v1beta1

package
v0.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 17, 2023 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package v1beta1 contains API Schema definitions for the config v1beta1 API group +kubebuilder:object:generate=true +groupName=authorino.kuadrant.io

Index

Constants

View Source 
const (
	TypeUnknown                      = "UNKNOWN"
	IdentityOAuth2                   = "IDENTITY_OAUTH2"
	IdentityOidc                     = "IDENTITY_OIDC"
	IdentityApiKey                   = "IDENTITY_APIKEY"
	IdentityMTLS                     = "IDENTITY_MTLS"
	IdentityKubernetesAuth           = "IDENTITY_KUBERNETESAUTH"
	IdentityAnonymous                = "IDENTITY_ANONYMOUS"
	IdentityPlain                    = "IDENTITY_PLAIN"
	MetadataUma                      = "METADATA_UMA"
	MetadataGenericHTTP              = "METADATA_GENERIC_HTTP"
	MetadataUserinfo                 = "METADATA_USERINFO"
	AuthorizationOPA                 = "AUTHORIZATION_OPA"
	AuthorizationJSONPatternMatching = "AUTHORIZATION_JSON"
	AuthorizationKubernetesAuthz     = "AUTHORIZATION_KUBERNETESAUTHZ"
	AuthorizationAuthzed             = "AUTHORIZATION_AUTHZED"
	ResponseWristband                = "RESPONSE_WRISTBAND"
	ResponseDynamicJSON              = "RESPONSE_DYNAMIC_JSON"
	CallbackHTTP                     = "CALLBACK_HTTP"
	EvaluatorDefaultCacheTTL         = 60

	// Status conditions
	StatusConditionAvailable ConditionType = "Available"
	StatusConditionReady     ConditionType = "Ready"

	// Status reasons
	StatusReasonReconciling     string = "Reconciling"
	StatusReasonReconciled      string = "Reconciled"
	StatusReasonInvalidResource string = "Invalid"
	StatusReasonHostsLinked     string = "HostsLinked"
	StatusReasonHostsNotLinked  string = "HostsNotLinked"
	StatusReasonCachingError    string = "CachingError"
	StatusReasonUnknown         string = "Unknown"
)

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: "authorino.kuadrant.io", Version: "v1beta1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type AuthConfig added in v0.4.0 

type AuthConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   AuthConfigSpec   `json:"spec,omitempty"`
	Status AuthConfigStatus `json:"status,omitempty"`
}

AuthConfig is the schema for Authorino's AuthConfig API +kubebuilder:object:root=true +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.summary.ready`,description="Ready for all hosts" +kubebuilder:printcolumn:name="Hosts",type=string,JSONPath=`.status.summary.numHostsReady`,description="Number of hosts ready" +kubebuilder:printcolumn:name="Authentication",type=integer,JSONPath=`.status.summary.numIdentitySources`,description="Number of trusted identity sources",priority=2 +kubebuilder:printcolumn:name="Metadata",type=integer,JSONPath=`.status.summary.numMetadataSources`,description="Number of external metadata sources",priority=2 +kubebuilder:printcolumn:name="Authorization",type=integer,JSONPath=`.status.summary.numAuthorizationPolicies`,description="Number of authorization policies",priority=2 +kubebuilder:printcolumn:name="Response",type=integer,JSONPath=`.status.summary.numResponseItems`,description="Number of items added to the authorization response",priority=2 +kubebuilder:printcolumn:name="Wristband",type=boolean,JSONPath=`.status.summary.festivalWristbandEnabled`,description="Whether issuing Festival Wristbands",priority=2

func (*AuthConfig) DeepCopy added in v0.4.0 

func (in *AuthConfig) DeepCopy() *AuthConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthConfig.

func (*AuthConfig) DeepCopyInto added in v0.4.0 

func (in *AuthConfig) DeepCopyInto(out *AuthConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthConfig) DeepCopyObject added in v0.4.0 

func (in *AuthConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AuthConfigList added in v0.4.0 

type AuthConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           AuthConfigSlice `json:"items"`
}

AuthConfigList contains a list of AuthConfig

func (*AuthConfigList) DeepCopy added in v0.4.0 

func (in *AuthConfigList) DeepCopy() *AuthConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthConfigList.

func (*AuthConfigList) DeepCopyInto added in v0.4.0 

func (in *AuthConfigList) DeepCopyInto(out *AuthConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthConfigList) DeepCopyObject added in v0.4.0 

func (in *AuthConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AuthConfigSlice added in v0.10.0 

type AuthConfigSlice []AuthConfig

func (AuthConfigSlice) DeepCopy added in v0.10.0 

func (in AuthConfigSlice) DeepCopy() AuthConfigSlice

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthConfigSlice.

func (AuthConfigSlice) DeepCopyInto added in v0.10.0 

func (in AuthConfigSlice) DeepCopyInto(out *AuthConfigSlice)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (AuthConfigSlice) Len added in v0.10.0 

func (s AuthConfigSlice) Len() int

func (AuthConfigSlice) Less added in v0.10.0 

func (s AuthConfigSlice) Less(i, j int) bool

func (AuthConfigSlice) Swap added in v0.10.0 

func (s AuthConfigSlice) Swap(i, j int)

type AuthConfigSpec added in v0.4.0 

type AuthConfigSpec struct {

	// The list of public host names of the services protected by this authentication/authorization scheme.
	// Authorino uses the requested host to lookup for the corresponding authentication/authorization configs to enforce.
	Hosts []string `json:"hosts"`

	// Named sets of JSON patterns that can be referred in `when` conditionals and in JSON-pattern matching policy rules.
	Patterns map[string]JSONPatternExpressions `json:"patterns,omitempty"`

	// Conditions for the AuthConfig to be enforced.
	// If omitted, the AuthConfig will be enforced for all requests.
	// If present, all conditions must match for the AuthConfig to be enforced; otherwise, Authorino skips the AuthConfig and returns immediately with status OK.
	Conditions []JSONPattern `json:"when,omitempty"`

