "object", + "$ref": "./martian.json" + }, + "header": { + "description": "Name of the header you want to check. You must add under `input_headers` the `name` included in the filter.", + "type": "string", + "examples": ["X-Some", "Content-Type"] + }, + "regex": { + "description": "The regular expression you want to check against the header value", + "type": "string", + "examples": [".*localhost.*", "^foo-[a-z]+$"] + } + } + }, + "port.Filter": { + "title": "Port Filter", + "description": "The port.Filter executes its modifier only when the port matches the one used in the request. It does not support else.\n\nSee: https://www.krakend.io/docs/backends/martian/", + "type": "object", + "required": ["scope", "modifier", "port"], + "properties": { + "scope": { + "title": "Scope", + "description": "Scopes in which this modifier acts", + "type": "array", + "enum": [["request"]] + }, + "modifier": { + "description": "The modifier you want to execute when the condition matches", + "type": "object", + "$ref": "./martian.json" + }, + "port": { + "description": "The port number you want to check", + "type": "integer" + }, + "else": { + "description": "The modifier you want to execute when the condition does not match", + "type": "object", + "$ref": "./martian.json" + } + } + }, + "fifo.Group": { + "title": "FIFO group", + "description": "The fifo.Group holds a list of modifiers executed in first-in, first-out order.\n\nSee: https://www.krakend.io/docs/backends/martian/", + "type": "object", + "required": ["scope", "modifiers"], + "properties": { + "scope": { + "title": "Scope", + "description": "Scopes in which this modifier acts", + "type": "array", + "enum": [["request","response"],["request"],["response"]] + }, + "modifiers": { + "description": "The list of modifiers you want to execute in the declared order", + "type": "array", + "items": { + "$ref": "./martian.json" + } + }, + "aggregateErrors": { + "description": "When true, the group will continue to execute consecutive modifiers when a modifier in the group encounters an error. The Group will then return all errors returned by each modifier after all modifiers have been executed. When false, if an error is returned by a modifier, the error is returned by ModifyRequest/Response and no further modifiers are run.", + + "type": "boolean", + "default": false + } + } + }, + "priority.Group": { + "title": "Priority group", + "description": "The priority.Group contains the modifiers you want to execute, but the order in which they are declared is unimportant. Instead, each modifier adds a priority attribute that defines the order in which they are run.\n\nSee: https://www.krakend.io/docs/backends/martian/", + "type": "object", + "required": ["scope", "modifiers"], + "properties": { + "scope": { + "title": "Scope", + "description": "Scopes in which this modifier acts", + "type": "array", + "enum": [["request","response"],["request"],["response"]] + }, + "modifiers": { + "description": "The list of modifiers you want to execute, order specified in the items using `priority`.", + "type": "array", + "items": { + "required": ["priority", "modifier"], + "properties": { + "priority": { + "type": "integer", + "description": "The assigned priority number" + }, + "modifier": { + "description": "The modifier definition you want to execute", + "$ref": "./martian.json" + } + } + } + } + } + } + + } +} diff --git a/v2.5/plugin/content-replacer.json b/v2.5/plugin/content-replacer.json new file mode 100644 index 0000000..6ad0799 --- /dev/null +++ b/v2.5/plugin/content-replacer.json @@ -0,0 +1,36 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/plugin/content-replacer.json", + "title": "Enterprise only. The content replacer plugin allows you to modify the response of your services by doing literal replacements or more sophisticated replacements with regular expressions.\n\nSee: See: https://www.krakend.io/docs/enterprise/endpoints/content-replacer/", + "type": "object", + + "additionalProperties": { + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": ["find","replace"], + "properties": { + "find": { + "title": "Find", + "description": "The find expression or literal you want to use.\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/content-replacer/", + "type": "string" + }, + "replace": { + "title": "Find", + "description": "The literal string or expression you want to use as a replacement.\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/content-replacer/", + "type": "string" + }, + "regexp": { + "title": "Is a regexp?", + "description": "When you are passing regular expressions instead of literal values, set it to true.\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/content-replacer/", + "type": "boolean", + "default": false + } + } + }, + "properties": {}, + "minProperties": 1 + +} \ No newline at end of file diff --git a/v2.5/plugin/geoip.json b/v2.5/plugin/geoip.json new file mode 100644 index 0000000..88207c9 --- /dev/null +++ b/v2.5/plugin/geoip.json @@ -0,0 +1,21 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/plugin/geoip.json", + "title": "Enterprise only. The GeoIP integration allows you load Maxmind's GeoIP2 City database (payment and free versions) and enrich all KrakenD calls to your backends with geo data.\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/geoip/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": [ + "citydb_path" + ], + "properties": { + "citydb_path": { + "title": "CityDB path", + "description": "The path in the filesystem containing the database in GeoIP2 Binary (`.mmdb`) format. Relative to the working dir or absolute path.\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/geoip/", + "type": "string", + "examples":["path/to/GeoIP2-City.mmdb"] + } + } +} \ No newline at end of file diff --git a/v2.5/plugin/http-client.json b/v2.5/plugin/http-client.json new file mode 100644 index 0000000..3217c98 --- /dev/null +++ b/v2.5/plugin/http-client.json @@ -0,0 +1,20 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/plugin/http-client.json", + "title": "HTTP client plugins.\n\nSee: https://www.krakend.io/docs/extending/injecting-plugins/", + "type": "object", + "additionalProperties": true, + "properties": { + "name": { + "$id": "#plugin/http-client", + "title": "Plugin name", + "description": "The name of the plugin to load. Only one plugin is supported per backend.\n\nSee: https://www.krakend.io/docs/extending/injecting-plugins/", + "type": "string", + "examples": [ + "no-redirect", + "http-logger", + "static-filesystem" + ] + } + } +} \ No newline at end of file diff --git a/v2.5/plugin/http-server.json b/v2.5/plugin/http-server.json new file mode 100644 index 0000000..dd3b600 --- /dev/null +++ b/v2.5/plugin/http-server.json @@ -0,0 +1,45 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/plugin/http-server.json", + "title": "HTTP Server plugins.\n\nSee: https://www.krakend.io/docs/extending/http-server-plugins/", + "type": "object", + "additionalProperties": true, + "required": ["name"], + "properties": { + "name": { + "$id": "#plugin/http-server", + "title": "Plugin name", + "description": "An array with the names of plugins to load. The names are defined inside your plugin.\n\nSee: https://www.krakend.io/docs/extending/http-server-plugins/", + "type": "array", + "default": [], + "examples": [ + "myplugin" + ] + }, + "jwk-aggregator": { + "$ref": "jwk-aggregator.json" + }, + "static-filesystem": { + "$ref": "static-filesystem.json" + }, + "geoip": { + "$ref": "geoip.json" + }, + "redis-ratelimit": { + "$ref": "redis-ratelimit.json" + }, + "url-rewrite": { + "$ref": "url-rewrite.json" + }, + "virtualhost": { + "$ref": "virtualhost.json" + }, + "wildcard": { + "$ref": "wildcard.json" + }, + "ip-filter": { + "$ref": "ip-filter.json" + } + + } +} \ No newline at end of file diff --git a/v2.5/plugin/ip-filter.json b/v2.5/plugin/ip-filter.json new file mode 100644 index 0000000..0e07416 --- /dev/null +++ b/v2.5/plugin/ip-filter.json @@ -0,0 +1,52 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/plugin/ip-filter.json", + "title": "Enterprise only. The IP filtering plugin allows you to restrict the traffic to your API gateway based on the IP address. It works in two different modes (allow or deny) where you define the list of IPs (CIDR blocks) that are authorized to use the API, or that are denied from using the API.\n\nSee: https://www.krakend.io/docs/enterprise/throttling/ipfilter/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": ["CIDR", "allow"], + "properties": { + "CIDR": { + "title": "CIDR", + "description": "The CIDR blocks (list of IPs) you want to allow or deny.\n\nSee: https://www.krakend.io/docs/enterprise/throttling/ipfilter/", + "type": "array", + "examples": [ + [ + "192.168.0.0/24", + "172.17.2.56/32" + ] + ] + }, + "client_ip_headers": { + "title": "Client IP Headers", + "description": "A custom list of all headers that might contain the real IP of the client. The first matching IP in the list will be used. Default headers are (in order of checking): X-Forwarded-For, X-Real-IP, and X-Appengine-Remote-Addr.\n\nSee: https://www.krakend.io/docs/enterprise/throttling/ipfilter/", + "type": "array", + "examples": [ + [ + "X-Forwarded-For", + "X-Real-IP", + "X-Appengine-Remote-Addr" + ] + ] + }, + "trusted_proxies": { + "title": "Trusted proxies", + "description": "A custom list of all the recognized machines/balancers that proxy the client to your application. This list is used to avoid spoofing when trying to get the real IP of the client.\n\nSee: https://www.krakend.io/docs/enterprise/throttling/ipfilter/", + "type": "array", + "examples": [ + [ + "10.0.0.0/16" + ] + ] + }, + "allow": { + "title": "Allow or deny mode", + "description": "When true, only the matching IPs are able to access the content. When false, all matching IPs are discarded.\n\nSee: https://www.krakend.io/docs/enterprise/throttling/ipfilter/", + "type": "boolean", + "default": false + } + } +} \ No newline at end of file diff --git a/v2.5/plugin/jwk-aggregator.json b/v2.5/plugin/jwk-aggregator.json new file mode 100644 index 0000000..7c73e75 --- /dev/null +++ b/v2.5/plugin/jwk-aggregator.json @@ -0,0 +1,32 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/plugin/jwk-aggregator.json", + "title": "Enterprise only. The JWK aggregator plugin allows KrakenD to validate tokens issued by multiple Identity Providers.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/multiple-identity-providers/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": [ + "port", + "origins" + ], + "properties": { + "port": { + "title": "Port", + "description": "The port of the local server doing the aggregation. The port is only accessible within the gateway machine using localhost, and it's never exposed to the external network. Choose any port that is free in the system.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/multiple-identity-providers/", + "type": "integer", + "examples": [9876] + }, + "origins": { + "title": "Origins", + "description": "The list of all JWK URLs recognized as valid Identity Providers by the gateway.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/multiple-identity-providers/", + "type": "array" + }, + "cache": { + "title": "Cache", + "description": "When `true`, it stores the response of the Identity provider for the time specified in its `Cache-Control` header.\n\nSee: https://www.krakend.io/docs/enterprise/authentication/multiple-identity-providers/", + "type": "boolean" + } + } +} \ No newline at end of file diff --git a/v2.5/plugin/redis-ratelimit.json b/v2.5/plugin/redis-ratelimit.json new file mode 100644 index 0000000..0668a92 --- /dev/null +++ b/v2.5/plugin/redis-ratelimit.json @@ -0,0 +1,63 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/plugin/geoip.json", + "title": "Enterprise only. The global rate limit functionality enables a Redis database store to centralize all KrakenD node counters. Instead of having each KrakenD node count its hits, the counters are global and stored in the database.\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/global-rate-limit/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": [ + "host", + "tokenizer", + "burst", + "rate", + "period" + ], + "properties": { + "host": { + "title": "Redis host", + "description": "The URL to the Redis instance that stores the counters using the format `host:port`.\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/global-rate-limit/", + "type": "string", + "examples": [ + "redis", + "redis:6379" + ] + }, + "tokenizer": { + "title": "Tokenizer", + "description": "One of the preselected strategies to rate-limit users.\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/global-rate-limit/", + "type": "string", + "enum": [ + "jwt", + "ip", + "url", + "path", + "header", + "param", + "cookie" + ] + }, + "tokenizer_field": { + "title": "Tokenizer field", + "description": "The field used to set a custom field for the tokenizer (e.g., extracting the token from a custom header other than Authorization or using a claim from a JWT other than the jti).\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/global-rate-limit/", + "type": "string" + }, + "burst": { + "title": "Burst", + "description": "How many requests a client can make above the rate specified during a peak.\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/global-rate-limit/", + "type": "integer" + }, + "rate": { + "title": "Rate", + "description": "Number of allowed requests during the observed period.\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/global-rate-limit/", + "type": "integer" + }, + "period": { + "title": "Period", + "description": "For how long the content lives in the cache. Usually in seconds, minutes, or hours. E.g., use `120s` or `2m` for two minutes\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/global-rate-limit/", + "type": "string", + "$ref": "../timeunits.json#/$defs/timeunit" + } + } +} \ No newline at end of file diff --git a/v2.5/plugin/req-resp-modifier.json b/v2.5/plugin/req-resp-modifier.json new file mode 100644 index 0000000..c0cce85 --- /dev/null +++ b/v2.5/plugin/req-resp-modifier.json @@ -0,0 +1,28 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/plugin/req-resp-modifier.json", + "title": "Request-Response modifier plugins", + "type": "object", + "additionalProperties": true, + "properties": { + "name": { + "$id": "#plugin/req-resp-modifier", + "title": "Plugin name", + "description": "An array with the names of plugins to load. The names are defined inside your plugin.