Download Schemas for 3.12.x

data/priorities/ee/3.12.x.json

@@ -23,6 +23,7 @@
   "openid-connect": 1050,
   "hmac-auth": 1030,
   "jwt-signer": 1020,
+  "ai-mcp-oauth2": 1015,
   "saml": 1010,
   "header-cert-auth": 1009,
   "json-threat-protection": 1009,
@@ -47,14 +48,15 @@
   "response-ratelimiting": 900,
   "route-by-header": 850,
   "oas-validation": 840,
+  "ai-mcp-proxy": 820,
   "request-callout": 812,
   "jq": 811,
   "datakit": 810,
   "request-transformer-advanced": 802,
   "request-transformer": 801,
   "response-transformer": 800,
   "response-transformer-advanced": 800,
-  "ai-gcp-model-armor": 782,
+  "ai-gcp-model-armor": 783,
   "ai-semantic-response-guard": 782,
   "ai-aws-guardrails": 781,
   "route-transformer-advanced": 780,
@@ -73,7 +75,6 @@
   "ai-response-transformer": 768,
   "ai-llm-as-judge": 767,
   "ai-semantic-cache": 765,
-  "ai-mcp-proxy": 764,
   "standard-webhooks": 760,
   "upstream-oauth": 760,
   "solace-consume": 756,

data/referenceable_fields/3.12.x.json

@@ -31,6 +31,11 @@
     "config.llm.auth.aws_access_key_id",
     "config.llm.auth.aws_secret_access_key"
   ],
+  "ai-mcp-oauth2": [
+    "config.client_id",
+    "config.client_secret",
+    "config.client_jwk"
+  ],
   "ai-proxy": [
     "config.auth.header_name",
     "config.auth.header_value",
@@ -185,6 +190,12 @@
   "confluent": [
     "config.schema_registry.confluent.authentication.basic.username",
     "config.schema_registry.confluent.authentication.basic.password",
+    "config.schema_registry.confluent.authentication.oauth2.token_headers",
+    "config.schema_registry.confluent.authentication.oauth2.token_post_args",
+    "config.schema_registry.confluent.authentication.oauth2.client_id",
+    "config.schema_registry.confluent.authentication.oauth2.client_secret",
+    "config.schema_registry.confluent.authentication.oauth2.username",
+    "config.schema_registry.confluent.authentication.oauth2.password",
     "config.cluster_api_key",
     "config.cluster_api_secret",
     "config.confluent_cloud_api_key",
@@ -193,8 +204,20 @@
   "confluent-consume": [
     "config.topics.schema_registry.confluent.authentication.basic.username",
     "config.topics.schema_registry.confluent.authentication.basic.password",
+    "config.topics.schema_registry.confluent.authentication.oauth2.token_headers",
+    "config.topics.schema_registry.confluent.authentication.oauth2.token_post_args",
+    "config.topics.schema_registry.confluent.authentication.oauth2.client_id",
+    "config.topics.schema_registry.confluent.authentication.oauth2.client_secret",
+    "config.topics.schema_registry.confluent.authentication.oauth2.username",
+    "config.topics.schema_registry.confluent.authentication.oauth2.password",
     "config.schema_registry.confluent.authentication.basic.username",
     "config.schema_registry.confluent.authentication.basic.password",
+    "config.schema_registry.confluent.authentication.oauth2.token_headers",
+    "config.schema_registry.confluent.authentication.oauth2.token_post_args",
+    "config.schema_registry.confluent.authentication.oauth2.client_id",
+    "config.schema_registry.confluent.authentication.oauth2.client_secret",
+    "config.schema_registry.confluent.authentication.oauth2.username",
+    "config.schema_registry.confluent.authentication.oauth2.password",
     "config.cluster_api_key",
     "config.cluster_api_secret",
     "config.confluent_cloud_api_key",
@@ -204,6 +227,10 @@
     "config.host"
   ],
   "datakit": [
+    "config.resources.cache.redis.username",
+    "config.resources.cache.redis.password",
+    "config.resources.cache.redis.sentinel_username",
+    "config.resources.cache.redis.sentinel_password",
     "config.resources.vault"
   ],
   "forward-proxy": [
@@ -239,20 +266,44 @@
   "kafka-consume": [
     "config.topics.schema_registry.confluent.authentication.basic.username",
     "config.topics.schema_registry.confluent.authentication.basic.password",
+    "config.topics.schema_registry.confluent.authentication.oauth2.token_headers",
+    "config.topics.schema_registry.confluent.authentication.oauth2.token_post_args",
+    "config.topics.schema_registry.confluent.authentication.oauth2.client_id",
+    "config.topics.schema_registry.confluent.authentication.oauth2.client_secret",
+    "config.topics.schema_registry.confluent.authentication.oauth2.username",
+    "config.topics.schema_registry.confluent.authentication.oauth2.password",
     "config.schema_registry.confluent.authentication.basic.username",
     "config.schema_registry.confluent.authentication.basic.password",
+    "config.schema_registry.confluent.authentication.oauth2.token_headers",
+    "config.schema_registry.confluent.authentication.oauth2.token_post_args",
+    "config.schema_registry.confluent.authentication.oauth2.client_id",
+    "config.schema_registry.confluent.authentication.oauth2.client_secret",
+    "config.schema_registry.confluent.authentication.oauth2.username",
+    "config.schema_registry.confluent.authentication.oauth2.password",
     "config.authentication.user",
     "config.authentication.password"
   ],
   "kafka-log": [
     "config.authentication.user",
     "config.authentication.password",
     "config.schema_registry.confluent.authentication.basic.username",
-    "config.schema_registry.confluent.authentication.basic.password"
+    "config.schema_registry.confluent.authentication.basic.password",
+    "config.schema_registry.confluent.authentication.oauth2.token_headers",
+    "config.schema_registry.confluent.authentication.oauth2.token_post_args",
+    "config.schema_registry.confluent.authentication.oauth2.client_id",
+    "config.schema_registry.confluent.authentication.oauth2.client_secret",
+    "config.schema_registry.confluent.authentication.oauth2.username",
+    "config.schema_registry.confluent.authentication.oauth2.password"
   ],
   "kafka-upstream": [
     "config.schema_registry.confluent.authentication.basic.username",
     "config.schema_registry.confluent.authentication.basic.password",
+    "config.schema_registry.confluent.authentication.oauth2.token_headers",
+    "config.schema_registry.confluent.authentication.oauth2.token_post_args",
+    "config.schema_registry.confluent.authentication.oauth2.client_id",
+    "config.schema_registry.confluent.authentication.oauth2.client_secret",
+    "config.schema_registry.confluent.authentication.oauth2.username",
+    "config.schema_registry.confluent.authentication.oauth2.password",
     "config.authentication.user",
     "config.authentication.password"
   ],