	// List of identity sources/authentication modes.
	// At least one config of this list MUST evaluate to a valid identity for a request to be successful in the identity verification phase.
	Identity []*Identity `json:"identity,omitempty"`

	// List of metadata source configs.
	// Authorino fetches JSON content from sources on this list on every request.
	Metadata []*Metadata `json:"metadata,omitempty"`

	// Authorization is the list of authorization policies.
	// All policies in this list MUST evaluate to "true" for a request be successful in the authorization phase.
	Authorization []*Authorization `json:"authorization,omitempty"`

	// List of response configs.
	// Authorino gathers data from the auth pipeline to build custom responses for the client.
	Response []*Response `json:"response,omitempty"`

	// List of callback configs.
	// Authorino sends callbacks to specified endpoints at the end of the auth pipeline.
	Callbacks []*Callback `json:"callbacks,omitempty"`

	// Custom denial response codes, statuses and headers to override default 40x's.
	DenyWith *DenyWith `json:"denyWith,omitempty"`
}

Specifies the desired state of the AuthConfig resource, i.e. the authencation/authorization scheme to be applied to protect the matching service hosts.

func (*AuthConfigSpec) DeepCopy added in v0.4.0 

func (in *AuthConfigSpec) DeepCopy() *AuthConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthConfigSpec.

func (*AuthConfigSpec) DeepCopyInto added in v0.4.0 

func (in *AuthConfigSpec) DeepCopyInto(out *AuthConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthConfigStatus added in v0.4.0 

type AuthConfigStatus struct {
	Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
	Summary    Summary     `json:"summary,omitempty"`
}

AuthConfigStatus defines the observed state of AuthConfig

func (*AuthConfigStatus) DeepCopy added in v0.4.0 

func (in *AuthConfigStatus) DeepCopy() *AuthConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthConfigStatus.

func (*AuthConfigStatus) DeepCopyInto added in v0.4.0 

func (in *AuthConfigStatus) DeepCopyInto(out *AuthConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthConfigStatus) Ready added in v0.4.0 

func (s *AuthConfigStatus) Ready() bool

type Authorization 

type Authorization struct {
	// Name of the authorization policy.
	// It can be used to refer to the resolved authorization object in other configs.
	Name string `json:"name"`

	// Priority group of the config.
	// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially.
	// +kubebuilder:default:=0
	Priority int `json:"priority,omitempty"`

	// Whether this authorization config should generate individual observability metrics
	// +kubebuilder:default:=false
	Metrics bool `json:"metrics,omitempty"`

	// Conditions for Authorino to enforce this authorization policy.
	// If omitted, the config will be enforced for all requests.
	// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped.
	Conditions []JSONPattern `json:"when,omitempty"`

	// Caching options for the policy evaluation results when enforcing this config.
	// Omit it to avoid caching policy evaluation results for this config.
	Cache *EvaluatorCaching `json:"cache,omitempty"`

	OPA             *Authorization_OPA                 `json:"opa,omitempty"`
	JSON            *Authorization_JSONPatternMatching `json:"json,omitempty"`
	KubernetesAuthz *Authorization_KubernetesAuthz     `json:"kubernetes,omitempty"`
	Authzed         *Authorization_Authzed             `json:"authzed,omitempty"`
}

Authorization policy to be enforced. Apart from "name", one of the following parameters is required and only one of the following parameters is allowed: "opa", "json" or "kubernetes".

func (*Authorization) DeepCopy 

func (in *Authorization) DeepCopy() *Authorization

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Authorization.

func (*Authorization) DeepCopyInto 

func (in *Authorization) DeepCopyInto(out *Authorization)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Authorization) GetType 

func (a *Authorization) GetType() string

type Authorization_Authzed added in v0.12.0 

type Authorization_Authzed struct {
	// Endpoint of the Authzed service.
	Endpoint string `json:"endpoint"`

	// Insecure HTTP connection (i.e. disables TLS verification)
	Insecure bool `json:"insecure,omitempty"`

	// Reference to a Secret key whose value will be used by Authorino to authenticate with the Authzed service.
	SharedSecret *SecretKeyReference `json:"sharedSecretRef,omitempty"`

	// The subject that will be checked for the permission or relation.
	Subject *AuthzedObject `json:"subject,omitempty"`
	// The resource on which to check the permission or relation.
	Resource *AuthzedObject `json:"resource,omitempty"`
	// The name of the permission (or relation) on which to execute the check.
	Permission StaticOrDynamicValue `json:"permission,omitempty"`
}

Authzed authorization

func (*Authorization_Authzed) DeepCopy added in v0.12.0 

func (in *Authorization_Authzed) DeepCopy() *Authorization_Authzed

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Authorization_Authzed.

func (*Authorization_Authzed) DeepCopyInto added in v0.12.0 

func (in *Authorization_Authzed) DeepCopyInto(out *Authorization_Authzed)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Authorization_JSONPatternMatching 

type Authorization_JSONPatternMatching struct {
	// The rules that must all evaluate to "true" for the request to be authorized.
	Rules []JSONPattern `json:"rules"`
}

JSON pattern matching authorization policy.

func (*Authorization_JSONPatternMatching) DeepCopy 

func (in *Authorization_JSONPatternMatching) DeepCopy() *Authorization_JSONPatternMatching

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Authorization_JSONPatternMatching.

func (*Authorization_JSONPatternMatching) DeepCopyInto 

func (in *Authorization_JSONPatternMatching) DeepCopyInto(out *Authorization_JSONPatternMatching)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Authorization_KubernetesAuthz added in v0.5.0 

type Authorization_KubernetesAuthz struct {
	// User to test for.
	// If without "Groups", then is it interpreted as "What if User were not a member of any groups"
	User StaticOrDynamicValue `json:"user"`

	// Groups to test for.
	Groups []string `json:"groups,omitempty"`

	// Use ResourceAttributes for checking permissions on Kubernetes resources
	// If omitted, it performs a non-resource `SubjectAccessReview`, with verb and path inferred from the request.
	ResourceAttributes *Authorization_KubernetesAuthz_ResourceAttributes `json:"resourceAttributes,omitempty"`
}