\n\nSee: https://www.krakend.io/docs/extending/plugin-modifiers/", + "type": "array", + "default": [], + "examples": [ + "myplugin" + ] + }, + "ip-filter": { + "$ref": "ip-filter.json" + }, + "response-schema-validator": { + "$ref": "response-schema-validator.json" + }, + "content-replacer": { + "$ref": "content-replacer.json" + } + } +} \ No newline at end of file diff --git a/v2.5/plugin/response-schema-validator.json b/v2.5/plugin/response-schema-validator.json new file mode 100644 index 0000000..14f66ce --- /dev/null +++ b/v2.5/plugin/response-schema-validator.json @@ -0,0 +1,47 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/plugin/response-schema-validator.json", + "title": "Enterprise only. The response schema validator plugin adds a schema validation before the gateway returns the response to the end-user or before it’s merged in the endpoint with the rest of the backends.\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/response-schema-validator/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": ["schema"], + "properties": { + "schema": { + "title": "JSON Schema", + "description": "Write your JSON schema directly in this field, with any number of fields or validations you need.\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/response-schema-validator/", + "type": "object" + }, + "error": { + "title": "Error definition", + "description": "In case the validation fails, the error definition containing body and status.\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/response-schema-validator/", + "type": "object", + "examples": [ + { + "body": "We couldn't process you request, try again later.", + "status": 401 + } + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "body": { + "title": "Error body", + "description": "The error message you want to show when the validation fails. Set it to an empty string `\"\"` to show the JSON-schema validation error.", + "type": "string", + "default": "" + }, + "status": { + "title": "Error code", + "description": "The HTTP status code you want to set back in the response.", + "type": "integer", + "default": 500 + } + } + } + } +} \ No newline at end of file diff --git a/v2.5/plugin/static-filesystem.json b/v2.5/plugin/static-filesystem.json new file mode 100644 index 0000000..5c05ad1 --- /dev/null +++ b/v2.5/plugin/static-filesystem.json @@ -0,0 +1,38 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/plugin/static-filesystem.json", + "title": "Enterprise only. Allows you to fetch and serve static content in two different use cases. When the plugin is used as an http server handler, the static content is for your end-users, giving them CSS, JS, images, or JSON files, to name a few examples. On the other side, when the plugin is used as an http client executor, the KrakenD endpoints use static content as if it were a backend.\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/serve-static-content/", + "type": "object", + "deprecated": true, + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": [ + "prefix", + "path" + ], + "properties": { + "prefix": { + "title": "Prefix", + "description": "This is the beginning (prefix) of all URLs that are resolved using this plugin. All matching URLs won't be passed to the router, meaning that they are not considered endpoints. Make sure you are not overwriting valid endpoints. When the `prefix` is `/`, then **all traffic is served as static** and you must declare a prefix under `skip` (e.g.: `/api`) to match endpoints.\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/serve-static-content/", + "type": "string", + "examples": ["/media/assets"] + }, + "path": { + "title": "Path", + "description": "The folder in the filesystem containing the static files. Relative to the working dir where KrakenD config is (e.g.: `./assets`) or absolute (e.g.: `/var/www/assets`).\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/serve-static-content/", + "type": "string", + "examples": ["./static/"] + }, + "skip": { + "title": "Skip paths", + "description": "An array with all the prefix URLs that despite they could match with the `prefix`, you don't want to treat them as static content and pass them to the router.\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/serve-static-content/", + "type": "array", + "examples": [[ + "/media/ignore/this/directory", + "/media/file.json" + ]] + } + } +} \ No newline at end of file diff --git a/v2.5/plugin/url-rewrite.json b/v2.5/plugin/url-rewrite.json new file mode 100644 index 0000000..def0580 --- /dev/null +++ b/v2.5/plugin/url-rewrite.json @@ -0,0 +1,43 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/plugin/url-rewrite.json", + "title": "Enterprise only. Allows you to declare additional URLs other than the ones defined under the endpoints configuration, used as aliases of existing endpoints.\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/url-rewrite/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "anyOf": [ + { + "required": [ + "literal" + ] + }, + { + "required": [ + "regexp" + ] + } + ], + "properties": { + "literal": { + "title": "Literal match", + "description": "A map with the exact desired url and its mapping to an endpoint. If the endpoint has `{placeholders}` you need to write them, but the literal value `{placeholders}` is passed.\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/url-rewrite/", + "type": "object", + "examples": [ + { + "/hi-there": "/hello", + "/whatsup": "/hello" + } + ] + }, + "regexp": { + "title": "Regexp match", + "description": "A list of lists, containing the regular expression that defines the URL to be rewritten, and its endpoint destination. You can use the capturing groups with the syntax `${1}`, `${2}`, etc.\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/url-rewrite/", + "type": "array", + "items": { + "type": "array" + } + } + } +} \ No newline at end of file diff --git a/v2.5/plugin/virtualhost.json b/v2.5/plugin/virtualhost.json new file mode 100644 index 0000000..5e92ae6 --- /dev/null +++ b/v2.5/plugin/virtualhost.json @@ -0,0 +1,30 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/plugin/virtualhost.json", + "title": "Enterprise only. The Virtual Host plugin allows you to run different configurations of KrakenD endpoints based on the host accessing the server.\n\nSee: https://www.krakend.io/docs/enterprise/service-settings/virtual-hosts/", + "type": "object", + "deprecated": true, + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": [ + "hosts" + ], + "properties": { + "hosts": { + "title": "Virtualhosts", + "description": "All recognized virtual hosts by KrakenD must be listed here. The values declared here must match the content of the `Host` header when passed by the client.\n\nSee: https://www.krakend.io/docs/enterprise/service-settings/virtual-hosts/", + "type": "array", + "examples": [ + [ + "api-a.host.com", + "api-b.host.com" + ] + ], + "items": { + "type": "string" + } + } + } +} \ No newline at end of file diff --git a/v2.5/plugin/wildcard.json b/v2.5/plugin/wildcard.json new file mode 100644 index 0000000..8698059 --- /dev/null +++ b/v2.5/plugin/wildcard.json @@ -0,0 +1,23 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/plugin/wildcard.json", + "title": "Enterprise only. Enables wildcard processing of requests without declaring all endpoint subresrouces.\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/wildcard/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": ["endpoints"], + "properties": { + "endpoints": { + "title": "Endpoints", + "description": "The key of the map is the KrakenD endpoint that receives all the wildcard traffic. The value is an array with all the user paths that match this wildcard (you don't need to declare the subresources).\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/wildcard/", + "type": "object", + "examples": [ + { + "/__wildcard/foo": [ "/foo", "/aliasfoo" ] + } + ] + } + } +} \ No newline at end of file diff --git a/v2.5/proxy.json b/v2.5/proxy.json new file mode 100644 index 0000000..9450771 --- /dev/null +++ b/v2.5/proxy.json @@ -0,0 +1,26 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/proxy.json", + "title": "Proxy option", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "shadow": { + "$id": "#proxy/shadow", + "title": "Traffic shadowing or mirroring", + "description": "Mark this backend as a shadow backend. Sending copies of the traffic but ignore its responses.\n\nSee: https://www.krakend.io/docs/backends/shadow-backends/", + "type": "boolean", + "default": true + }, + "flatmap_filter": { + "$id": "#proxy/flatmap_filter", + "title": "Flatmap (Array manipulation)", + "description": "The list of operations to **execute sequentially** (top down). Every operation is defined with an object containing two properties:\n\nSee: https://www.krakend.io/docs/backends/flatmap/", + "type": "array", + "$ref": "proxy/flatmap.json" + } + } +} \ No newline at end of file diff --git a/v2.5/proxy/flatmap.json b/v2.5/proxy/flatmap.json new file mode 100644 index 0000000..f74a9ea --- /dev/null +++ b/v2.5/proxy/flatmap.json @@ -0,0 +1,46 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/proxy/flatmap.json", + "title": "Flatmap (Array manipulation)", + "description": "The flatmap middleware allows you to manipulate collections (or arrays, or lists, you name it) from the backend response. While the basic manipulation operations allow you to work directly with objects, the collections require a different approach: the flatmap component.\n\nSee: https://www.krakend.io/docs/backend/flatmap/", + "type": "array", + "examples": [ + { + "type": "move", + "args": [ + "a.*.b1.*.c", + "a.*.b1.*.d" + ] + } + ], + "items": { + "$id": "#proxy/flatmap/items", + "title": "Flatmap operation", + "type": "object", + "required": [ + "type", + "args" + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "type": { + "title": "Type", + "description": "The types of operations are defined as follows.\n\nSee: https://www.krakend.io/docs/backends/flatmap/", + "type": "string", + "enum": [ + "move", + "del", + "append" + ] + }, + "args": { + "title": "Args", + "description": "The arguments passed to the operation.\n\nSee: https://www.krakend.io/docs/backends/flatmap/", + "type": "array" + } + } + } +} \ No newline at end of file diff --git a/v2.5/qos/circuit-breaker.json b/v2.5/qos/circuit-breaker.json new file mode 100644 index 0000000..29fa9cd --- /dev/null +++ b/v2.5/qos/circuit-breaker.json @@ -0,0 +1,52 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/qos/circuit-breaker.json", + "title": "Circuit Breaker", + "description": "The circuit breaker prevents sending more traffic to a failing backend.\n\nSee: https://www.krakend.io/docs/backends/circuit-breaker/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": [ + "interval", + "timeout", + "max_errors" + ], + "properties": { + "interval": { + "$id": "#qos/circuit-breaker/interval", + "title": "Interval", + "description": "Time window where the errors count, in seconds.\n\nSee: https://www.krakend.io/docs/backends/circuit-breaker/", + "type": "integer" + }, + "name": { + "$id": "#qos/circuit-breaker/name", + "title": "Name", + "description": "A friendly name to follow this circuit breaker's activity in the logs.\n\nSee: https://www.krakend.io/docs/backends/circuit-breaker/", + "type": "string", + "examples": [ + "cb-backend-1" + ] + }, + "timeout": { + "$id": "#qos/circuit-breaker/timeout", + "title": "Timeout", + "description": "For how many seconds the circuit breaker will wait before testing again if the backend is healthy.\n\nSee: https://www.krakend.io/docs/backends/circuit-breaker/", + "type": "integer" + }, + "max_errors": { + "$id": "#qos/circuit-breaker/max_errors", + "title": "Max Errors", + "description": "The **consecutive** number of errors within the `interval` window to consider the backend unhealthy. An error is any response without a success (20x) status code or no response.\n\nSee: https://www.krakend.io/docs/backends/circuit-breaker/", + "type": "integer" + }, + "log_status_change": { + "$id": "#qos/circuit-breaker/log_status_change", + "title": "Log status change", + "description": "Whether to log the changes of state of this circuit breaker or not.\n\nSee: https://www.krakend.io/docs/backends/circuit-breaker/", + "type": "boolean", + "default": false + } + } +} \ No newline at end of file diff --git a/v2.5/qos/ratelimit/proxy.json b/v2.5/qos/ratelimit/proxy.json new file mode 100644 index 0000000..cfdbf6c --- /dev/null +++ b/v2.5/qos/ratelimit/proxy.json @@ -0,0 +1,40 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/qos/ratelimit/proxy.json", + "title": "Proxy ratelimit", + "description": "Restrict the rate of requests KrakenD makes to your backends.\n\nSee: https://www.krakend.io/docs/backends/rate-limit/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": [ + "max_rate", + "capacity" + ], + "properties": { + "max_rate": { + "$id": "#qos/ratelimit/proxy/max_rate", + "title": "Max rate", + "description": "Maximum requests per second you want to accept in this backend.\n\nSee: https://www.krakend.io/docs/backends/rate-limit/", + "type": "number", + "examples": [ + 0.5 + ] + }, + "capacity": { + "$id": "#qos/ratelimit/proxy/capacity", + "title": "Capacity", + "description": "The capacity according to the [token bucket algorithm](/docs/throttling/token-bucket/). Defines the maximum requests you can do in an instant (including the zero moment when you start the gateway), and can be larger or smaller than the `max_rate`. When unsure, use the same value of `max_rate`, so the maximum number of requests can be consumed at once.\n\nSee: https://www.krakend.io/docs/backends/rate-limit/", + "type": "integer", + "default": 1 + }, + "every": { + "title": "Time window", + "description": "Time period in which the counter works. For instance, if you set an `every` of `10m` and a `max_rate` of `5`, you are allowing 5 requests every ten minutes.