{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "#/components/schemas/KafkaConsumePluginConfig", "title": "KafkaConsumePluginConfig", "x-speakeasy-entity": "PluginKafkaConsume", "properties": { "config": { "type": "object", "properties": { "authentication": { "type": "object", "properties": { "mechanism": { "description": "The SASL authentication mechanism. Supported options: `PLAIN` or `SCRAM-SHA-256`.", "type": "string", "enum": [ "PLAIN", "SCRAM-SHA-256", "SCRAM-SHA-512" ] }, "password": { "description": "Password for SASL authentication.", "type": "string", "x-encrypted": true, "x-referenceable": true }, "strategy": { "description": "The authentication strategy for the plugin, the only option for the value is `sasl`.", "type": "string", "enum": [ "sasl" ] }, "tokenauth": { "description": "Enable this to indicate `DelegationToken` authentication", "type": "boolean" }, "user": { "description": "Username for SASL authentication.", "type": "string", "x-encrypted": true, "x-referenceable": true } } }, "auto_offset_reset": { "description": "The offset to start from when there is no initial offset in the consumer group.", "type": "string", "default": "latest", "enum": [ "earliest", "latest" ] }, "bootstrap_servers": { "description": "Set of bootstrap brokers in a `{host: host, port: port}` list format.", "type": "array", "items": { "properties": { "host": { "description": "A string representing a host name, such as example.com.", "type": "string" }, "port": { "description": "An integer representing a port number between 0 and 65535, inclusive.", "type": "integer", "maximum": 65535, "minimum": 0 } }, "required": [ "host", "port" ], "type": "object" } }, "cluster_name": { "description": "An identifier for the Kafka cluster.", "type": "string" }, "commit_strategy": { "description": "The strategy to use for committing offsets.", "type": "string", "default": "auto", "enum": [ "auto", "off" ] }, "dlq_topic": { "description": "The topic to use for the Dead Letter Queue.", "type": "string" }, "enable_dlq": { "description": "Enables Dead Letter Queue. When enabled, if the message doesn't conform to the schema (from Schema Registry) or there's an error in the `message_by_lua_functions`, it will be forwarded to `dlq_topic` that can be processed later.", "type": "boolean" }, "enforce_latest_offset_reset": { "description": "When true, 'latest' offset reset behaves correctly (starts from end). When false (default), maintains backwards compatibility where 'latest' acts like 'earliest'.", "type": "boolean", "default": false }, "message_by_lua_functions": { "description": "The Lua functions that manipulates the message being sent to the client.", "type": "array", "items": { "type": "string" } }, "message_deserializer": { "description": "The deserializer to use for the consumed messages.", "type": "string", "default": "noop", "enum": [ "json", "noop" ] }, "mode": { "description": "The mode of operation for the plugin.", "type": "string", "default": "http-get", "enum": [ "http-get", "server-sent-events", "websocket" ] }, "schema_registry": { "description": "The plugin-global schema registry configuration.", "type": "object", "properties": { "confluent": { "type": "object", "properties": { "authentication": { "type": "object", "properties": { "basic": { "type": "object", "properties": { "password": { "type": "string", "x-encrypted": true, "x-referenceable": true }, "username": { "type": "string", "x-encrypted": true, "x-referenceable": true } }, "required": [ "password", "username" ] }, "mode": { "description": "Authentication mode to use with the schema registry.", "type": "string", "default": "none", "enum": [ "basic", "none", "oauth2" ] }, "oauth2": { "type": "object", "properties": { "audience": { "description": "List of audiences passed to the IdP when obtaining a new token.", "type": "array", "items": { "type": "string" }, "default": [] }, "client_id": { "description": "The client ID for the application registration in the IdP.", "type": "string", "x-encrypted": true, "x-referenceable": true }, "client_secret": { "description": "The client secret for the application registration in the IdP.", "type": "string", "x-encrypted": true, "x-referenceable": true }, "grant_type": { "description": "The OAuth grant type to be used.", "type": "string", "default": "client_credentials", "enum": [ "client_credentials", "password" ] }, "password": { "description": "The password to use if `config.oauth.grant_type` is set to `password`.", "type": "string", "x-encrypted": true, "x-referenceable": true }, "scopes": { "description": "List of scopes to request from the IdP when obtaining a new token.", "type": "array", "items": { "type": "string" }, "default": [ "openid" ] }, "token_endpoint": { "description": "The token endpoint URI.", "type": "string" }, "token_headers": { "description": "Extra headers to be passed in the token endpoint request.", "type": "object", "additionalProperties": { "type": "string", "x-referenceable": true } }, "token_post_args": { "description": "Extra post arguments to be passed in the token endpoint request.", "type": "object", "additionalProperties": { "type": "string", "x-referenceable": true } }, "username": { "description": "The username to use if `config.oauth.grant_type` is set to `password`.", "type": "string", "x-encrypted": true, "x-referenceable": true } }, "required": [ "token_endpoint" ] }, "oauth2_client": { "type": "object", "properties": { "auth_method": { "description": "The authentication method used in client requests to the IdP. Supported values are: `client_secret_basic` to send `client_id` and `client_secret` in the `Authorization: Basic` header, `client_secret_post` to send `client_id` and `client_secret` as part of the request body, or `client_secret_jwt` to send a JWT signed with the `client_secret` using the client assertion as part of the body.", "type": "string", "default": "client_secret_post", "enum": [ "client_secret_basic", "client_secret_jwt", "client_secret_post", "none" ] }, "client_secret_jwt_alg": { "description": "The algorithm to use with JWT when using `client_secret_jwt` authentication.", "type": "string", "default": "HS512", "enum": [ "HS256", "HS512" ] }, "http_proxy": { "description": "The proxy to use when making HTTP requests to the IdP.", "type": "string" }, "http_proxy_authorization": { "description": "The `Proxy-Authorization` header value to be used with `http_proxy`.", "type": "string" }, "http_version": { "description": "The HTTP version used for requests made by this plugin. Supported values: `1.1` for HTTP 1.1 and `1.0` for HTTP 1.0.", "type": "number", "default": 1.1 }, "https_proxy": { "description": "The proxy to use when making HTTPS requests to the IdP.", "type": "string" }, "https_proxy_authorization": { "description": "The `Proxy-Authorization` header value to be used with `https_proxy`.", "type": "string" }, "keep_alive": { "description": "Whether to use keepalive connections to the IdP.", "type": "boolean", "default": true }, "no_proxy": { "description": "A comma-separated list of hosts that should not be proxied.", "type": "string" }, "ssl_verify": { "description": "Whether to verify the certificate presented by the IdP when using HTTPS.", "type": "boolean", "default": true }, "timeout": { "description": "Network I/O timeout for requests to the IdP in milliseconds.", "type": "integer", "default": 10000, "maximum": 2147483646, "minimum": 0 } } } } }, "ssl_verify": { "description": "Set to false to disable SSL certificate verification when connecting to the schema registry.", "type": "boolean", "default": true }, "ttl": { "description": "The TTL in seconds for the schema registry cache.", "type": "number", "maximum": 3600, "minimum": 0 }, "url": { "description": "The URL of the schema registry.", "type": "string" } } } } }, "security": { "type": "object", "properties": { "certificate_id": { "description": "UUID of certificate entity for mTLS authentication.", "type": "string" }, "ssl": { "description": "Enables TLS.", "type": "boolean" }, "ssl_verify": { "description": "When using TLS, this option enables verification of the certificate presented by the server.", "type": "boolean", "default": true } } }, "topics": { "description": "The Kafka topics and their configuration you want to consume from.", "type": "array", "items": { "properties": { "name": { "type": "string" }, "schema_registry": { "description": "The plugin-global schema registry configuration.", "type": "object", "properties": { "confluent": { "type": "object", "properties": { "authentication": { "type": "object", "properties": { "basic": { "type": "object", "properties": { "password": { "type": "string", "x-encrypted": true, "x-referenceable": true }, "username": { "type": "string", "x-encrypted": true, "x-referenceable": true } }, "required": [ "password", "username" ] }, "mode": { "description": "Authentication mode to use with the schema registry.", "type": "string", "default": "none", "enum": [ "basic", "none", "oauth2" ] }, "oauth2": { "type": "object", "properties": { "audience": { "description": "List of audiences passed to the IdP when obtaining a new token.", "type": "array", "items": { "type": "string" }, "default": [] }, "client_id": { "description": "The client ID for the application registration in the IdP.", "type": "string", "x-encrypted": true, "x-referenceable": true }, "client_secret": { "description": "The