Kubernetes authorization policy based on `SubjectAccessReview` Path and Verb are inferred from the request.

func (*Authorization_KubernetesAuthz) DeepCopy added in v0.5.0 

func (in *Authorization_KubernetesAuthz) DeepCopy() *Authorization_KubernetesAuthz

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Authorization_KubernetesAuthz.

func (*Authorization_KubernetesAuthz) DeepCopyInto added in v0.5.0 

func (in *Authorization_KubernetesAuthz) DeepCopyInto(out *Authorization_KubernetesAuthz)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Authorization_KubernetesAuthz_ResourceAttributes added in v0.5.0 

type Authorization_KubernetesAuthz_ResourceAttributes struct {
	Namespace   StaticOrDynamicValue `json:"namespace,omitempty"`
	Group       StaticOrDynamicValue `json:"group,omitempty"`
	Resource    StaticOrDynamicValue `json:"resource,omitempty"`
	Name        StaticOrDynamicValue `json:"name,omitempty"`
	SubResource StaticOrDynamicValue `json:"subresource,omitempty"`
	Verb        StaticOrDynamicValue `json:"verb,omitempty"`
}

func (*Authorization_KubernetesAuthz_ResourceAttributes) DeepCopy added in v0.5.0 

func (in *Authorization_KubernetesAuthz_ResourceAttributes) DeepCopy() *Authorization_KubernetesAuthz_ResourceAttributes

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Authorization_KubernetesAuthz_ResourceAttributes.

func (*Authorization_KubernetesAuthz_ResourceAttributes) DeepCopyInto added in v0.5.0 

func (in *Authorization_KubernetesAuthz_ResourceAttributes) DeepCopyInto(out *Authorization_KubernetesAuthz_ResourceAttributes)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Authorization_OPA 

type Authorization_OPA struct {
	// Authorization policy as a Rego language document.
	// The Rego document must include the "allow" condition, set by Authorino to "false" by default (i.e. requests are unauthorized unless changed).
	// The Rego document must NOT include the "package" declaration in line 1.
	InlineRego string `json:"inlineRego,omitempty"`

	// External registry of OPA policies.
	ExternalRegistry ExternalRegistry `json:"externalRegistry,omitempty"`

	// Returns the value of all Rego rules in the virtual document. Values can be read in subsequent evaluators/phases of the Auth Pipeline.
	// Otherwise, only the default `allow` rule will be exposed.
	// Returning all Rego rules can affect performance of OPA policies during reconciliation (policy precompile) and at runtime.
	// +kubebuilder:default:=false
	AllValues bool `json:"allValues,omitempty"`
}

Open Policy Agent (OPA) authorization policy.

func (*Authorization_OPA) DeepCopy 

func (in *Authorization_OPA) DeepCopy() *Authorization_OPA

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Authorization_OPA.

func (*Authorization_OPA) DeepCopyInto 

func (in *Authorization_OPA) DeepCopyInto(out *Authorization_OPA)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthzedObject added in v0.12.0 

type AuthzedObject struct {
	Name StaticOrDynamicValue `json:"name,omitempty"`
	Kind StaticOrDynamicValue `json:"kind,omitempty"`
}

func (*AuthzedObject) DeepCopy added in v0.12.0 

func (in *AuthzedObject) DeepCopy() *AuthzedObject

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthzedObject.

func (*AuthzedObject) DeepCopyInto added in v0.12.0 

func (in *AuthzedObject) DeepCopyInto(out *AuthzedObject)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Callback added in v0.12.0 

type Callback struct {
	// Name of the callback.
	// It can be used to refer to the resolved callback response in other configs.
	Name string `json:"name"`

	// Priority group of the config.
	// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially.
	// +kubebuilder:default:=0
	Priority int `json:"priority,omitempty"`

	// Whether this callback config should generate individual observability metrics
	// +kubebuilder:default:=false
	Metrics bool `json:"metrics,omitempty"`

	// Conditions for Authorino to perform this callback.
	// If omitted, the callback will be attempted for all requests.
	// If present, all conditions must match for the callback to be attempted; otherwise, the callback will be skipped.
	Conditions []JSONPattern `json:"when,omitempty"`

	HTTP *Metadata_GenericHTTP `json:"http"` // make this 'omitempty' if other alternate methods are added
}

Endpoints to callback at the end of each auth pipeline.

func (*Callback) DeepCopy added in v0.12.0 

func (in *Callback) DeepCopy() *Callback

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Callback.

func (*Callback) DeepCopyInto added in v0.12.0 

func (in *Callback) DeepCopyInto(out *Callback)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Callback) GetType added in v0.12.0 

func (r *Callback) GetType() string

type Condition added in v0.10.0 

type Condition struct {
	// Type of condition
	Type ConditionType `json:"type"`

	// Status of the condition, one of True, False, Unknown.
	Status k8score.ConditionStatus `json:"status"`

	// Last time the condition transit from one status to another.
	// +optional
	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`

	// (brief) reason for the condition's last transition.
	// +optional
	Reason string `json:"reason,omitempty"`

	// Human readable message indicating details about last transition.
	// +optional
	Message string `json:"message,omitempty"`

	// Last time the condition was updated
	// +optional
	LastUpdatedTime *metav1.Time `json:"lastUpdatedTime,omitempty"`
}

func (*Condition) DeepCopy added in v0.10.0 

func (in *Condition) DeepCopy() *Condition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition.

func (*Condition) DeepCopyInto added in v0.10.0 

func (in *Condition) DeepCopyInto(out *Condition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ConditionType added in v0.10.0 

type ConditionType string

type Credentials 

type Credentials struct {
	// The location in the request where client credentials shall be passed on requests authenticating with this identity source/authentication mode.
	// +kubebuilder:default:=authorization_header
	In Credentials_In `json:"in,omitempty"`
	// Used in conjunction with the `in` parameter.
	// When used with `authorization_header`, the value is the prefix of the client credentials string, separated by a white-space, in the HTTP Authorization header (e.g. "Bearer", "Basic").
	// When used with `custom_header`, `query` or `cookie`, the value is the name of the HTTP header, query string parameter or cookie key, respectively.
	KeySelector string `json:"keySelector"`
}

func (*Credentials) DeepCopy 

func (in *Credentials) DeepCopy() *Credentials

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Credentials.