\n\nSee: https://www.krakend.io/docs/endpoints/rate-limit/", + "$ref": "../../timeunits.json#/$defs/timeunit", + "type": "string", + "default": "1s" + } + } +} \ No newline at end of file diff --git a/v2.5/qos/ratelimit/router.json b/v2.5/qos/ratelimit/router.json new file mode 100644 index 0000000..dedf41f --- /dev/null +++ b/v2.5/qos/ratelimit/router.json @@ -0,0 +1,73 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/qos/ratelimit/router.json", + "type": "object", + "anyOf": [ + { + "required": [ + "max_rate" + ] + }, + { + "required": [ + "client_max_rate" + ] + } + ], + "properties": { + "capacity": { + "$id": "#endpoint_extra_config/qos/ratelimit/router/capacity", + "title": "Capacity", + "description": "Defines the maximum number of [tokens a bucket can hold](/docs/throttling/token-bucket/), or said otherwise, how many requests will you accept from **all users together** at **any given instant**. When the gateway starts, the bucket is full. As requests from users come, the remaining tokens in the bucket decrease. At the same time, the `max_rate` refills the bucket at the desired rate until its maximum capacity is reached. The default value for the `capacity` is the `max_rate` value expressed in seconds or 1 for smaller fractions. When unsure, use the same number as `max_rate`.\n\nSee: https://www.krakend.io/docs/endpoints/rate-limit/", + "type": "integer", + "default": 1 + }, + "client_capacity": { + "$id": "#endpoint_extra_config/qos/ratelimit/router/client_capacity", + "title": "Client capacity", + "description": "Defines the maximum number of [tokens a bucket can hold](/docs/throttling/token-bucket/), or said otherwise, how many requests will you accept from **each individual user** at **any given instant**. Works just as `capacity`, but instead of having one bucket for all users, keeps a counter for every connected client and endpoint, and refills from `client_max_rate` instead of `max_rate`. The client is recognized using the `strategy` field (an IP address, a token, a header, etc.). The default value for the `client_capacity` is the `client_max_rate` value expressed in seconds or 1 for smaller fractions. When unsure, use the same number as `client_max_rate`.\n\nSee: https://www.krakend.io/docs/endpoints/rate-limit/", + "type": "integer", + "default": 1 + }, + "max_rate": { + "$id": "#endpoint_extra_config/qos/ratelimit/router/max_rate", + "title": "Max rate", + "description": "Sets the maximum number of requests all users can do in the given time frame. Internally uses the [Token Bucket](/docs/throttling/token-bucket/) algorithm. The absence of `max_rate` in the configuration or a `0` is the equivalent to no limitation. You can use decimals if needed.\n\nSee: https://www.krakend.io/docs/endpoints/rate-limit/", + "type": "number" + }, + + "client_max_rate": { + "$id": "#endpoint_extra_config/qos/ratelimit/router/client_max_rate", + "title": "Client max rate", + "description": "Number of tokens you add to the [Token Bucket](/docs/throttling/token-bucket/) for each individual user (*user quota*) in the time interval you want (`every`). The remaining tokens in the bucket are the requests a specific user can do. It keeps a counter for every client and endpoint. Keep in mind that every KrakenD instance keeps its counters in memory for **every single client**.\n\nSee: https://www.krakend.io/docs/endpoints/rate-limit/", + "type": "number" + }, + + "every": { + "title": "Time window", + "description": "Time period in which the maximum rates operate. For instance, if you set an `every` of `10m` and a `max_rate` of `5`, you are allowing 5 requests every ten minutes.\n\nSee: https://www.krakend.io/docs/endpoints/rate-limit/", + "$ref": "../../timeunits.json#/$defs/timeunit", + "type": "string", + "default": "1s" + },"key": { + "$id": "#endpoint_extra_config/qos/ratelimit/router/key", + "title": "Header key", + "description": "Available when using `client_max_rate` and you have set a `strategy` of `header`. It makes no sense in other contexts. Sets the header containing the user identification (e.g., `Authorization` on tokens) or IP (e.g.,`X-Original-Forwarded-For`). When the header contains a list of space-separated IPs, it will take the IP from the client that hit the first trusted proxy.\n\nSee: https://www.krakend.io/docs/endpoints/rate-limit/", + "type": "string", + "examples": [ + "X-TOKEN" + ] + }, + "strategy": { + "$id": "#endpoint_extra_config/qos/ratelimit/router/strategy", + "title": "Strategy", + "description": "Available when using `client_max_rate`. Sets the strategy you will use to set client counters. Choose `ip` when the restrictions apply to the client's IP address, or set it to `header` when there is a header that identifies a user uniquely. That header must be defined with the `key` entry.\n\nSee: https://www.krakend.io/docs/endpoints/rate-limit/", + "type": "string", + "enum": [ + "ip", + "header" + ] + } + + } +} \ No newline at end of file diff --git a/v2.5/router.json b/v2.5/router.json new file mode 100644 index 0000000..4f2cef7 --- /dev/null +++ b/v2.5/router.json @@ -0,0 +1,144 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/router.json", + "title": "Router Flags", + "description": "The optional router configuration allows you to set global flags that change the way KrakenD processes the requests at the router layer.\n\nSee: https://www.krakend.io/docs/service-settings/router-options/", + "type": "object", + "minItems": 1, + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "error_body": { + "title": "Custom error body", + "description": "Sets custom error bodies for 404 and 405 errors.\n\nSee: https://www.krakend.io/docs/service-settings/router-options/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "404": { + "title": "404 errors", + "description": "Write any JSON object structure you would like to return to users when they request an endpoint not known by KrakenD. 404 Not Found errors.", + "type": "object" + }, + "405": { + "title": "405 errors", + "description": "Write any JSON object structure you would like to return to users", + "type": "object" + } + } + }, + "disable_health": { + "title": "Disable Health", + "description": "When true you don't have any exposed health endpoint. You can still use a TCP checker or build an endpoint yourself.\n\nSee: https://www.krakend.io/docs/service-settings/router-options/", + "type": "boolean", + "default": false + }, + "disable_access_log": { + "title": "Disable Access Log", + "description": "Stops registering access requests to KrakenD and leaving any logs out from the output.\n\nSee: https://www.krakend.io/docs/service-settings/router-options/", + "type": "boolean", + "default": false + }, + "health_path": { + "title": "Health endpoint path", + "description": "The path where you'd like to expose the health endpoint.\n\nSee: https://www.krakend.io/docs/service-settings/router-options/", + "type": "string", + "default": "/__health" + }, + "return_error_msg": { + "title": "Returning the gateway error message", + "description": "When there is an error in the gateway (such as a timeout, a non-200 status code, etc.) it returns to the client the reason for the failure. The error is written in the body as is.\n\nSee: https://www.krakend.io/docs/service-settings/router-options/", + "type": "boolean", + "default": false + }, + "disable_redirect_trailing_slash": { + "title": "Disable redirect trailing slash", + "description": "Disables automatic redirection if the current route can't be matched but a handler for the path with (without) the trailing slash exists.\n\nSee: https://www.krakend.io/docs/service-settings/router-options/", + "type": "boolean" + }, + "disable_redirect_fixed_path": { + "title": "Disable redirect fixed path", + "description": "If true, the router tries to fix the current request path, if no handle is registered for it\n\nSee: https://www.krakend.io/docs/service-settings/router-options/", + "type": "boolean" + }, + "remove_extra_slash": { + "title": "Remove extra slash", + "description": "A parameter can be parsed from the URL even with extra slashes.\n\nSee: https://www.krakend.io/docs/service-settings/router-options/", + "type": "boolean", + "default": false + }, + "disable_handle_method_not_allowed": { + "title": "Disable method not allowed", + "description": "Whether to checks if another method is allowed for the current route, if the current request can not be routed. If this is the case, the request is answered with Method Not Allowed and HTTP status code 405. If no other Method is allowed, the request is a 404.\n\nSee: https://www.krakend.io/docs/service-settings/router-options/", + "type": "boolean" + }, + "disable_path_decoding": { + "title": "Disable method not allowed", + "description": "Disables automatic validation of the url params looking for url encoded ones.\n\nSee: https://www.krakend.io/docs/service-settings/router-options/", + "type": "boolean" + }, + "auto_options": { + "title": "Automatic OPTIONS", + "description": "When true, enables the autogenerated OPTIONS endpoint for all the registered paths\n\nSee: https://www.krakend.io/docs/service-settings/router-options/", + "type": "boolean" + }, + "forwarded_by_client_ip": { + "title": "Forwarded by client IP", + "description": "When set to true, the client IP will be parsed from the default request's headers, or the custom ones (`remote_ip_headers`). If the IP has passed through a **trusted proxy** (e.g.: a proxy, load balancer, or a third party application) it will be extracted. If no IP can be fetched, it falls back to the IP obtained from the request's remote address. When declared **you must** configure `trusted_proxies` too.\n\nSee: https://www.krakend.io/docs/service-settings/router-options/", + "type": "boolean", + "default": false + }, + "remote_ip_headers": { + "title": "Remote IP headers", + "description": "List of headers used to obtain the client IP when `forwarded_by_client_ip` is set to `true` and the remote address is matched by at least one of the network origins of `trusted_proxies`.\n\nSee: https://www.krakend.io/docs/service-settings/router-options/", + "type": "array" + }, + "trusted_proxies": { + "title": "Trusted Proxies", + "description": "List of network origins (IPv4 addresses, IPv4 CIDRs, IPv6 addresses or IPv6 CIDRs) from which to trust request's headers that contain alternative client IP when `forwarded_by_client_ip` is `true`. When declared **you must** configure `forwarded_by_client_ip` set to `true`, and optionally `remote_ip_headers`.\n\nSee: https://www.krakend.io/docs/service-settings/router-options/", + "type": "array" + }, + "app_engine": { + "title": "App Engine integration", + "description": "The app_engine boolean trusts headers starting with X-AppEngine... for better integration with that PaaS.\n\nSee: https://www.krakend.io/docs/service-settings/router-options/", + "type": "boolean" + }, + "max_multipart_memory": { + "title": "Memory available for Multipart forms", + "description": "Sets the maxMemory param that is given to http.Request's Multipart Form method call.\n\nSee: https://www.krakend.io/docs/service-settings/router-options/", + "type": "integer" + }, + "logger_skip_paths": { + "title": "Remove requests from logs", + "description": "Defines the set of paths that are removed from the logging.\n\nSee: https://www.krakend.io/docs/service-settings/router-options/", + "type": "array", + "items": { + "title": "Paths", + "type": "string" + } + }, + "hide_version_header": { + "title": "Hide version header", + "description": "Removes the version of KrakenD used in the X-KrakenD-version headers.\n\nSee: https://www.krakend.io/docs/service-settings/router-options/", + "type": "boolean", + "default": false + }, + "disable_gzip": { + "title": "Disable gzip compression", + "description": "**Enterprise only**. All the output to the end user on the Enterprise Edition uses gzip when accepted by the client. Use this flag to remove gzip compression.\n\nSee: https://www.krakend.io/docs/service-settings/router-options/", + "type": "boolean", + "default": false + }, + "use_h2c": { + "deprecated": true, + "title": "Enable h2c", + "description": "This flag has [moved to the root level](/docs/service-settings/http-server-settings/), and will be deleted from router in future versions.\n\nSee: https://www.krakend.io/docs/service-settings/", + "type": "boolean", + "default": false + } + } +} \ No newline at end of file diff --git a/v2.5/security/bot-detector.json b/v2.5/security/bot-detector.json new file mode 100644 index 0000000..aeb48ed --- /dev/null +++ b/v2.5/security/bot-detector.json @@ -0,0 +1,62 @@ +{ + "$id": "#security/bot-detector", + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Bot detector", + "description": "The bot detector module checks incoming connections to the gateway to determine if a bot made them, helping you detect and reject bots carrying out scraping, content theft, and form spam.\n\nSee: https://www.krakend.io/docs/throttling/botdetector/", + "type": "object", + "minProperties": 1, + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "allow": { + "$id": "#security/bot-detector/allow", + "title": "Allow", + "description": "An array with EXACT MATCHES of trusted user agents that can connect.\n\nSee: https://www.krakend.io/docs/throttling/botdetector/", + "type": "array", + "default": [], + "examples": [ + "MyAndroidClient/1.0", + "Pingdom.com_bot_version_1.1" + ] + }, + "deny": { + "$id": "#security/bot-detector/deny", + "title": "Deny", + "description": "An array with EXACT MATCHES of undesired bots, to reject immediately.\n\nSee: https://www.krakend.io/docs/throttling/botdetector/", + "type": "array", + "default": [], + "examples": [ + "facebookexternalhit/1.1" + ] + }, + "patterns": { + "$id": "#security/bot-detector/patterns", + "title": "Bot patterns", + "description": "An array with all the regular expressions that define bots. Matching bots are rejected.\n\nSee: https://www.krakend.io/docs/throttling/botdetector/", + "type": "array", + "default": [], + "examples": [ + "GoogleBot.*", + "(facebookexternalhit)/.*" + ] + }, + "cache_size": { + "$id": "#security/bot-detector/cache_size", + "title": "Cache size", + "description": "Size of the LRU cache that helps speed the bot detection. The size is the mumber of users agents that you want to keep in memory.