Parameters
See plugin common configurations for configuration options available to all plugins.
external_user_label_field
string
default:
groups
Key of the user labels when using an external identity provider for authentication.
The key should be a JSONPath when the user labels are in a nested JSON object and a field name otherwise.
The values to the key are expected to be in a string array and will be used for ACL tag matching.
external_user_label_field_key
string
Key of the user label field when
external_user_label_field
is a JSONPath. For example, ifexternal_user_label_field
is$.orgs..team
,external_user_label_field_key
should be configured toteam
.external_user_label_field_parser
string
vaild vaule:
segmented_text
,json
,ortable
Type of parser to parse for user labels.
When user labels are in serialized JSON format, use the
json
parser to deserialize the JSON object to a structured list of strings. When user labels are delimited strings, use thesegmented_text
parser and configure the delimiter inexternal_user_label_field_separator
to parse the strings into a structured list of strings. When user labels are in a list, use thetable
parser.external_user_label_field_separator
string
Delimiter to use by parser when user labels are delimited; that is, when
external_user_label_field_parser
issegmented_text
.allow_labels
object
List of labels associated with a key that if present, the request should be allowed access.
At least one of the
allow_labels
anddeny_labels
should be configured.deny_labels
object
List of labels associated with a key that if present, the request should be denied access.
At least one of the
allow_labels
anddeny_labels
should be configured.rejected_code
integer
default:
403
vaild vaule:
greater or equal to 200
HTTP status code to return when the request is rejected.
rejected_msg
string
default:
The consumer is forbidden.
Error message to return when the request is rejected.