func (*Credentials) DeepCopyInto 

func (in *Credentials) DeepCopyInto(out *Credentials)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Credentials_In 

type Credentials_In string

+kubebuilder:validation:Enum:=authorization_header;custom_header;query;cookie

type DenyWith added in v0.5.0 

type DenyWith struct {
	// Denial status customization when the request is unauthenticated.
	Unauthenticated *DenyWithSpec `json:"unauthenticated,omitempty"`

	// Denial status customization when the request is unauthorized.
	Unauthorized *DenyWithSpec `json:"unauthorized,omitempty"`
}

func (*DenyWith) DeepCopy added in v0.5.0 

func (in *DenyWith) DeepCopy() *DenyWith

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DenyWith.

func (*DenyWith) DeepCopyInto added in v0.5.0 

func (in *DenyWith) DeepCopyInto(out *DenyWith)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DenyWithSpec added in v0.5.0 

type DenyWithSpec struct {
	// HTTP status code to override the default denial status code.
	Code DenyWith_Code `json:"code,omitempty"`

	// HTTP message to override the default denial message.
	Message *StaticOrDynamicValue `json:"message,omitempty"`

	// HTTP response headers to override the default denial headers.
	Headers []JsonProperty `json:"headers,omitempty"`

	// HTTP response body to override the default denial body.
	Body *StaticOrDynamicValue `json:"body,omitempty"`
}

func (*DenyWithSpec) DeepCopy added in v0.5.0 

func (in *DenyWithSpec) DeepCopy() *DenyWithSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DenyWithSpec.

func (*DenyWithSpec) DeepCopyInto added in v0.5.0 

func (in *DenyWithSpec) DeepCopyInto(out *DenyWithSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DenyWith_Code added in v0.5.0 

type DenyWith_Code int64

+kubebuilder:validation:Minimum:=300 +kubebuilder:validation:Maximum:=599

type EvaluatorCaching added in v0.8.0 

type EvaluatorCaching struct {
	// Key used to store the entry in the cache.
	// Cache entries from different metadata configs are stored and managed separately regardless of the key.
	Key StaticOrDynamicValue `json:"key"`
	// Duration (in seconds) of the external data in the cache before pulled again from the source.
	// +kubebuilder:default:=60
	TTL int `json:"ttl,omitempty"`
}

func (*EvaluatorCaching) DeepCopy added in v0.8.0 

func (in *EvaluatorCaching) DeepCopy() *EvaluatorCaching

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EvaluatorCaching.

func (*EvaluatorCaching) DeepCopyInto added in v0.8.0 

func (in *EvaluatorCaching) DeepCopyInto(out *EvaluatorCaching)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalRegistry added in v0.5.0 

type ExternalRegistry struct {
	// Endpoint of the HTTP external registry.
	// The endpoint must respond with either plain/text or application/json content-type.
	// In the latter case, the JSON returned in the body must include a path `result.raw`, where the raw Rego policy will be extracted from. This complies with the specification of the OPA REST API (https://www.openpolicyagent.org/docs/latest/rest-api/#get-a-policy).
	Endpoint string `json:"endpoint,omitempty"`

	// Reference to a Secret key whose value will be passed by Authorino in the request.
	// The HTTP service can use the shared secret to authenticate the origin of the request.
	SharedSecret *SecretKeyReference `json:"sharedSecretRef,omitempty"`

	// Defines where client credentials will be passed in the request to the service.
	// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value.
	Credentials Credentials `json:"credentials,omitempty"`

	// Duration (in seconds) of the external data in the cache before pulled again from the source.
	TTL int `json:"ttl,omitempty"`
}

ExternalRegistry specifies external source of data (i.e. OPA policy registry)

func (*ExternalRegistry) DeepCopy added in v0.5.0 

func (in *ExternalRegistry) DeepCopy() *ExternalRegistry

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalRegistry.

func (*ExternalRegistry) DeepCopyInto added in v0.5.0 

func (in *ExternalRegistry) DeepCopyInto(out *ExternalRegistry)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GenericHTTP_Method added in v0.2.0 

type GenericHTTP_Method string

+kubebuilder:validation:Enum:=GET;POST

type Identity 

type Identity struct {
	// The name of this identity source/authentication mode.
	// It usually identifies a source of identities or group of users/clients of the protected service.
	// It can be used to refer to the resolved identity object in other configs.
	Name string `json:"name"`

	// Priority group of the config.
	// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially.
	// +kubebuilder:default:=0
	Priority int `json:"priority,omitempty"`

	// Whether this identity config should generate individual observability metrics
	// +kubebuilder:default:=false
	Metrics bool `json:"metrics,omitempty"`

	// Conditions for Authorino to enforce this identity config.
	// If omitted, the config will be enforced for all requests.
	// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped.
	Conditions []JSONPattern `json:"when,omitempty"`

	// Caching options for the identity resolved when applying this config.
	// Omit it to avoid caching identity objects for this config.
	Cache *EvaluatorCaching `json:"cache,omitempty"`

	// Defines where client credentials are required to be passed in the request for this identity source/authentication mode.
	// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the credentials value (token, API key, etc).
	Credentials Credentials `json:"credentials,omitempty"`

	// Extends the resolved identity object with additional custom properties before appending to the authorization JSON.
	// It requires the resolved identity object to always be of the JSON type 'object'. Other JSON types (array, string, etc) will break.
	ExtendedProperties []JsonProperty `json:"extendedProperties,omitempty"`