\n\nSee: https://www.krakend.io/docs/throttling/botdetector/", + "type": "integer", + "examples": [ + 1000 + ] + }, + "empty_user_agent_is_bot" : { + "$id": "#security/bot-detector/empty_user_agent_is_bot", + "title": "Empty user agent is a bot?", + "description": "Whether to consider an empty user-agent a bot (and reject it) or not. \n\nSee: https://www.krakend.io/docs/throttling/botdetector/", + "type": "boolean", + "default": false + } + } +} \ No newline at end of file diff --git a/v2.5/security/cors.json b/v2.5/security/cors.json new file mode 100644 index 0000000..2c098ce --- /dev/null +++ b/v2.5/security/cors.json @@ -0,0 +1,85 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/security/cors.json", + "title": "HTTP Security", + "description": "Security through HTTP headers, including HSTS, HPKP, MIME-Sniffing prevention, Clickjacking protection, and others.\n\nSee: https://www.krakend.io/docs/service-settings/security/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "allow_methods": { + "$id": "#security/cors/allow_methods", + "title": "Allowed methods", + "description": "An array with all the HTTP methods allowed, in uppercase. Possible values are `GET`, `HEAD`,`POST`,`PUT`,`PATCH`,`DELETE`, or `OPTIONS`\n\nSee: https://www.krakend.io/docs/service-settings/cors/", + "type": "array", + "default": [ + "GET", + "HEAD", + "POST" + ], + "items": { + "enum": [ + "GET", + "HEAD", + "POST", + "PUT", + "PATCH", + "DELETE", + "OPTIONS" + ] + } + }, + "allow_origins": { + "$id": "#security/cors/allow_origins", + "title": "Allowed origins", + "description": "An array with all the origins allowed, examples of values are `https://example.com`, or `*` (any origin).\n\nSee: https://www.krakend.io/docs/service-settings/cors/", + "type": "array", + "default": ["*"] + }, + "allow_headers": { + "$id": "#security/cors/allow_headers", + "title": "Allowed headers", + "description": "An array with the headers allowed, but `Origin`is always appended to the list. Requests with headers not in this list are rejected.\n\nSee: https://www.krakend.io/docs/service-settings/cors/", + "type": "array", + "example": [ + "Accept-Language" + ], + "default": [] + }, + "expose_headers": { + "$id": "#security/cors/expose_headers", + "title": "Expose headers", + "description": "List of headers that are safe to expose to the API of a CORS API specification.\n\nSee: https://www.krakend.io/docs/service-settings/cors/", + "type": "array", + "default": [ + "Content-Length", + "Content-Type" + ] + }, + "max_age": { + "$id": "#security/cors/max_age", + "title": "Max Age", + "description": "For how long the response can be cached. For zero values the `Access-Control-Max-Age` header is not set.\n\nSee: https://www.krakend.io/docs/service-settings/cors/", + "type": "string", + "$ref": "../timeunits.json#/$defs/timeunit", + "default": "0h" + }, + + "allow_credentials": { + "$id": "#security/cors/allow_credentials", + "title": "Allow credentials", + "description": "When requests can include user credentials like cookies, HTTP authentication or client side SSL certificates.\n\nSee: https://www.krakend.io/docs/service-settings/cors/", + "type": "boolean", + "default": false + }, + "debug": { + "$id": "#security/cors/debug", + "title": "Development flag", + "description": "Show debugging information in the logger, **use it only during development**.\n\nSee: https://www.krakend.io/docs/service-settings/security/", + "type": "boolean", + "default": false + } + } +} \ No newline at end of file diff --git a/v2.5/security/http.json b/v2.5/security/http.json new file mode 100644 index 0000000..0adb4e5 --- /dev/null +++ b/v2.5/security/http.json @@ -0,0 +1,135 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/security/http.json", + "title": "HTTP Security", + "description": "Security through HTTP headers, including HSTS, HPKP, MIME-Sniffing prevention, Clickjacking protection, and others.\n\nSee: https://www.krakend.io/docs/service-settings/security/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "allowed_hosts": { + "$id": "#security/http/allowed_hosts", + "title": "Allowed hosts", + "description": "When a request hits KrakenD, it will confirm if the value of the Host HTTP header is in the list. If so, it will further process the request. If the host is not in the allowed hosts list, KrakenD will simply reject the request.\n\nSee: https://www.krakend.io/docs/service-settings/security/", + "type": "array", + "default": [] + }, + "ssl_proxy_headers": { + "$id": "#security/http/ssl_proxy_headers", + "title": "SSL Proxy Headers", + "description": "Header keys with associated values that would indicate a valid https request. Useful when using Nginx, e.g: `\"X-Forwarded-Proto\": \"https\"`\n\nSee: https://www.krakend.io/docs/service-settings/security/", + "type": "object", + "examples": [ + { + "X-Forwarded-Proto": "https" + } + ] + }, + "host_proxy_headers": { + "$id": "#security/http/host_proxy_headers", + "title": "SSL Host", + "description": "A set of header keys that may hold a proxied hostname value for the request.\n\nSee: https://www.krakend.io/docs/service-settings/security/", + "type": "array", + "examples": [[ + "X-Forwarded-Hosts" + ]] + }, + "referrer_policy": { + "$id": "#security/http/referrer_policy", + "title": "Referrer Policy", + "description": "Allows the Referrer-Policy header with the value to be set with a custom value.\n\nSee: https://www.krakend.io/docs/service-settings/security/", + "type": "string", + "default": "same-origin" + }, + "ssl_redirect": { + "$id": "#security/http/ssl_redirect", + "title": "SSL redirect", + "description": "Redirect any request that is not using HTTPS\n\nSee: https://www.krakend.io/docs/service-settings/security/", + "type": "boolean", + "default": true + }, + "ssl_host": { + "$id": "#security/http/ssl_host", + "title": "SSL Host", + "description": "When the SSL redirect is true, the host where the request is redirected to.\n\nSee: https://www.krakend.io/docs/service-settings/security/", + "type": "string", + "default": "ssl.host.domain", + "examples": [ + "ssl.host.domain" + ] + }, + "sts_seconds": { + "$id": "#security/http/sts_seconds", + "title": "HTTP Strict Transport Security (HSTS) seconds", + "description": "Enable this policy by setting the `max-age` of the `Strict-Transport-Security` header. Setting to `0` disables HSTS.\n\nSee: https://www.krakend.io/docs/service-settings/security/", + "type": "integer", + "default": 0 + }, + "sts_include_subdomains": { + "$id": "#security/http/sts_include_subdomains", + "title": "Strict-Transport-Security include_subdomains", + "description": "Set to true when you want the `includeSubdomains` be appended to the Strict-Transport-Security header.\n\nSee: https://www.krakend.io/docs/service-settings/security/", + "type": "boolean", + "default": false + }, + "frame_deny": { + "$id": "#security/http/frame_deny", + "title": "Clickjacking protection", + "description": "Set to true to enable clickjacking protection, together with `custom_frame_options_value`.\n\nSee: https://www.krakend.io/docs/service-settings/security/", + "type": "boolean", + "default": false + }, + "custom_frame_options_value": { + "$id": "#security/http/custom_frame_options_value", + "title": "Clickjacking protection. Frame-Options value", + "description": "You can add an X-Frame-Options header using custom_frame_options_value with the value of DENY (default behavior) or even set your custom value.\n\nSee: https://www.krakend.io/docs/service-settings/security/", + "type": "string", + "examples": [ + "ALLOW-FROM https://example.com" + ], + "default": "" + }, + "hpkp_public_key": { + "$id": "#security/http/hpkp_public_key", + "title": "HTTP Public Key Pinning (HPKP)", + "description": "HTTP Public Key Pinning (HPKP) is a security mechanism which allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates. (For example, sometimes attackers can compromise certificate authorities, and then can mis-issue certificates for a web origin.).\n\nSee: https://www.krakend.io/docs/service-settings/security/", + "type": "string", + "examples": [ + "pin-sha256=\"base64==\"; max-age=expireTime [; includeSubDomains][; report-uri=\"reportURI\"]" + ], + "default": "" + }, + "content_type_nosniff": { + "$id": "#security/http/content_type_nosniff", + "title": "Nosniff", + "description": "Enabling this feature will prevent the user's browser from interpreting files as something else than declared by the content type in the HTTP headers.\n\nSee: https://www.krakend.io/docs/service-settings/security/", + "type": "boolean", + "default": false + }, + "browser_xss_filter": { + "$id": "#security/http/browser_xss_filter", + "title": "This feature enables the Cross-site scripting (XSS) filter in the user's browser.\n\nSee: https://www.krakend.io/docs/service-settings/security/", + "type": "boolean", + "default": false + }, + "content_security_policy": { + "$id": "#security/http/content_security_policy", + "title": "Content-Security-Policy (CSP)", + "description": "The HTTP Content-Security-Policy (CSP) default-src directive serves as a fallback for the other CSP fetch directives.\n\nSee: https://www.krakend.io/docs/service-settings/security/", + "type": "string", + "examples": [ + "default-src 'self';" + ], + "default": "" + }, + "is_development": { + "$id": "#security/http/is_development", + "title": "Development flag", + "description": "This will cause the AllowedHosts, SSLRedirect, and STSSeconds/STSIncludeSubdomains options to be ignored during development. When deploying to production, be sure to set this to false.\n\nSee: https://www.krakend.io/docs/service-settings/security/", + "type": "boolean", + "default": false + } + } +} \ No newline at end of file diff --git a/v2.5/security/policies.json b/v2.5/security/policies.json new file mode 100644 index 0000000..143d8a6 --- /dev/null +++ b/v2.5/security/policies.json @@ -0,0 +1,169 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/security/policies.json", + "title": "Securiy Policies", + "description": "The policies engine allows you to write custom sets of policies that are validated during requests, responses, or token validation.\n\nSee: https://www.krakend.io/docs/enterprise/security-policies/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "anyOf": [ + { + "required": [ + "req" + ] + }, + { + "required": [ + "resp" + ] + }, + { + "required": [ + "jwt" + ] + } + ], + "properties": { + "req": { + "$id": "#security/policies/req", + "title": "Request policies", + "description": "All the policies applied in the request context.\n\nSee: https://www.krakend.io/docs/enterprise/security-policies/", + "type": "object", + "required": [ + "policies" + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "policies": { + "title": "Policies", + "description": "An array with all the policies to evaluate. Each policy is represented as a string\n\nSee: https://www.krakend.io/docs/enterprise/security-policies/", + "type": "array", + "items": { + "type": "string", + "title": "The policy you want to evaluate" + } + }, + "error": { + "type": "object", + "properties": { + "body": { + "title": "Error body", + "description": "Leave an empty string to use the validation error, or write a string with the error response body. This error is NOT returned in the response, but in the application logs, unless you enable `return_detailed_errors` in the `router` section. You can add escaped JSON, XML, etc in the string and add a Content-Type.\n\nSee: https://www.krakend.io/docs/enterprise/security-policies/", + "type": "string", + "default": "" + }, + "status": { + "title": "HTTP status code", + "description": "The HTTP status code you want to return when the validation fails.\n\nSee: https://www.krakend.io/docs/enterprise/security-policies/", + "type": "integer", + "default": 500 + }, + "content_type": { + "title": "Content-Type", + "description": "The Content-Type header you'd like to send with the error response. When unset, uses `text/plain` by default.\n\nSee: https://www.krakend.io/docs/enterprise/security-policies/", + "type": "string", + "default": "text/plain" + } + } + } + } + }, + "resp": { + "$id": "#security/policies/resp", + "title": "Response policies", + "description": "All the policies applied in the response context.\n\nSee: https://www.krakend.io/docs/enterprise/security-policies/", + "type": "object", + "required": [ + "policies" + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "policies": { + "title": "Policies", + "description": "An array with all the policies to evaluate. Each policy is represented as a string\n\nSee: https://www.krakend.io/docs/enterprise/security-policies/", + "type": "array", + "items": { + "type": "string", + "title": "The policy you want to evaluate" + } + }, + "error": { + "type": "object", + "properties": { + "body": { + "title": "Error body", + "description": "Leave an empty string to use the validation error, or write a string with the error response body. This error is NOT returned in the response, but in the application logs, unless you enable `return_detailed_errors` in the `router` section. You can add escaped JSON, XML, etc in the string and add a Content-Type.\n\nSee: https://www.krakend.io/docs/enterprise/security-policies/", + "type": "string", + "default": "" + }, + "content_type": { + "title": "Content-Type", + "description": "The Content-Type header you'd like to send with the error response. When unset, uses `text/plain` by default.\n\nSee: https://www.krakend.io/docs/enterprise/security-policies/", + "type": "string", + "default": "text/plain" + }, + "status": { + "title": "HTTP status code", + "description": "The HTTP status code you want to return when the validation fails.\n\nSee: https://www.krakend.io/docs/enterprise/security-policies/", + "type": "integer", + "default": 500 + } + } + } + } + }, + "jwt": { + "$id": "#security/policies/jwt", + "title": "JWT policies", + "description": "All the policies applied in the JWT context (token validation). **You must configure `auth/validator`** for the policies to run, otherwise they will be skipped. Any policy failing will generate a `401 Unauthorized` error. Works in the `endpoint` context only, and is not available under `backend`.