json_schemas/acme/3.12.json

@@ -3,7 +3,7 @@
     "config": {
       "properties": {
         "account_email": {
-          "description": "The account identifier. Can be reused in a different plugin instance.\nThis field is [encrypted](/gateway/keyring/).\nThis field is [referenceable](/gateway/entities/vault/#how-do-i-reference-secrets-stored-in-a-vault).",
+          "description": "The account identifier. Can be reused in a different plugin instance.\nThis field is [referenceable](/gateway/entities/vault/#how-do-i-reference-secrets-stored-in-a-vault).\nThis field is [encrypted](/gateway/keyring/).",
           "type": "string"
         },
         "account_key": {
@@ -50,11 +50,11 @@
           "type": "array"
         },
         "eab_hmac_key": {
-          "description": "External account binding (EAB) base64-encoded URL string of the HMAC key. You usually don't need to set this unless it is explicitly required by the CA.\nThis field is [encrypted](/gateway/keyring/).\nThis field is [referenceable](/gateway/entities/vault/#how-do-i-reference-secrets-stored-in-a-vault).",
+          "description": "External account binding (EAB) base64-encoded URL string of the HMAC key. You usually don't need to set this unless it is explicitly required by the CA.\nThis field is [referenceable](/gateway/entities/vault/#how-do-i-reference-secrets-stored-in-a-vault).\nThis field is [encrypted](/gateway/keyring/).",
           "type": "string"
         },
         "eab_kid": {
-          "description": "External account binding (EAB) key id. You usually don't need to set this unless it is explicitly required by the CA.\nThis field is [encrypted](/gateway/keyring/).\nThis field is [referenceable](/gateway/entities/vault/#how-do-i-reference-secrets-stored-in-a-vault).",
+          "description": "External account binding (EAB) key id. You usually don't need to set this unless it is explicitly required by the CA.\nThis field is [referenceable](/gateway/entities/vault/#how-do-i-reference-secrets-stored-in-a-vault).\nThis field is [encrypted](/gateway/keyring/).",
           "type": "string"
         },
         "enable_ipv4_common_name": {

json_schemas/ai-gcp-model-armor/3.12.json

@@ -8,7 +8,7 @@
           "type": "boolean"
         },
         "gcp_service_account_json": {
-          "description": "Set this field to the full JSON of the GCP service account to authenticate, if required. If null (and gcp_use_service_account is true), Kong will attempt to read from environment variable `GCP_SERVICE_ACCOUNT` or from the instance/container metadata service.\nThis field is [encrypted](/gateway/keyring/).\nThis field is [referenceable](/gateway/entities/vault/#how-do-i-reference-secrets-stored-in-a-vault).",
+          "description": "Set this field to the full JSON of the GCP service account to authenticate, if required. If null (and gcp_use_service_account is true), Kong will attempt to read from environment variable `GCP_SERVICE_ACCOUNT` or from the instance/container metadata service.\nThis field is [referenceable](/gateway/entities/vault/#how-do-i-reference-secrets-stored-in-a-vault).\nThis field is [encrypted](/gateway/keyring/).",
           "type": "string"
         },
         "gcp_use_service_account": {