	OAuth2         *Identity_OAuth2Config   `json:"oauth2,omitempty"`
	Oidc           *Identity_OidcConfig     `json:"oidc,omitempty"`
	APIKey         *Identity_APIKey         `json:"apiKey,omitempty"`
	MTLS           *Identity_MTLS           `json:"mtls,omitempty"`
	KubernetesAuth *Identity_KubernetesAuth `json:"kubernetes,omitempty"`
	Anonymous      *Identity_Anonymous      `json:"anonymous,omitempty"`
	Plain          *Identity_Plain          `json:"plain,omitempty"`
}

The identity source/authentication mode config. Apart from "name", one of the following parameters is required and only one of the following parameters is allowed: "oicd", "apiKey" or "kubernetes".

func (*Identity) DeepCopy 

func (in *Identity) DeepCopy() *Identity

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Identity.

func (*Identity) DeepCopyInto 

func (in *Identity) DeepCopyInto(out *Identity)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Identity) GetType 

func (i *Identity) GetType() string

type Identity_APIKey 

type Identity_APIKey struct {
	// Label selector used by Authorino to match secrets from the cluster storing valid credentials to authenticate to this service
	Selector *metav1.LabelSelector `json:"selector"`

	// Whether Authorino should look for API key secrets in all namespaces or only in the same namespace as the AuthConfig.
	// Enabling this option in namespaced Authorino instances has no effect.
	// +kubebuilder:default:=false
	AllNamespaces bool `json:"allNamespaces,omitempty"`
}

func (*Identity_APIKey) DeepCopy 

func (in *Identity_APIKey) DeepCopy() *Identity_APIKey

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Identity_APIKey.

func (*Identity_APIKey) DeepCopyInto 

func (in *Identity_APIKey) DeepCopyInto(out *Identity_APIKey)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Identity_Anonymous added in v0.8.0 

type Identity_Anonymous struct{}

func (*Identity_Anonymous) DeepCopy added in v0.8.0 

func (in *Identity_Anonymous) DeepCopy() *Identity_Anonymous

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Identity_Anonymous.

func (*Identity_Anonymous) DeepCopyInto added in v0.8.0 

func (in *Identity_Anonymous) DeepCopyInto(out *Identity_Anonymous)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Identity_KubernetesAuth 

type Identity_KubernetesAuth struct {
	// The list of audiences (scopes) that must be claimed in a Kubernetes authentication token supplied in the request, and reviewed by Authorino.
	// If omitted, Authorino will review tokens expecting the host name of the requested protected service amongst the audiences.
	Audiences []string `json:"audiences,omitempty"`
}

func (*Identity_KubernetesAuth) DeepCopy 

func (in *Identity_KubernetesAuth) DeepCopy() *Identity_KubernetesAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Identity_KubernetesAuth.

func (*Identity_KubernetesAuth) DeepCopyInto 

func (in *Identity_KubernetesAuth) DeepCopyInto(out *Identity_KubernetesAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Identity_MTLS added in v0.9.0 

type Identity_MTLS struct {
	// Label selector used by Authorino to match secrets from the cluster storing trusted CA certificates to validate clients trying to authenticate to this service
	Selector *metav1.LabelSelector `json:"selector"`

	// Whether Authorino should look for TLS secrets in all namespaces or only in the same namespace as the AuthConfig.
	// Enabling this option in namespaced Authorino instances has no effect.
	// +kubebuilder:default:=false
	AllNamespaces bool `json:"allNamespaces,omitempty"`
}

func (*Identity_MTLS) DeepCopy added in v0.9.0 

func (in *Identity_MTLS) DeepCopy() *Identity_MTLS

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Identity_MTLS.

func (*Identity_MTLS) DeepCopyInto added in v0.9.0 

func (in *Identity_MTLS) DeepCopyInto(out *Identity_MTLS)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Identity_OAuth2Config 

type Identity_OAuth2Config struct {
	// The full URL of the token introspection endpoint.
	TokenIntrospectionUrl string `json:"tokenIntrospectionUrl"`
	// The token type hint for the token introspection.
	// If omitted, it defaults to "access_token".
	TokenTypeHint string `json:"tokenTypeHint,omitempty"`

	// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the OAuth2 server.
	Credentials *k8score.LocalObjectReference `json:"credentialsRef"`
}

func (*Identity_OAuth2Config) DeepCopy 

func (in *Identity_OAuth2Config) DeepCopy() *Identity_OAuth2Config

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Identity_OAuth2Config.

func (*Identity_OAuth2Config) DeepCopyInto 

func (in *Identity_OAuth2Config) DeepCopyInto(out *Identity_OAuth2Config)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Identity_OidcConfig 

type Identity_OidcConfig struct {
	// Endpoint of the OIDC issuer.
	// Authorino will append to this value the well-known path to the OpenID Connect discovery endpoint (i.e. "/.well-known/openid-configuration"), used to automatically discover the OpenID Connect configuration, whose set of claims is expected to include (among others) the "jkws_uri" claim.
	// The value must coincide with the value of  the "iss" (issuer) claim of the discovered OpenID Connect configuration.
	Endpoint string `json:"endpoint"`
	// Decides how long to wait before refreshing the OIDC configuration (in seconds).
	TTL int `json:"ttl,omitempty"`
}

func (*Identity_OidcConfig) DeepCopy 

func (in *Identity_OidcConfig) DeepCopy() *Identity_OidcConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Identity_OidcConfig.

func (*Identity_OidcConfig) DeepCopyInto 

func (in *Identity_OidcConfig) DeepCopyInto(out *Identity_OidcConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Identity_Plain added in v0.9.0 

type Identity_Plain ValueFrom

func (*Identity_Plain) DeepCopy added in v0.9.0 

func (in *Identity_Plain) DeepCopy() *Identity_Plain

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Identity_Plain.

func (*Identity_Plain) DeepCopyInto added in v0.9.0 

func (in *Identity_Plain) DeepCopyInto(out *Identity_Plain)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JSONPattern added in v0.7.0 

type JSONPattern struct {
	JSONPatternRef        `json:",omitempty"`
	JSONPatternExpression `json:",omitempty"`
}

func (*JSONPattern) DeepCopy added in v0.7.0 

func (in *JSONPattern) DeepCopy() *JSONPattern

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JSONPattern.