\n\nSee: https://www.krakend.io/docs/enterprise/security-policies/", + "type": "object", + "required": [ + "policies" + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "policies": { + "title": "Policies", + "description": "An array with all the policies to evaluate. Each policy is represented as a string\n\nSee: https://www.krakend.io/docs/enterprise/security-policies/", + "type": "array", + "items": { + "type": "string", + "title": "The policy you want to evaluate" + } + } + } + }, + "disable_macros": { + "$id": "#security/policies/disable_macros", + "title": "Disable advanced macros", + "description": "Advanced macros can be disabled in those policies not needing them for a faster evaluation.", + "type": "boolean", + "default": false + }, + "debug": { + "$id": "#security/policies/debug", + "title": "Debug", + "description": "When true, all the inputs and evaluation results are printed in the console.", + "type": "boolean", + "default": false + }, + "auto_join_policies": { + "$id": "#security/policies/auto_join_policies", + "title": "Auto-join policies", + "description": "When true, all policies of the same type concatenate with an AND operation to evaluate a single expression. Performs faster, but its harder the debug.", + "type": "boolean", + "default": false + } + } +} \ No newline at end of file diff --git a/v2.5/server/static-filesystem.json b/v2.5/server/static-filesystem.json new file mode 100644 index 0000000..a25f47f --- /dev/null +++ b/v2.5/server/static-filesystem.json @@ -0,0 +1,42 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/server/static-filesystem.json", + "title": "Enterprise only. Allows you to fetch and serve static content by registering a static web server for a set of defined paths (the prefixes).\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/serve-static-content/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": [ + "prefix", + "path" + ], + "properties": { + "prefix": { + "title": "Prefix", + "description": "This is the beginning (prefix) of all URLs that are resolved using this plugin. All matching URLs won't be passed to the router, meaning that they are not considered endpoints. Make sure you are not overwriting valid endpoints. When the `prefix` is `/`, then **all traffic is served as static** and you must declare a prefix under `skip` (e.g.: `/api`) to match endpoints.\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/serve-static-content/", + "type": "string", + "examples": ["/media/assets"] + }, + "path": { + "title": "Path", + "description": "The folder in the filesystem containing the static files. Relative to the working dir where KrakenD config is (e.g.: `./assets`) or absolute (e.g.: `/var/www/assets`).\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/serve-static-content/", + "type": "string", + "examples": ["./static/"] + }, + "skip": { + "title": "Skip paths", + "description": "An array with all the prefix URLs that despite they could match with the `prefix`, you don't want to treat them as static content and pass them to the router.\n\nSee: https://www.krakend.io/docs/enterprise/endpoints/serve-static-content/", + "type": "array", + "examples": [[ + "/media/ignore/this/directory", + "/media/file.json" + ]] + }, + "directory_listing": { + "type": "boolean", + "description": "Whether to allow directory listings or not", + "default": false + } + } +} \ No newline at end of file diff --git a/v2.5/server/virtualhost.json b/v2.5/server/virtualhost.json new file mode 100644 index 0000000..17c81c6 --- /dev/null +++ b/v2.5/server/virtualhost.json @@ -0,0 +1,29 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/server/virtualhost.json", + "title": "Enterprise only. The Virtual Host server allows you to run different configurations of KrakenD endpoints based on the host accessing the server.\n\nSee: https://www.krakend.io/docs/enterprise/service-settings/virtual-hosts/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": [ + "hosts" + ], + "properties": { + "hosts": { + "title": "Virtualhosts", + "description": "All recognized virtual hosts by KrakenD must be listed here. The values declared here must match the content of the `Host` header when passed by the client.\n\nSee: https://www.krakend.io/docs/enterprise/service-settings/virtual-hosts/", + "type": "array", + "examples": [ + [ + "api-a.host.com", + "api-b.host.com" + ] + ], + "items": { + "type": "string" + } + } + } +} \ No newline at end of file diff --git a/v2.5/service_extra_config.json b/v2.5/service_extra_config.json new file mode 100644 index 0000000..499be18 --- /dev/null +++ b/v2.5/service_extra_config.json @@ -0,0 +1,175 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/service_extra_config.json", + "title": "Schema definition for service extra_config", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "grpc": { + "$ref": "grpc.json" + }, + "router": { + "$ref": "router.json" + }, + "plugin/http-server": { + "$ref": "plugin/http-server.json" + }, + "auth/revoker": { + "$ref": "auth/revoker.json" + }, + "auth/basic": { + "$ref": "auth/basic.json" + }, + "security/bot-detector": { + "$ref": "security/bot-detector.json" + }, + "security/cors": { + "$id": "#service_extra_config/security/cors", + "title": "Cross Origin Resource Sharing", + "description": "When KrakenD endpoints are consumed from a browser, you might need to enable the Cross-Origin Resource Sharing (CORS) module as browsers restrict cross-origin HTTP requests initiated from scripts.\n\nSee: https://www.krakend.io/docs/service-settings/cors/", + "type": "object", + "required": [ + "allow_origins" + ], + "default": { + "allow_origins": [ + "http://foobar.com" + ], + "allow_methods": [ + "POST", + "GET" + ], + "max_age": "12h" + }, + "properties": { + "allow_origins": { + "$id": "#service_extra_config/security/cors/allow_origins", + "title": "Allowed origins", + "description": "An array with all the origins allowed, examples of values are https://example.com, or * (any origin).\n\nSee: https://www.krakend.io/docs/service-settings/cors/", + "type": "array", + "items": { + "$id": "#service_extra_config/security/cors/allow_origins/items", + "title": "Allowed origins list", + "type": "string", + "examples": [ + "*", + "https://example.com" + ] + } + }, + "expose_headers": { + "$id": "#service_extra_config/security/cors/expose_headers", + "title": "Expose headers", + "description": "Headers that are safe to expose to the API of a CORS API specification-\n\nSee: https://www.krakend.io/docs/service-settings/cors/", + "type": "array", + "default": [] + }, + "max_age": { + "$id": "#service_extra_config/security/cors/max_age", + "title": "Max age", + "description": "For how long the response can be cached.\n\nSee: https://www.krakend.io/docs/service-settings/cors/", + "type": "string", + "$ref": "timeunits.json#/$defs/timeunit", + "examples": [ + "12h" + ] + }, + "allow_methods": { + "$id": "#service_extra_config/security/cors/allow_methods", + "title": "Allowed methods", + "description": "The array of all HTTP methods accepted, in uppercase.\n\nSee: https://www.krakend.io/docs/service-settings/cors/", + "type": "array", + "uniqueItems": true, + "items": { + "$id": "#service_extra_config/security/cors/allow_methods/items", + "title": "Items", + "description": "\n\nSee: https://www.krakend.io", + "type": "string", + "enum": [ + "GET", + "HEAD", + "POST", + "PUT", + "PATCH", + "DELETE", + "OPTIONS" + ] + } + }, + "allow_headers": { + "$id": "#service_extra_config/security/cors/allow_headers", + "title": "Allowed headers", + "type": "array", + "default": [] + }, + "allow_credentials": { + "$id": "#service_extra_config/security/cors/allow_credentials", + "title": "Allow_credentials", + "description": "When requests can include user credentials like cookies, HTTP authentication or client side SSL certificates\n\nSee: https://www.krakend.io/docs/service-settings/cors/", + "type": "boolean", + "default": true + }, + "debug": { + "$id": "#service_extra_config/security/cors/debug", + "title": "Show debug", + "description": "Show debugging information in the logger, to be used only during development.\n\nSee: https://www.krakend.io/docs/service-settings/cors/", + "type": "boolean", + "default": true + } + } + }, + "security/http": { + "$ref": "security/http.json" + }, + "server/static-filesystem": { + "$ref": "server/static-filesystem.json" + }, + "server/virtualhost": { + "$ref": "server/virtualhost.json" + }, + "telemetry/logging": { + "$ref": "telemetry/logging.json" + }, + "telemetry/logstash": { + "$ref": "telemetry/logstash.json" + }, + "telemetry/gelf": { + "$ref": "telemetry/gelf.json" + }, + "telemetry/influx": { + "$ref": "telemetry/influx.json" + }, + "github_com/letgoapp/krakend-influx": { + "$ref": "telemetry/influx.json" + }, + "telemetry/metrics": { + "$ref": "telemetry/metrics.json" + }, + "telemetry/opencensus": { + "$ref": "telemetry/opencensus.json" + }, + "telemetry/newrelic": { + "$ref": "telemetry/newrelic.json" + }, + "documentation/openapi": { + "$ref": "documentation/openapi.json" + }, + "auth/api-keys": { + "$ref": "auth/api-keys.json" + }, + "auth/validator": { + "$ref": "auth/jose.json" + }, + "qos/ratelimit/service": { + "$ref": "qos/ratelimit/router.json", + "title": "Service Rate-limiting", + "description": "Enterprise Only. The service rate limit feature allows you to set the maximum requests per second a user or group of users can do to KrakenD and works analogously to the endpoint rate limit.\n\nSee: https://www.krakend.io/docs/enterprise/service-settings/service-rate-limit/" + }, + "modifier/lua-endpoint": { + "$ref": "modifier/lua.json" + } + } +} \ No newline at end of file diff --git a/v2.5/telemetry/gelf.json b/v2.5/telemetry/gelf.json new file mode 100644 index 0000000..27cd065 --- /dev/null +++ b/v2.5/telemetry/gelf.json @@ -0,0 +1,29 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/telemetry/gelf.json", + "title": "GELF", + "description": "Send structured events in GELF format to your Graylog Cluster.\n\nSee: https://www.krakend.io/docs/logging/graylog-gelf/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": [ + "address", + "enable_tcp" + ], + "properties": { + "address": { + "$id": "#telemetry/gelf/address", + "title": "Address", + "description": "The address (including the port) of your Graylog cluster (or any other service that receives GELF inputs). E.g., `myGraylogInstance:12201`\n\nSee: https://www.krakend.io/docs/logging/graylog-gelf/", + "type": "string" + }, + "enable_tcp": { + "$id": "#telemetry/gelf/enable_tcp", + "title": "Enable TCP", + "description": "Set to false (recommended) to use UDP, or true to use TCP. TCP performance is worst than UDP under heavy load.\n\nSee: https://www.krakend.io/docs/logging/graylog-gelf/", + "type": "boolean" + } + } +} \ No newline at end of file diff --git a/v2.5/telemetry/influx.json b/v2.5/telemetry/influx.json new file mode 100644 index 0000000..3470bb1 --- /dev/null +++ b/v2.5/telemetry/influx.json @@ -0,0 +1,55 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/telemetry/influx.json", + "title": "Telemetry via influx", + "description": "Enables the extended logging capabilities.\n\nSee: https://www.krakend.io/docs/telemetry/influxdb-native/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": [ + "address", + "ttl" + ], + "properties": { + "address": { + "$id": "#telemetry/influx/address", + "title": "Address", + "description": "The complete url of the influxdb including the port if different from defaults in http/https.\n\nSee: https://www.krakend.io/docs/telemetry/influxdb-native/", + "type": "string" + }, + "ttl": { + "$id": "#telemetry/influx/ttl", + "title": "TTL", + "description": "TTL against Influx.\n\nSee: https://www.krakend.io/docs/telemetry/influxdb-native/", + "$ref": "../timeunits.json#/$defs/timeunit" + }, + "buffer_size": { + "$id": "#telemetry/influx/buffer_size", + "title": "Points in buffer", + "description": "The buffer size is a protection mechanism that allows you to temporarily store datapoints for later reporting when Influx is unavailable. If the buffer is `0`, reported metrics that fail are discarded immediately. If the buffer is a positive number, KrakenD creates a buffer with the number of datapoints set. When the buffer is full because the Influx server keeps failing, newer datapoints replace older ones in the buffer.\n\nSee: https://www.krakend.io/docs/telemetry/influxdb-native/", + "type": "integer", + "minimum": 0 + }, + "db": { + "$id": "#telemetry/influx/db", + "title": "DB name", + "description": "Name of the InfluxDB database (Influx v1) or the bucket name (Influx v2).\n\nSee: https://www.krakend.io/docs/telemetry/influxdb-native/", + "type": "string", + "default": "krakend" + }, + "username": { + "$id": "#telemetry/influx/username", + "title": "Username", + "description": "Username to authenticate to InfluxDB.\n\nSee: https://www.krakend.io/docs/telemetry/influxdb-native/", + "type": "string" + }, + "password": { + "$id": "#telemetry/influx/password", + "title": "Password", + "description": "Password to authenticate to InfluxDB. In Influx v2, you also need to add grant access with `influx v1 auth`.\n\nSee: https://www.krakend.io/docs/telemetry/influxdb-native/", + "type": "string" + } + } +} \ No newline at end of file diff --git a/v2.5/telemetry/logging.json b/v2.5/telemetry/logging.json new file mode 100644 index 0000000..2931e29 --- /dev/null +++ b/v2.5/telemetry/logging.json @@ -0,0 +1,84 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/telemetry/logging.json", + "title": "Improved logging", + "description": "Enables the extended logging capabilities.\n\nSee: https://www.krakend.io/docs/logging/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": [ + "level" + ], + "properties": { + "level": { + "$id": "#level", + "title": "Log Level", + "description": "What type of **reporting level** do you expect from the application? Use the `DEBUG` level in the development stages but not in production. Possible values are from more verbose to least.\n\nSee: https://www.krakend.io/docs/logging/", + "type": "string", + "enum": [ + "DEBUG", + "INFO", + "WARNING", + "ERROR", + "CRITICAL" + ] + }, + "prefix": { + "$id": "#prefix", + "title": "Prefix", + "description": "Adds the defined string at the beginning of every logged line, so you can quickly filter messages with external tools later on. It's recommended to always add a prefix `[INSIDE BRACKETS]` to make use of predefined dashboards.\n\nSee: https://www.krakend.io/docs/logging/", + "type": "string" + }, + "syslog": { + "$id": "#syslog", + "title": "Logs to syslog", + "description": "Set to true to send logs to syslog.\n\nSee: https://www.krakend.io/docs/logging/", + "type": "boolean", + "default": false + }, + "stdout": { + "$id": "#stdout", + "title": "Logs to stdout", + "description": "Set to true to send logs to stdout.