client secret for the application registration in the IdP.", "type": "string", "x-encrypted": true, "x-referenceable": true }, "grant_type": { "description": "The OAuth grant type to be used.", "type": "string", "default": "client_credentials", "enum": [ "client_credentials", "password" ] }, "password": { "description": "The password to use if `config.oauth.grant_type` is set to `password`.", "type": "string", "x-encrypted": true, "x-referenceable": true }, "scopes": { "description": "List of scopes to request from the IdP when obtaining a new token.", "type": "array", "items": { "type": "string" }, "default": [ "openid" ] }, "token_endpoint": { "description": "The token endpoint URI.", "type": "string" }, "token_headers": { "description": "Extra headers to be passed in the token endpoint request.", "type": "object", "additionalProperties": { "type": "string", "x-referenceable": true } }, "token_post_args": { "description": "Extra post arguments to be passed in the token endpoint request.", "type": "object", "additionalProperties": { "type": "string", "x-referenceable": true } }, "username": { "description": "The username to use if `config.oauth.grant_type` is set to `password`.", "type": "string", "x-encrypted": true, "x-referenceable": true } }, "required": [ "token_endpoint" ] }, "oauth2_client": { "type": "object", "properties": { "auth_method": { "description": "The authentication method used in client requests to the IdP. Supported values are: `client_secret_basic` to send `client_id` and `client_secret` in the `Authorization: Basic` header, `client_secret_post` to send `client_id` and `client_secret` as part of the request body, or `client_secret_jwt` to send a JWT signed with the `client_secret` using the client assertion as part of the body.", "type": "string", "default": "client_secret_post", "enum": [ "client_secret_basic", "client_secret_jwt", "client_secret_post", "none" ] }, "client_secret_jwt_alg": { "description": "The algorithm to use with JWT when using `client_secret_jwt` authentication.", "type": "string", "default": "HS512", "enum": [ "HS256", "HS512" ] }, "http_proxy": { "description": "The proxy to use when making HTTP requests to the IdP.", "type": "string" }, "http_proxy_authorization": { "description": "The `Proxy-Authorization` header value to be used with `http_proxy`.", "type": "string" }, "http_version": { "description": "The HTTP version used for requests made by this plugin. Supported values: `1.1` for HTTP 1.1 and `1.0` for HTTP 1.0.", "type": "number", "default": 1.1 }, "https_proxy": { "description": "The proxy to use when making HTTPS requests to the IdP.", "type": "string" }, "https_proxy_authorization": { "description": "The `Proxy-Authorization` header value to be used with `https_proxy`.", "type": "string" }, "keep_alive": { "description": "Whether to use keepalive connections to the IdP.", "type": "boolean", "default": true }, "no_proxy": { "description": "A comma-separated list of hosts that should not be proxied.", "type": "string" }, "ssl_verify": { "description": "Whether to verify the certificate presented by the IdP when using HTTPS.", "type": "boolean", "default": true }, "timeout": { "description": "Network I/O timeout for requests to the IdP in milliseconds.", "type": "integer", "default": 10000, "maximum": 2147483646, "minimum": 0 } } } } }, "ssl_verify": { "description": "Set to false to disable SSL certificate verification when connecting to the schema registry.", "type": "boolean", "default": true }, "ttl": { "description": "The TTL in seconds for the schema registry cache.", "type": "number", "maximum": 3600, "minimum": 0 }, "url": { "description": "The URL of the schema registry.", "type": "string" } } } } } }, "required": [ "name" ], "type": "object" }, "minLength": 1 } }, "required": [ "bootstrap_servers", "topics" ] }, "consumer": { "description": "If set, the plugin will activate only for requests where the specified has been authenticated. (Note that some plugins can not be restricted to consumers this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer.", "type": "object", "additionalProperties": false, "properties": { "id": { "type": "string" } } }, "name": { "const": "kafka-consume" }, "protocols": { "description": "A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.", "type": "array", "items": { "enum": [ "grpc", "grpcs", "http", "https", "ws", "wss" ], "type": "string" }, "format": "set", "default": [ "grpc", "grpcs", "http", "https", "ws", "wss" ] }, "route": { "description": "If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.", "type": "object", "additionalProperties": false, "properties": { "id": { "type": "string" } } } }, "required": [ "config" ] }