func (*JSONPattern) DeepCopyInto added in v0.7.0 

func (in *JSONPattern) DeepCopyInto(out *JSONPattern)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JSONPatternExpression added in v0.7.0 

type JSONPatternExpression struct {
	// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson.
	// The value is used to fetch content from the input authorization JSON built by Authorino along the identity and metadata phases.
	Selector string `json:"selector,omitempty"`
	// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value".
	// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex)
	Operator JSONPatternOperator `json:"operator,omitempty"`
	// The value of reference for the comparison with the content fetched from the authorization JSON.
	// If used with the "matches" operator, the value must compile to a valid Golang regex.
	Value string `json:"value,omitempty"`
}

func (*JSONPatternExpression) DeepCopy added in v0.7.0 

func (in *JSONPatternExpression) DeepCopy() *JSONPatternExpression

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JSONPatternExpression.

func (*JSONPatternExpression) DeepCopyInto added in v0.7.0 

func (in *JSONPatternExpression) DeepCopyInto(out *JSONPatternExpression)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JSONPatternExpressions added in v0.7.0 

type JSONPatternExpressions []JSONPatternExpression

func (JSONPatternExpressions) DeepCopy added in v0.7.0 

func (in JSONPatternExpressions) DeepCopy() JSONPatternExpressions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JSONPatternExpressions.

func (JSONPatternExpressions) DeepCopyInto added in v0.7.0 

func (in JSONPatternExpressions) DeepCopyInto(out *JSONPatternExpressions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JSONPatternOperator added in v0.7.0 

type JSONPatternOperator string

+kubebuilder:validation:Enum:=eq;neq;incl;excl;matches

type JSONPatternRef added in v0.7.0 

type JSONPatternRef struct {
	// Name of a named pattern
	JSONPatternName string `json:"patternRef,omitempty"`
}

func (*JSONPatternRef) DeepCopy added in v0.7.0 

func (in *JSONPatternRef) DeepCopy() *JSONPatternRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JSONPatternRef.

func (*JSONPatternRef) DeepCopyInto added in v0.7.0 

func (in *JSONPatternRef) DeepCopyInto(out *JSONPatternRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JsonProperty added in v0.4.0 

type JsonProperty struct {
	// The name of the JSON property
	Name string `json:"name"`
	// Static value of the JSON property
	// +kubebuilder:validation:Schemaless
	// +kubebuilder:pruning:PreserveUnknownFields
	Value runtime.RawExtension `json:"value,omitempty"`
	// Dynamic value of the JSON property
	ValueFrom ValueFrom `json:"valueFrom,omitempty"`
}

func (*JsonProperty) DeepCopy added in v0.4.0 

func (in *JsonProperty) DeepCopy() *JsonProperty

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JsonProperty.

func (*JsonProperty) DeepCopyInto added in v0.4.0 

func (in *JsonProperty) DeepCopyInto(out *JsonProperty)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Metadata 

type Metadata struct {
	// The name of the metadata source.
	// It can be used to refer to the resolved metadata object in other configs.
	Name string `json:"name"`

	// Priority group of the config.
	// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially.
	// +kubebuilder:default:=0
	Priority int `json:"priority,omitempty"`

	// Whether this metadata config should generate individual observability metrics
	// +kubebuilder:default:=false
	Metrics bool `json:"metrics,omitempty"`

	// Conditions for Authorino to apply this metadata config.
	// If omitted, the config will be applied for all requests.
	// If present, all conditions must match for the config to be applied; otherwise, the config will be skipped.
	Conditions []JSONPattern `json:"when,omitempty"`

	// Caching options for the external metadata fetched when applying this config.
	// Omit it to avoid caching metadata from this source.
	Cache *EvaluatorCaching `json:"cache,omitempty"`

	UserInfo    *Metadata_UserInfo    `json:"userInfo,omitempty"`
	UMA         *Metadata_UMA         `json:"uma,omitempty"`
	GenericHTTP *Metadata_GenericHTTP `json:"http,omitempty"`
}

The metadata config. Apart from "name", one of the following parameters is required and only one of the following parameters is allowed: "http", userInfo" or "uma".

func (*Metadata) DeepCopy 

func (in *Metadata) DeepCopy() *Metadata

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Metadata.

func (*Metadata) DeepCopyInto 

func (in *Metadata) DeepCopyInto(out *Metadata)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Metadata) GetType 

func (m *Metadata) GetType() string

type Metadata_GenericHTTP added in v0.2.0 

type Metadata_GenericHTTP struct {
	// Endpoint of the HTTP service.
	// The endpoint accepts variable placeholders in the format "{selector}", where "selector" is any pattern supported
	// by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON.
	// E.g. https://ext-auth-server.io/metadata?p={context.request.http.path}
	Endpoint string `json:"endpoint"`

	// HTTP verb used in the request to the service. Accepted values: GET (default), POST.
	// When the request method is POST, the authorization JSON is passed in the body of the request.
	// +kubebuilder:default:=GET
	Method *GenericHTTP_Method `json:"method,omitempty"`

	// Raw body of the HTTP request.
	// Supersedes 'bodyParameters'; use either one or the other.
	// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used).
	Body *StaticOrDynamicValue `json:"body,omitempty"`

	// Custom parameters to encode in the body of the HTTP request.
	// Superseded by 'body'; use either one or the other.
	// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used).
	Parameters []JsonProperty `json:"bodyParameters,omitempty"`

	// Content-Type of the request body. Shapes how 'bodyParameters' are encoded.
	// Use it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'.
	// +kubebuilder:default:=application/x-www-form-urlencoded
	ContentType Metadata_GenericHTTP_ContentType `json:"contentType,omitempty"`

	// Custom headers in the HTTP request.
	Headers []JsonProperty `json:"headers,omitempty"`