\n\nSee: https://www.krakend.io/docs/logging/", + "type": "boolean", + "default": false + }, + "format": { + "$id": "#format", + "title": "Log format", + "description": "Specify the format of the logs: default, logstash, or custom.\nThe custom format needs an additional key \"custom_format\".\nThe \"logstash\" format needs the \"telemetry/logstash\" component added too.\n\nSee: https://www.krakend.io/docs/logging/", + "type": "string", + "default": "default", + "examples": [ + "default", + "logstash", + "custom" + ] + }, + "custom_format": { + "$id": "#custom_format", + "title": "Custom format", + "description": "Lets you write a custom logging pattern using variables, e.g: `%{message}`.\n\nSee: https://www.krakend.io/docs/logging/", + "type": "string" + }, + "syslog_facility": { + "$id": "#syslog_facility", + "title": "Syslog facility", + "description": "When using syslog, the facility tells KrakenD where to send the messages as set by the locals of the [syslog standard](https://www.rfc-editor.org/rfc/rfc5424.html).\n\nSee: https://www.krakend.io/docs/logging/", + "type": "string", + "default": "local3", + "enum": [ + "local0", + "local1", + "local2", + "local3", + "local4", + "local5", + "local6", + "local7" + ] + } + } +} \ No newline at end of file diff --git a/v2.5/telemetry/logstash.json b/v2.5/telemetry/logstash.json new file mode 100644 index 0000000..eaef254 --- /dev/null +++ b/v2.5/telemetry/logstash.json @@ -0,0 +1,22 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/telemetry/logstash.json", + "title": "Logstash", + "description": "Enables logstash when the extra_config \"telemetry/logging\" is also present.\n\nSee: https://www.krakend.io/docs/logging/logstash/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": [ + "enabled" + ], + "properties": { + "enabled": { + "$id": "#enabled", + "title": "Enabled", + "type": "boolean", + "default": true + } + } +} \ No newline at end of file diff --git a/v2.5/telemetry/metrics.json b/v2.5/telemetry/metrics.json new file mode 100644 index 0000000..e21dbcb --- /dev/null +++ b/v2.5/telemetry/metrics.json @@ -0,0 +1,57 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/telemetry/metrics.json", + "title": "Extended metrics", + "description": "Collects extended metrics to push to InfluxDB or expose them in the /__stats/ endpoint.\n\nSee: https://www.krakend.io/docs/telemetry/extended-metrics/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "collection_time": { + "$id": "#collection_time", + "title": "Collection time", + "description": "The time window to consolidate collected metrics. Metrics are updated in their internal counters all the time, but the `/__stats/` endpoint, or the Influx reporter, won't see them updated until this window completes.\n\nSee: https://www.krakend.io/docs/telemetry/extended-metrics/", + "type": "string", + "$ref": "../timeunits.json#/$defs/timeunit", + "default": "60s" + }, + "proxy_disabled": { + "$id": "#proxy_disabled", + "title": "Proxy disabled", + "description": "Skip any metrics happening in the proxy layer (traffic against your backends). Disabling layers saves memory consumption but reduces visibility.\n\nSee: https://www.krakend.io/docs/telemetry/extended-metrics/", + "type": "boolean", + "default": false + }, + "router_disabled": { + "$id": "#router_disabled", + "title": "Router disabled", + "description": "Skip any metrics happening in the router layer (activity in KrakenD endpoints). Disabling layers saves memory consumption but reduces visibility.\n\nSee: https://www.krakend.io/docs/telemetry/extended-metrics/", + "type": "boolean", + "default": false + }, + "backend_disabled": { + "$id": "#backend_disabled", + "title": "Backend disabled", + "description": "Skip any metrics happening in the backend layer. Disabling layers saves memory consumption but reduces visibility.\n\nSee: https://www.krakend.io/docs/telemetry/extended-metrics/", + "type": "boolean", + "default": false + }, + "endpoint_disabled": { + "$id": "#endpoint_disabled", + "title": "Endpoint disabled", + "description": "When true do not publish the /__stats/ endpoint. Metrics won't be accessible via the endpoint but still collected (and you can send them to Influx for instance).\n\nSee: https://www.krakend.io/docs/telemetry/extended-metrics/", + "type": "boolean", + "default": false + }, + "listen_address": { + "$id": "#listen_address", + "title": "Listen address", + "description": "Change the listening address where the metrics endpoint is exposed.\n\nSee: https://www.krakend.io/docs/telemetry/extended-metrics/", + "type": "string", + "default": ":8090", + "pattern": "^:[0-9]+$" + } + } +} \ No newline at end of file diff --git a/v2.5/telemetry/moesif.json b/v2.5/telemetry/moesif.json new file mode 100644 index 0000000..02dbcd3 --- /dev/null +++ b/v2.5/telemetry/moesif.json @@ -0,0 +1,150 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/telemetry/moesif.json", + "title": "Moesif integration", + "description": "The Moesif integration helps you understand and monetize API usage with a robust analytics and billing platform.\n\nSee: https://www.krakend.io/docs/enterprise/telemetry/moesif/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": [ + "application_id", + "user_id_headers" + ], + "properties": { + "application_id": { + "$id": "#telemetry/moesif/application_id", + "title": "Collector Application ID", + "description": "The Collector Application ID is used to send events, actions, users, and companies to Moesif's Collector API. Moesif provides it under the 'API Keys' section.\n\nSee: https://www.krakend.io/docs/enterprise/telemetry/moesif/", + "type": "string" + }, + "debug": { + "$id": "#telemetry/moesif/debug", + "title": "Enable debug", + "description": "Set to true when configuring Moesif for the first time while in development, to see the activity in the logs. Set to false in production.\n\nSee: https://www.krakend.io/docs/enterprise/telemetry/moesif/", + "type": "boolean", + "default": false + }, + "log_body": { + "$id": "#telemetry/moesif/log_body", + "title": "Send the body", + "description": "Send the body of all endpoints and requests to Moesif.\n\nSee: https://www.krakend.io/docs/enterprise/telemetry/moesif/", + "type": "boolean", + "default": true + }, + "event_queue_size": { + "$id": "#telemetry/moesif/event_queue_size", + "title": "Event Queue Size", + "description": "Sends the number of events you can hold in-memory to send them asynchronously to Moesif. If the throughput of your API generates more events than the size of the queue, the exceeding events will be discarded and not reported.\n\nSee: https://www.krakend.io/docs/enterprise/telemetry/moesif/", + "type": "integer", + "default": 1000000 + }, + "batch_size": { + "$id": "#telemetry/moesif/batch_size", + "title": "Batch Size", + "description": "Number of events you will send on every batch reporting asynchronously to Moesif. For high throughput you will need to increase this value.\n\nSee: https://www.krakend.io/docs/enterprise/telemetry/moesif/", + "type": "integer", + "default": 200 + }, + "timer_wake_up_seconds":{ + "$id": "#telemetry/moesif/timer_wake_up_seconds", + "title": "Timer Wake Up", + "description": "Specifies how often a background thread runs to send events to Moesif. Value in seconds.\n\nSee: https://www.krakend.io/docs/enterprise/telemetry/moesif/", + "type": "integer", + "default": 2 + }, + "request_header_masks": { + "$id": "#telemetry/moesif/request_header_masks", + "title": "Request header masks", + "description": "The list of request headers that you want to mask their values before sending them to Moesif.\n\nSee: https://www.krakend.io/docs/enterprise/telemetry/moesif/", + "type": "array", + "items": { + "type": "string" + }, + "examples": [["Authorization"]] + }, + "response_header_masks": { + "$id": "#telemetry/moesif/response_header_masks", + "title": "Response header masks", + "description": "The list of response headers that you want to mask their values before sending them to Moesif.\n\nSee: https://www.krakend.io/docs/enterprise/telemetry/moesif/", + "type": "array", + "items": { + "type": "string" + }, + "examples": [["Cookie"]] + }, + "request_body_masks": { + "$id": "#telemetry/moesif/request_body_masks", + "title": "Request body masks", + "description": "The list of fields in the request body that you want to mask before sending them to Moesif. You can set `log_body` to `false` to prevent any body being sent.\n\nSee: https://www.krakend.io/docs/enterprise/telemetry/moesif/", + "type": "array", + "items": { + "type": "string" + }, + "examples": [["password","credit_card"]] + }, + "response_body_masks": { + "$id": "#telemetry/moesif/response_body_masks", + "title": "Response body masks", + "description": "The list of fields in the response body that you want to mask before sending them to Moesif. You can set `log_body` to `false` to prevent any body being sent.\n\nSee: https://www.krakend.io/docs/enterprise/telemetry/moesif/", + "type": "array", + "items": { + "type": "string" + }, + "examples": [["password","credit_card"]] + }, + + "user_id_headers": { + "$id": "#telemetry/moesif/user_id_headers", + "title": "User ID headers", + "description": "Defines the list of possible headers that can identify a user uniquely. When the header is `Authorization`, it automatically extracts the username if it contains an `Authorization: Basic` value with no additional configuration. If, on the other hand, you use tokens and pass an `Authorization: Bearer`, it will extract the user ID from the JWT claim defined under `user_id_jwt_claim`. If there are multiple headers in the list, all of them are tested in the given order, and the first existing header in the list is used to extract the user ID (successfully or not).\n\nSee: https://www.krakend.io/docs/enterprise/telemetry/moesif/", + "type": "array", + "examples": [ + [ + "X-User-ID", + "Authorization" + ] + ] + }, + "user_id_jwt_claim": { + "$id": "#telemetry/moesif/user_id_jwt_claim", + "title": "User ID JWT claim", + "description": "When using JWT tokens, it defines which claim contains the user ID. The field must be a string.\n\nSee: https://www.krakend.io/docs/enterprise/telemetry/moesif/", + "type": "string", + "default": "sub" + }, + "identify_company": { + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "$id": "#telemetry/moesif/identify_company", + "title": "Identify company", + "description": "It sets which strategy you want to use to identify the company. Identifying the company helps you efficiently govern your API. Choose the system you wish to apply (**declare only one property**).\n\nSee: https://www.krakend.io/docs/enterprise/telemetry/moesif/", + "type": "object", + "maxProperties": 1, + "properties": { + "jwt_claim": { + "title": "Company in Claim", + "description": "The company is stored in a claim inside the JWT. The claim must return a string.\n\nSee: https://www.krakend.io/docs/enterprise/telemetry/moesif/", + "type": "string", + "examples": ["company_id"] + }, + "header": { + "title": "Company in Header", + "description": "The company is identified using a header. Provide the header name.\n\nSee: https://www.krakend.io/docs/enterprise/telemetry/moesif/", + "type": "string", + "examples": ["X-Tenant"] + }, + "query_string": { + "title": "Company in Query String", + "description": "The company is always passed inside a query string when calling any URL. Provide the query string name.\n\nSee: https://www.krakend.io/docs/enterprise/telemetry/moesif/", + "type": "string", + "examples": ["company"] + + } + } + } + } +} \ No newline at end of file diff --git a/v2.5/telemetry/newrelic.json b/v2.5/telemetry/newrelic.json new file mode 100644 index 0000000..0a77350 --- /dev/null +++ b/v2.5/telemetry/newrelic.json @@ -0,0 +1,36 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/telemetry/newrelic.json", + "title": "NewRelic exporter", + "description": "The New Relic integration lets you push KrakenD metrics and distributed traces to your New Relic dashboard. It uses internally the official New Relic SDK and brings its features to your APM dashboard.\n\nSee: https://www.krakend.io/docs/enterprise/telemetry/newrelic/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": [ + "license" + ], + "properties": { + "license": { + "$id": "#telemetry/newrelic/url", + "title": "License key", + "description": "The API key provided by New Relic to push data into your account.\n\nSee: https://www.krakend.io/docs/enterprise/telemetry/newrelic/", + "type": "string" + }, + "debug": { + "$id": "#telemetry/newrelic/debug", + "title": "Enable debug", + "description": "Set to true when configuring New Relic for the first time while in development, to see the activity in the logs. Set to false in production.\n\nSee: https://www.krakend.io/docs/enterprise/telemetry/newrelic/", + "type": "boolean", + "default": false + }, + "headers_to_pass": { + "$id": "#telemetry/newrelic/headers_to_pass", + "title": "Headers to pass", + "description": "Defines an explicit list of headers sent during the client request that will be reported to NewRelic, in addition to the default headers NewRelic sets. Setting the `[\"*\"]` value will send all headers sent by the client to NewRelic. Whether you declare this setting or not, you will usually receive from the NewRelic SDK the `Accept`, `Content-Type`, `User-Agent`, and `Referer` headers.\n\nSee: https://www.krakend.io/docs/enterprise/telemetry/newrelic/", + "type": "array", + "examples": [["*"]] + } + } +} \ No newline at end of file diff --git a/v2.5/telemetry/opencensus.json b/v2.5/telemetry/opencensus.json new file mode 100644 index 0000000..deb8aa1 --- /dev/null +++ b/v2.5/telemetry/opencensus.json @@ -0,0 +1,563 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/telemetry/opencensus.json", + "title": "Telemetry via Opencensus", + "description": "Enables the extended logging capabilities.\n\nSee: https://www.krakend.io/docs/telemetry/opencensus/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "required": [ + "exporters" + ], + "properties": { + "sample_rate": { + "$id": "#telemetry/opencensus/sample_rate", + "title": "Sample rate", + "description": "A number between 0 (no requests at all) and 100 (all requests) representing the percentage of sampled requests you want to send to the exporter. **Sampling the 100% of the requests is generally discouraged** when the relationship between traffic and dedicated resources is sparse.