Synadia Protect
Payload
Evaluate messages based on payload content. Maps subject patterns to regex patterns for payload validation. Subject patterns must not overlap.
Type: message
Variants:
| Action | ID |
|---|---|
| allow | com.synadia.protect.builtins.v1.allow.payload.message |
| deny | com.synadia.protect.builtins.v1.deny.payload.message |
Configuration
A map of NATS subject patterns to regex patterns:
activations:
com.synadia.protect.builtins.v1.deny.payload.message: true
configurations:
com.synadia.protect.builtins.v1.deny.payload.message:
'logs.>': '(?i)password|secret|api_key' # block sensitive data in logs
'public.*': "\\$\\{.*\\}" # block variable interpolation
The allow variant works the same way -- messages are allowed only if the payload matches:
activations:
com.synadia.protect.builtins.v1.allow.payload.message: true
configurations:
com.synadia.protect.builtins.v1.allow.payload.message:
'orders.*': "^\\d+$" # orders must have numeric payload
'users.>': "^\\{.*\\}$" # users must be JSON
'events.audit': '*' # audit events allow any payload
Schema
{
"type": "object",
"additionalProperties": {
"type": "string",
"format": "regex"
},
"propertyNames": {
"type": "string",
"format": "nats-subject",
"minLength": 1
},
"minProperties": 1
}