	// Reference to a Secret key whose value will be passed by Authorino in the request.
	// The HTTP service can use the shared secret to authenticate the origin of the request.
	// Ignored if used together with oauth2.
	SharedSecret *SecretKeyReference `json:"sharedSecretRef,omitempty"`

	// Authentication with the HTTP service by OAuth2 Client Credentials grant.
	OAuth2 *OAuth2ClientAuthentication `json:"oauth2,omitempty"`

	// Defines where client credentials will be passed in the request to the service.
	// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value.
	Credentials Credentials `json:"credentials,omitempty"`
}

Generic HTTP interface to obtain authorization metadata from a HTTP service.

func (*Metadata_GenericHTTP) DeepCopy added in v0.2.0 

func (in *Metadata_GenericHTTP) DeepCopy() *Metadata_GenericHTTP

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Metadata_GenericHTTP.

func (*Metadata_GenericHTTP) DeepCopyInto added in v0.2.0 

func (in *Metadata_GenericHTTP) DeepCopyInto(out *Metadata_GenericHTTP)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Metadata_GenericHTTP_ContentType added in v0.5.0 

type Metadata_GenericHTTP_ContentType string

+kubebuilder:validation:Enum:=application/x-www-form-urlencoded;application/json

type Metadata_UMA 

type Metadata_UMA struct {
	// The endpoint of the UMA server.
	// The value must coincide with the "issuer" claim of the UMA config discovered from the well-known uma configuration endpoint.
	Endpoint string `json:"endpoint"`

	// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the resource registration API of the UMA server.
	Credentials *k8score.LocalObjectReference `json:"credentialsRef"`
}

User-Managed Access (UMA) source of resource data.

func (*Metadata_UMA) DeepCopy 

func (in *Metadata_UMA) DeepCopy() *Metadata_UMA

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Metadata_UMA.

func (*Metadata_UMA) DeepCopyInto 

func (in *Metadata_UMA) DeepCopyInto(out *Metadata_UMA)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Metadata_UserInfo 

type Metadata_UserInfo struct {
	// The name of an OIDC identity source included in the "identity" section and whose OpenID Connect configuration discovered includes the OIDC "userinfo_endpoint" claim.
	IdentitySource string `json:"identitySource"`
}

OpendID Connect UserInfo linked to an OIDC identity config of this same spec.

func (*Metadata_UserInfo) DeepCopy 

func (in *Metadata_UserInfo) DeepCopy() *Metadata_UserInfo

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Metadata_UserInfo.

func (*Metadata_UserInfo) DeepCopyInto 

func (in *Metadata_UserInfo) DeepCopyInto(out *Metadata_UserInfo)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OAuth2ClientAuthentication added in v0.12.0 

type OAuth2ClientAuthentication struct {
	// Token endpoint URL of the OAuth2 resource server.
	TokenUrl string `json:"tokenUrl"`
	// OAuth2 Client ID.
	ClientId string `json:"clientId"`
	// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret.
	ClientSecret SecretKeyReference `json:"clientSecretRef"`
	// Optional scopes for the client credentials grant, if supported by he OAuth2 server.
	Scopes []string `json:"scopes,omitempty"`
	// Optional extra parameters for the requests to the token URL.
	ExtraParams map[string]string `json:"extraParams,omitempty"`
	// Caches and reuses the token until expired.
	// Set it to false to force fetch the token at every authorization request regardless of expiration.
	// +kubebuilder:default:=true
	Cache *bool `json:"cache,omitempty"`
}

func (*OAuth2ClientAuthentication) DeepCopy added in v0.12.0 

func (in *OAuth2ClientAuthentication) DeepCopy() *OAuth2ClientAuthentication

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2ClientAuthentication.

func (*OAuth2ClientAuthentication) DeepCopyInto added in v0.12.0 

func (in *OAuth2ClientAuthentication) DeepCopyInto(out *OAuth2ClientAuthentication)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Response added in v0.4.0 

type Response struct {
	// Name of the custom response.
	// It can be used to refer to the resolved response object in other configs.
	Name string `json:"name"`

	// Priority group of the config.
	// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially.
	// +kubebuilder:default:=0
	Priority int `json:"priority,omitempty"`

	// Whether this response config should generate individual observability metrics
	// +kubebuilder:default:=false
	Metrics bool `json:"metrics,omitempty"`

	// Conditions for Authorino to enforce this custom response config.
	// If omitted, the config will be enforced for all requests.
	// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped.
	Conditions []JSONPattern `json:"when,omitempty"`

	// Caching options for dynamic responses built when applying this config.
	// Omit it to avoid caching dynamic responses for this config.
	Cache *EvaluatorCaching `json:"cache,omitempty"`

	// How Authorino wraps the response.
	// Use "httpHeader" (default) to wrap the response in an HTTP header; or "envoyDynamicMetadata" to wrap the response as Envoy Dynamic Metadata
	// +kubebuilder:default:=httpHeader
	Wrapper Response_Wrapper `json:"wrapper,omitempty"`
	// The name of key used in the wrapped response (name of the HTTP header or property of the Envoy Dynamic Metadata JSON).
	// If omitted, it will be set to the name of the configuration.
	WrapperKey string `json:"wrapperKey,omitempty"`

	Wristband *Response_Wristband   `json:"wristband,omitempty"`
	JSON      *Response_DynamicJSON `json:"json,omitempty"`
}

Dynamic response to return to the client. Apart from "name", one of the following parameters is required and only one of the following parameters is allowed: "wristband" or "json".

func (*Response) DeepCopy added in v0.4.0 

func (in *Response) DeepCopy() *Response

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Response.

func (*Response) DeepCopyInto added in v0.4.0 

func (in *Response) DeepCopyInto(out *Response)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Response) GetType added in v0.4.0 

func (r *Response) GetType() string

type Response_DynamicJSON added in v0.4.0 

type Response_DynamicJSON struct {
	// List of JSON property-value pairs to be added to the dynamic response.
	Properties []JsonProperty `json:"properties"`
}

func (*Response_DynamicJSON) DeepCopy added in v0.4.0 

func (in *Response_DynamicJSON) DeepCopy() *Response_DynamicJSON

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Response_DynamicJSON.