\n\nSee: https://www.krakend.io/docs/telemetry/opencensus/", + "type": "integer", + "minimum": 0, + "maximum": 100, + "default": 0 + }, + "reporting_period": { + "$id": "#telemetry/opencensus/reporting_period", + "title": "Reporting period", + "description": "The number of seconds passing between reports. If duration is less than or equal to zero, it enables the default behavior of each exporter.\n\nSee: https://www.krakend.io/docs/telemetry/opencensus/", + "type": "integer", + "default": 0 + }, + "enabled_layers": { + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "title": "Enabled Layers", + "description": "Lets you specify what data you want to export. All layers are enabled by default unless you declare this section.", + "properties": { + "backend": { + "title": "Report backend", + "description": "Reports the activity between KrakenD and your services", + "type": "boolean", + "default": false + }, + "router": { + "title": "Report router", + "description": "Reports the activity between end-users and KrakenD", + "type": "boolean", + "default": false + }, + "pipe": { + "title": "Report pipe", + "description": "Reports the activity at the beginning of the proxy layer. It gives a more detailed view of the internals of the pipe between end-users and KrakenD, having into account merging of different backends.", + "type": "boolean", + "default": false + } + } + }, + "exporters": { + "$id": "#telemetry/opencensus/exporters", + "title": "Exporters", + "description": "The exporter(s) you would like to enable. See each exporter configuration in its own section.", + "type": "object", + "minProperties": 1, + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "logger": { + "$id": "#telemetry/opencensus/exporters/logger", + "title": "Logger", + "description": "Opencensus can export data to the system logger as another exporter. Recommended to use `telemetry/logging` instead.\n\nSee: https://www.krakend.io/docs/telemetry/logger/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "stats": { + "title": "Stats", + "description": "Whether to log the statistics or not", + "type": "boolean", + "default": false + }, + "spans": { + "title": "Spans", + "description": "Whether to log the spans or not", + "type": "boolean", + "default": false + } + } + }, + "zipkin": { + "$id": "#telemetry/opencensus/exporters/zipkin", + "description": "Export telemetry data to a Zipkin collector", + "title": "Zipkin", + "type": "object", + "required": [ + "collector_url", + "service_name" + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "collector_url": { + "$id": "#telemetry/opencensus/exporters/zipkin/collector_url", + "title": "Collector URL", + "description": "The URL (including port and path) where your Zipkin is accepting the spans, e.g., `http://zipkin:9411/api/v2/spans`\n\nSee: https://www.krakend.io/docs/telemetry/zipkin/", + "type": "string", + "examples": [ + "http://192.168.99.100:9411/api/v2/spans" + ] + }, + "service_name": { + "$id": "#telemetry/opencensus/exporters/zipkin/service_name", + "title": "Service name", + "description": "The service name registered in Zipkin.\n\nSee: https://www.krakend.io/docs/telemetry/zipkin/", + "type": "string", + "examples": [ + "krakend" + ] + } + } + }, + "jaeger": { + "$id": "#telemetry/opencensus/exporters/jaeger", + "title": "Jaeger", + "description": "Submit spans to a Jaeger Collector (HTTP) with `endpoint` or to a Jaeger Agent (UDP) with `agent_endpoint`. \n\nSee https://www.krakend.io/docs/telemetry/jaeger/", + "type": "object", + "oneOf": [ + { + "required": [ + "endpoint", + "service_name" + ] + }, + { + "required": [ + "agent_endpoint", + "service_name" + ] + } + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "agent_endpoint": { + "$id": "#telemetry/opencensus/exporters/jaeger/agent_endpoint", + "title": "Agent Endpoint", + "description": "The address where the Jaeger Agent is (Thrift over UDP), e.g., `jaeger:6831`\n\nSee: https://www.krakend.io/docs/telemetry/jaeger/", + "type": "string", + "examples": [ + "http://192.168.99.100:14268/api/traces" + ] + }, + "endpoint": { + "$id": "#telemetry/opencensus/exporters/jaeger/endpoint", + "title": "Collector Endpoint", + "description": "The full URL including port indicating where your Jaeger Collector is (Thrift over HTTP/S), e.g., `http://jaeger:14268/api/traces`\n\nSee: https://www.krakend.io/docs/telemetry/jaeger/", + "type": "string", + "examples": [ + "http://192.168.99.100:14268/api/traces" + ] + }, + "service_name": { + "$id": "#telemetry/opencensus/exporters/jaeger/service_name", + "title": "Service name", + "description": "The service name registered in Jaeger\n\nSee: https://www.krakend.io/docs/telemetry/jaeger/", + "type": "string", + "examples": [ + "krakend" + ] + }, + "buffer_max_count": { + "$id": "#telemetry/opencensus/exporters/jaeger/buffer_max_count", + "title": "Buffer max count", + "description": "Total number of traces to buffer in memory\n\nSee: https://www.krakend.io/docs/telemetry/jaeger/", + "type": "integer" + } + } + }, + "influxdb": { + "$id": "#telemetry/opencensus/exporters/influxdb", + "title": "Influxdb", + "description": "Exports data to InfluxDB: A time series database designed to handle high write and query loads.\n\nSee: https://www.krakend.io/docs/telemetry/influxdb/", + "type": "object", + "required": [ + "address", + "db" + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "address": { + "$id": "#telemetry/opencensus/exporters/influxdb/address", + "title": "Address", + "description": "The URL (including port) where your InfluxDB is installed.\n\nSee: https://www.krakend.io/docs/telemetry/influxdb/", + "type": "string", + "examples": [ + "http://192.168.99.100:8086" + ] + }, + "db": { + "$id": "#telemetry/opencensus/exporters/influxdb/db", + "title": "DB name", + "description": "The database name\n\nSee: https://www.krakend.io/docs/telemetry/influxdb/", + "type": "string", + "examples": [ + "krakend" + ] + }, + "timeout": { + "$id": "#telemetry/opencensus/exporters/influxdb/timeout", + "title": "Timeout", + "description": "The maximum time you will wait for InfluxDB to respond.\n\nSee: https://www.krakend.io/docs/telemetry/influxdb/", + "examples": [ + "2s" + ], + "$ref": "../timeunits.json#/$defs/timeunit", + "type": "string" + }, + "username": { + "$id": "#telemetry/opencensus/exporters/influxdb/username", + "title": "Username", + "description": "The influxdb username to access the database\n\nSee: https://www.krakend.io/docs/telemetry/influxdb/", + "type": "string", + "examples": [ + "krakend" + ] + }, + "password": { + "$id": "#telemetry/opencensus/exporters/influxdb/password", + "title": "Password", + "description": "The password to access the database\n\nSee: https://www.krakend.io/docs/telemetry/influxdb/", + "type": "string", + "examples": [ + "kr4k3nd" + ] + } + } + }, + "prometheus": { + "$id": "#telemetry/opencensus/exporters/prometheus", + "title": "Prometheus", + "description": "Prometheus is an open-source systems monitoring and alerting toolkit.", + "type": "object", + "required": [ + "port" + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "port": { + "$id": "#telemetry/opencensus/exporters/prometheus/port", + "title": "Port", + "description": "Port on which the Prometheus exporter should listen\n\nSee: https://www.krakend.io/docs/telemetry/prometheus/", + "type": "integer", + "examples": [ + 9091 + ] + }, + "namespace": { + "$id": "#telemetry/opencensus/exporters/prometheus/namespace", + "title": "Namespace", + "description": "Sets the domain the metric belongs to.\n\nSee: https://www.krakend.io/docs/telemetry/prometheus/", + "type": "string" + }, + "tag_host": { + "$id": "#telemetry/opencensus/exporters/prometheus/tag_host", + "title": "Tag host", + "description": "Whether to send the host as a metric or not.\n\nSee: https://www.krakend.io/docs/telemetry/prometheus/", + "type": "boolean", + "default": false + }, + "tag_path": { + "$id": "#telemetry/opencensus/exporters/prometheus/tag_path", + "title": "Tag path", + "description": "Whether to send the path as a metric or not.\n\nSee: https://www.krakend.io/docs/telemetry/prometheus/", + "type": "boolean", + "default": false + }, + "tag_method": { + "$id": "#telemetry/opencensus/exporters/prometheus/tag_method", + "title": "Tag method", + "description": "Whether to send the HTTP method as a metric or not.\n\nSee: https://www.krakend.io/docs/telemetry/prometheus/", + "type": "boolean", + "default": true + }, + "tag_statuscode": { + "$id": "#telemetry/opencensus/exporters/prometheus/tag_statuscode", + "title": "Tag status code", + "description": "Whether to send the status code as a metric or not.\n\nSee: https://www.krakend.io/docs/telemetry/prometheus/", + "type": "boolean", + "default": false + } + } + }, + "xray": { + "$id": "#telemetry/opencensus/exporters/xray", + "title": "AWS X-ray", + "description": "AWS X-Ray is a service offered by Amazon that provides an end-to-end view of requests as they travel through your application, and shows a map of your application's underlying components.", + "type": "object", + "required": [ + "region", + "version" + ], + "oneOf": [ + { + "required": [ + "region", + "version", + "access_key_id", + "secret_access_key" + ] + }, + { + "required": [ + "region", + "version", + "use_env" + ] + } + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "region": { + "$id": "#telemetry/opencensus/exporters/xray/region", + "title": "Region", + "description": "The AWS geographical region, e.g, `us-east-1`.\n\nSee: https://www.krakend.io/docs/telemetry/xray/", + "type": "string", + "examples": [ + "eu-west-1" + ] + }, + "version": { + "$id": "#telemetry/opencensus/exporters/xray/version", + "title": "Version", + "description": "The version of the AWS X-Ray service to use.\n\nSee: https://www.krakend.io/docs/telemetry/xray/", + "type": "string", + "default": "KrakenD-opencensus" + }, + "use_env": { + "$id": "#telemetry/opencensus/exporters/xray/use_env", + "description": "When true the AWS credentials (access_key_id and secret_access_key) are taken from environment vars. Don't specify them then.\n\nSee: https://www.krakend.io/docs/telemetry/xray/", + "title": "Use_env", + "type": "boolean", + "default": false + }, + "access_key_id": { + "$id": "#telemetry/opencensus/exporters/xray/access_key_id", + "description": " Your access key ID provided by Amazon. Needed when `use_env` is unset or set to false.\n\nSee: https://www.krakend.io/docs/telemetry/xray/", + "title": "AWS access key id", + "type": "string" + }, + "secret_access_key": { + "$id": "#telemetry/opencensus/exporters/xray/secret_access_key", + "title": "AWS secret access key", + "description": "Your secret access key provided by Amazon. Needed when `use_env` is unset or set to false.\n\nSee: https://www.krakend.io", + "type": "string" + } + } + }, + "stackdriver": { + "$id": "#telemetry/opencensus/exporters/stackdriver", + "title": "Stackdriver", + "description": "Export metrics and traces to Google Cloud", + "type": "object", + "required": [ + "project_id", + "default_labels" + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "project_id": { + "$id": "#telemetry/opencensus/exporters/stackdriver/project_id", + "title": "Project_id", + "description": "The identifier of your Google Cloud project. The `project_id` **is not the project name**. You can omit this value from the configuration if you have an application credential file for Google.\n\nSee: https://www.krakend.io/docs/telemetry/stackdriver/", + "type": "string", + "default": "", + "examples": [ + "ID" + ], + "pattern": "^.*$" + }, + "metric_prefix": { + "$id": "#telemetry/opencensus/exporters/stackdriver/metric_prefix", + "title": "Metric_prefix", + "description": "A prefix that you can add to all your metrics for better organization.\n\nSee: https://www.krakend.io/docs/telemetry/stackdriver/", + "type": "string" + }, + "default_labels": { + "$id": "#telemetry/opencensus/exporters/stackdriver/default_labels", + "title": "Default_labels", + "description": "A map object. Enter here any label that will be assigned by default to the reported metric so you can filter later on Stack Driver.\n\nSee: https://www.krakend.io/docs/telemetry/stackdriver/", + "type": "object", + "examples": [ + { + "env": "production" + } + ] + } + } + }, + "datadog": { + "$id": "#telemetry/opencensus/exporters/datadog", + "title": "Datadog", + "description": "Datadog is a monitoring and security platform for developers, IT operations teams and business in the cloud.\n\nSee: https://www.krakend.io/docs/telemetry/datadog/", + "type": "object", + "required": [ + "namespace", + "service", + "trace_address", + "stats_address", + "tags", + "global_tags", + "disable_count_per_buckets" + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "namespace": { + "$id": "#telemetry/opencensus/exporters/datadog/namespace", + "title": "Namespace", + "description": "The namespace to which metric keys are appended.\n\nSee: https://www.krakend.io/docs/telemetry/datadog/", + "type": "string" + }, + "service": { + "$id": "#telemetry/opencensus/exporters/datadog/service", + "title": "Service", + "description": "Service specifies the service name used for tracing\n\nSee: https://www.krakend.io/docs/telemetry/datadog/", + "type": "string", + "examples": [ + "gateway" + ] + }, + "trace_address": { + "$id": "#telemetry/opencensus/exporters/datadog/trace_address", + "title": "Trace address", + "description": "Specifies the host[:port] address of the Datadog Trace Agent.\n\nSee: https://www.krakend.io/docs/telemetry/datadog/", + "type": "string", + "default": "localhost:8126" + }, + "stats_address": { + "$id": "#telemetry/opencensus/exporters/datadog/stats_address", + "title": "Stats address", + "description": "Specifies the host[:port] address for DogStatsD. To enable ingestion using Unix Domain Socket (UDS) mount your UDS path and reference it in the stats_address using a path like `unix:///var/run/datadog/dsd.socket`.\n\nSee: https://www.krakend.io/docs/telemetry/datadog/", + "type": "string", + "examples": [ + "localhost:8125" + ], + "default": "localhost:8125" + }, + "tags": { + "$id": "#telemetry/opencensus/exporters/datadog/tags", + "description": "Specifies a set of global tags to attach to each metric.\n\nSee: https://www.krakend.io/docs/telemetry/datadog/", + "title": "Tags", + "type": "array" + }, + "global_tags": { + "$id": "#telemetry/opencensus/exporters/datadog/global_tags", + "description": "A set of tags (key/value) that will automatically be applied to all exported spans.\n\nSee: https://www.krakend.io/docs/telemetry/datadog/", + "title": "Global tags", + "type": "object", + "examples": [ + { + "env": "prod" + } + ] + }, + "disable_count_per_buckets": { + "$id": "#telemetry/opencensus/exporters/datadog/disable_count_per_buckets", + "title": "Disable count per buckets", + "description": "Specifies whether to emit count_per_bucket metrics.\n\nSee: https://www.krakend.io/docs/telemetry/datadog/", + "type": "boolean", + "default": false + } + } + }, + "ocagent": { + "$id": "#telemetry/opencensus/exporters/ocagent", + "title": "Ocagent", + "description": "Exporting metrics, logs, and events to the OpenCensus Agent.\n\nSee: https://www.krakend.io/docs/telemetry/ocagent/", + "type": "object", + "required": [ + "address", + "service_name" + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "address": { + "$id": "#telemetry/opencensus/exporters/ocagent/address", + "title": "Address", + "description": "The address of your Azure Monitor collector.\n\nSee: https://www.krakend.io/docs/telemetry/ocagent/", + "type": "string", + "examples": [ + "localhost:55678" + ] + }, + "service_name": { + "$id": "#telemetry/opencensus/exporters/ocagent/service_name", + "title": "Service name", + "description": "An identifier of your service, e.g, `krakend`.\n\nSee: https://www.krakend.io/docs/telemetry/ocagent/", + "type": "string" + }, + "reconnection": { + "$id": "#telemetry/opencensus/exporters/ocagent/reconnection", + "title": "Reconnection", + "description": "The reconnection time\n\nSee: https://www.krakend.io/docs/telemetry/ocagent/", + "default": "2s", + "type": "string", + "$ref": "../timeunits.json#/$defs/timeunit" + }, + "insecure": { + "$id": "#telemetry/opencensus/exporters/ocagent/insecure", + "title": "Insecure", + "description": "Whether the connection can be established in plain (insecure) or not.\n\nSee: https://www.krakend.io/docs/telemetry/ocagent/", + "type": "boolean", + "default": false + }, + "enable_compression": { + "$id": "#telemetry/opencensus/exporters/ocagent/enable_compression", + "title": "Enable compression", + "description": "Whether to send data compressed or not.\n\nSee: https://www.krakend.io/docs/telemetry/ocagent/", + "type": "boolean", + "default": false + }, + "headers": { + "$id": "#telemetry/opencensus/exporters/ocagent/headers", + "title": "Headers", + "description": "List of keys and values for the headers sent. Keys and values must be of type string.\n\nSee: https://www.krakend.io/docs/telemetry/ocagent/", + "type": "object", + "examples": [ + { + "header1": "value1" + } + ] + } + } + } + } + } + } +} \ No newline at end of file diff --git a/v2.5/timeunits.json b/v2.5/timeunits.json new file mode 100644 index 0000000..500af35 --- /dev/null +++ b/v2.5/timeunits.json @@ -0,0 +1,13 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/timeunits.json", + "title": "Time units / Duration patterns", + "$defs": { + "timeunit": { + "type": "string", + "pattern": "^[0-9]+(ns|ms|us|µs|s|m|h)$", + "title": "Duration", + "description": "The amount of time you want to assign followed by its unit (e.g.: `2s`, `200ms`). Valid time units are: ns, us, (or µs), ms, s, m, h." + } + } +} \ No newline at end of file diff --git a/v2.5/tls.json b/v2.5/tls.json new file mode 100644 index 0000000..250d1d4 --- /dev/null +++ b/v2.5/tls.json @@ -0,0 +1,133 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/tls.json", + "title": "TLS/SSL", + "description": "Enabling TLS for HTTPS and HTTP/2.\n\nSee: https://www.krakend.io/docs/service-settings/tls/", + "anyOf": [ + { + "type": "object", + "required": [ + "public_key", + "private_key" + ] + }, + { + "type": "null" + } + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "public_key": { + "$id": "#service/tls/public_key", + "title": "Public key", + "description": "Absolute path to the public key, or relative to the current working directory.\n\nSee: https://www.krakend.io/docs/service-settings/tls/", + "type": "string", + "default": "./certs/cert.pem", + "examples": [ + "/path/to/cert.pem", + "./certs/cert.pem" + ] + }, + "private_key": { + "$id": "#service/tls/private_key", + "title": "Private key", + "description": "Absolute path to the private key, or relative to the current working directory.\n\nSee: https://www.krakend.io/docs/service-settings/tls/", + "type": "string", + "default": "./certs/key.pem", + "examples": [ + "/path/to/key.pem", + "./certs/key.pem" + ] + }, + "disabled": { + "$id": "#service/tls/disabled", + "title": "Disable TLS", + "description": "A flag to disable TLS (useful while in development).\n\nSee: https://www.krakend.io/docs/service-settings/tls/", + "type": "boolean", + "default": false + }, + "min_version": { + "$id": "#service/tls/min_version", + "type": "string", + "title": "Minimum TLS version", + "description": "Minimum TLS version supported. When specifiying very old and insecure versions under TLS12 you must provide the `ciphers_list`.\n\nSee: https://www.krakend.io/docs/service-settings/tls/", + "enum": [ + "SSL3.0", + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "default": "TLS13" + }, + "max_version": { + "$id": "#service/tls/max_version", + "type": "string", + "title": "Maximum TLS version", + "description": "Maximum TLS version supported.\n\nSee: https://www.krakend.io/docs/service-settings/tls/", + "enum": [ + "SSL3.0", + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "default": "TLS13" + }, + "enable_mtls": { + "$id": "#service/tls/enable_mtls", + "title": "Enable Mutual Authentication", + "description": "Whether to enable or not Mutual Authentication. When mTLS is enabled, **all KrakenD endpoints** require clients to provide a known client-side X.509 authentication certificate. KrakenD relies on the system’s CA to validate certificates.\n\nSee: https://www.krakend.io/docs/authorization/mutual-authentication/", + "type": "boolean", + "default": false + }, + "curve_preferences": { + "$id": "#service/tls/curve_preferences", + "title": "Curve identifiers", + "description": "The list of all the identifiers for the curve preferences. Use `23` for CurveP256, `24` for CurveP384 or `25` for CurveP521.\n\nSee: https://www.krakend.io/docs/service-settings/tls/", + "type": "array", + "uniqueItems": true, + "default": [ + 23,24,25 + ], + "items": { + "enum": [23,24,25] + } + + }, + "cipher_suites": { + "$id": "#service/tls/cipher_suites", + "title": "Cipher Suites", + "description": "The list of cipher suites as defined in the documentation.\n\nSee: https://www.krakend.io/docs/service-settings/tls/", + "type": "array", + "uniqueItems": true, + "default": [ + 4865, + 4866, + 4867 + ] + }, + "ca_certs": { + "$id": "#service/tls/ca_certs", + "title": "CA certificates (for mTLS)", + "description": "An array with all the CA certificates you would like to load to KrakenD **when using mTLS**, in addition to the certificates present in the system's CA. Each certificate in the list is a relative or absolute path to the PEM file. If you have a format other than PEM, you must convert the certificate to PEM using a conversion tool. See also `disable_system_ca_pool` to avoid system's CA.\n\nSee: https://www.krakend.io/docs/authorization/mutual-authentication/", + "type": "array", + "examples": [ + [ + "ca.pem" + ] + ], + "default": [] + }, + "disable_system_ca_pool": { + "$id": "#service/tls/disable_system_ca_pool", + "title": "Disable system's CA", + "description": "Ignore any certificate in the system's CA. The only certificates loaded will be the ones in the `ca_certs` list when true.\n\nSee: https://www.krakend.io/docs/service-settings/http-server-settings/", + "type": "boolean", + "default": false + } + } +} \ No newline at end of file diff --git a/v2.5/validation/cel.json b/v2.5/validation/cel.json new file mode 100644 index 0000000..96aa393 --- /dev/null +++ b/v2.5/validation/cel.json @@ -0,0 +1,32 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/validation/cel.json", + "title": "Common Expression Language (CEL) validations", + "description": "The Common Expression Language (CEL) middleware enables expression evaluation, when an expression returns false, KrakenD does not return the content as the condition has failed. Otherwise, if all expressions returned true, the content is served.\n\nSee: https://www.krakend.io/docs/endpoints/common-expression-language-cel/", + "type": "array", + + "minItems": 1, + "items":{ + "$id": "#root/validation/cel/items", + "title": "Items", + "type": "object", + "required": [ + "check_expr" + ], + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "check_expr": { + "$id": "#validation/cel/items/check_expr", + "title": "Check expression", + "description": "The expression that evaluates as a boolean, you can write here any conditional. If the result of the expression is `true`, the execution continues. See in the docs how to use additional variables to retrieve data from requests, responses, and tokens.\n\nSee: https://www.krakend.io/docs/endpoints/common-expression-language-cel/", + "type": "string", + "examples": [ + "int(req_params.Id) % 3 == 0" + ] + } + } + } +} \ No newline at end of file diff --git a/v2.5/websocket.json b/v2.5/websocket.json new file mode 100644 index 0000000..d49e6e1 --- /dev/null +++ b/v2.5/websocket.json @@ -0,0 +1,109 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "https://www.krakend.io/schema/v2.5/websocket.json", + "title": "Schema definition for Websockets", + "description": "Enterprise only. Enables websocket communication.\n\nSee: https://www.krakend.io/docs/enterprise/websockets/", + "type": "object", + "additionalProperties": false, + "patternProperties": { + "^[@$_#]": {} + }, + "properties": { + "input_headers": { + "$id": "#websocket/input_headers", + "title": "Allowed Headers In", + "description": "Defines which input headers are allowed to pass to the backend. Notice that you need to declare the `input_headers` at the endpoint level too.\n\nSee: https://www.krakend.io/docs/enterprise/websockets/", + "type": "array", + "uniqueItems": true, + "default": [], + "items": { + "$id": "#websocket/input_headers/items", + "type": "string", + "examples": [ + "User-Agent", + "Accept", + "*" + ] + } + }, + "connect_event": { + "title": "Notify connections", + "description": "Whether to send notification events to the backend or not when a user establishes a new Websockets connection.\n\nSee: https://www.krakend.io/docs/enterprise/websockets/", + "type": "boolean", + "default": false + }, + "disconnect_event": { + "title": "Notify disconnections", + "description": "Whether to send notification events to the backend or not when users disconnect from their Websockets connection.\n\nSee: https://www.krakend.io/docs/enterprise/websockets/", + "type": "boolean", + "default": false + }, + "read_buffer_size": { + "title": "Read buffer size", + "description": "Connections buffer network input and output to reduce the number of system calls when reading messages. You can set the maximum buffer size for reading in bytes.\n\nSee: https://www.krakend.io/docs/enterprise/websockets/", + "type": "integer", + "default": 1024 + }, + "write_buffer_size": { + "title": "Write buffer size", + "description": "Connections buffer network input and output to reduce the number of system calls when writing messages. You can set the maximum buffer size for writing in bytes.\n\nSee: https://www.krakend.io/docs/enterprise/websockets/", + "type": "integer", + "default": 1024 + }, + "message_buffer_size": { + "title": "Message buffer size", + "description": "Sets the maximum number of messages **each client** can have in the buffer waiting to be processed. As this is a per-client setting, you must forecast how many consumers of KrakenD websockets you will have. The default value may be too high (memory consumption) if you expect thousands of clients consuming simultaneously.\n\nSee: https://www.krakend.io/docs/enterprise/websockets/", + "type": "integer", + "default": 256 + }, + "max_message_size": { + "title": "Maximum message size", + "description": "Sets the maximum size of messages **in bytes** sent by or returned to the client. Messages larger than this value are discarded by KrakenD and the client disconnected.\n\nSee: https://www.krakend.io/docs/enterprise/websockets/", + "type": "integer", + "default": 512 + }, + "write_wait": { + "title": "Write timeout", + "description": "Sets the maximum time KrakenD will wait until the write times out.\n\nSee: https://www.krakend.io/docs/enterprise/websockets/", + "$ref": "./timeunits.json#/$defs/timeunit", + "default": "10s" + }, + "pong_wait": { + "title": "Pong timeout", + "description": "Sets the maximum time KrakenD will until the pong times out.\n\nSee: https://www.krakend.io/docs/enterprise/websockets/", + "$ref": "./timeunits.json#/$defs/timeunit", + "default": "60s" + }, + "ping_period": { + "title": "Ping frequency", + "description": "Sets the time between pings checking the health of the system.\n\nSee: https://www.krakend.io/docs/enterprise/websockets/", + "$ref": "./timeunits.json#/$defs/timeunit", + "default": "54s" + }, + "return_error_details": { + "title": "Return error details", + "description": "Provides an error `{'error':'reason here'}` to the client when KrakenD was unable to send the message to the backend.\n\nSee: https://www.krakend.io/docs/enterprise/websockets/", + "type": "boolean", + "default": false + }, + "max_retries": { + "title": "Max retries", + "description": "The maximum number of times you will allow KrakenD to retry reconnecting to a broken messaging system. Use a value `<= 0` for unlimited retries.\n\nSee: https://www.krakend.io/docs/enterprise/websockets/", + "type": "integer", + "default": 0 + }, + "backoff_strategy": { + "title": "Backoff strategy", + "description": "When the connection to your event source gets interrupted for whatever reason, KrakenD keeps trying to reconnect until it succeeds or until it reaches the max_retries. The backoff strategy defines the delay in seconds in between consecutive failed retries. Defaults to 'fallback'\n\nSee: https://www.krakend.io/docs/enterprise/websockets/", + "type": "string", + "enum": [ + "linear", + "linear-jitter", + "exponential", + "exponential-jitter", + "fallback" + ], + "default": "fallback" + } + } +} \ No newline at end of file