func (*Response_DynamicJSON) DeepCopyInto added in v0.4.0 

func (in *Response_DynamicJSON) DeepCopyInto(out *Response_DynamicJSON)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Response_Wrapper added in v0.4.0 

type Response_Wrapper string

+kubebuilder:validation:Enum:=httpHeader;envoyDynamicMetadata

type Response_Wristband added in v0.4.0 

type Response_Wristband struct {
	// The endpoint to the Authorino service that issues the wristband (format: <scheme>://<host>:<port>/<realm>, where <realm> = <namespace>/<authorino-auth-config-resource-name/wristband-config-name)
	Issuer string `json:"issuer"`
	// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default.
	CustomClaims []JsonProperty `json:"customClaims,omitempty"`
	// Time span of the wristband token, in seconds.
	TokenDuration *int64 `json:"tokenDuration,omitempty"`
	// Reference by name to Kubernetes secrets and corresponding signing algorithms.
	// The secrets must contain a `key.pem` entry whose value is the signing key formatted as PEM.
	SigningKeyRefs []*SigningKeyRef `json:"signingKeyRefs"`
}

func (*Response_Wristband) DeepCopy added in v0.4.0 

func (in *Response_Wristband) DeepCopy() *Response_Wristband

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Response_Wristband.

func (*Response_Wristband) DeepCopyInto added in v0.4.0 

func (in *Response_Wristband) DeepCopyInto(out *Response_Wristband)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretKeyReference added in v0.2.0 

type SecretKeyReference struct {
	// The name of the secret in the Authorino's namespace to select from.
	Name string `json:"name"`

	// The key of the secret to select from.  Must be a valid secret key.
	Key string `json:"key"`
}

SecretKeyReference selects a key of a Secret.

func (*SecretKeyReference) DeepCopy added in v0.2.0 

func (in *SecretKeyReference) DeepCopy() *SecretKeyReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeyReference.

func (*SecretKeyReference) DeepCopyInto added in v0.2.0 

func (in *SecretKeyReference) DeepCopyInto(out *SecretKeyReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SigningKeyAlgorithm added in v0.2.0 

type SigningKeyAlgorithm string

+kubebuilder:validation:Enum:=ES256;ES384;ES512;RS256;RS384;RS512

type SigningKeyRef added in v0.2.0 

type SigningKeyRef struct {
	// Name of the signing key.
	// The value is used to reference the Kubernetes secret that stores the key and in the `kid` claim of the wristband token header.
	Name string `json:"name"`

	// Algorithm to sign the wristband token using the signing key provided
	Algorithm SigningKeyAlgorithm `json:"algorithm"`
}

func (*SigningKeyRef) DeepCopy added in v0.2.0 

func (in *SigningKeyRef) DeepCopy() *SigningKeyRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SigningKeyRef.

func (*SigningKeyRef) DeepCopyInto added in v0.2.0 

func (in *SigningKeyRef) DeepCopyInto(out *SigningKeyRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type StaticOrDynamicValue added in v0.8.0 

type StaticOrDynamicValue struct {
	// Static value
	Value string `json:"value,omitempty"`
	// Dynamic value
	ValueFrom ValueFrom `json:"valueFrom,omitempty"`
}

StaticOrDynamicValue is either a constant static string value or a config for fetching a value from a dynamic source (e.g. a path pattern of authorization JSON)

func (*StaticOrDynamicValue) DeepCopy added in v0.8.0 

func (in *StaticOrDynamicValue) DeepCopy() *StaticOrDynamicValue

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StaticOrDynamicValue.

func (*StaticOrDynamicValue) DeepCopyInto added in v0.8.0 

func (in *StaticOrDynamicValue) DeepCopyInto(out *StaticOrDynamicValue)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Summary added in v0.10.0 

type Summary struct {
	// Whether all hosts from spec.hosts have been linked to the resource in the index
	Ready bool `json:"ready"`

	// Lists the hosts from spec.hosts linked to the resource in the index
	HostsReady []string `json:"hostsReady"`

	// Number of hosts from spec.hosts linked to the resource in the index, compared to the total number of hosts in spec.hosts
	NumHostsReady string `json:"numHostsReady"`

	// Number of trusted sources of identity for authentication in the AuthConfig
	NumIdentitySources int64 `json:"numIdentitySources"`

	// Number of sources of external metadata in the AuthConfig
	NumMetadataSources int64 `json:"numMetadataSources"`

	// Number of authorization policies in the AuthConfig
	NumAuthorizationPolicies int64 `json:"numAuthorizationPolicies"`

	// Number of custom authorization response items in the AuthConfig
	NumResponseItems int64 `json:"numResponseItems"`

	// Indicator of whether the AuthConfig issues Festival Wristband tokens on successful evaluation of the AuthConfig (access granted)
	FestivalWristbandEnabled bool `json:"festivalWristbandEnabled"`
}

func (*Summary) DeepCopy added in v0.10.0 

func (in *Summary) DeepCopy() *Summary

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Summary.

func (*Summary) DeepCopyInto added in v0.10.0 

func (in *Summary) DeepCopyInto(out *Summary)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ValueFrom added in v0.8.0 

type ValueFrom struct {
	// Selector to fetch a value from the authorization JSON.
	// It can be any path pattern to fetch from the authorization JSON (e.g. 'context.request.http.host')
	// or a string template with variable placeholders that resolve to patterns (e.g. "Hello, {auth.identity.name}!").
	// Any patterns supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.
	// The following string modifiers are available: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip.
	AuthJSON string `json:"authJSON,omitempty"`
}

func (*ValueFrom) DeepCopy added in v0.8.0 

func (in *ValueFrom) DeepCopy() *ValueFrom

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValueFrom.

func (*ValueFrom) DeepCopyInto added in v0.8.0 

func (in *ValueFrom) DeepCopyInto(out *ValueFrom)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.