Documentation
¶
Overview ¶
Package v1beta1 contains API Schema definitions for the gateway v1beta1 API group +kubebuilder:object:generate=true +groupName=gateway.kyma-project.io
Index ¶
- Constants
- Variables
- func ConvertHttpMethodsToStrings(methods []HttpMethod) []string
- type APIRule
- type APIRuleList
- type APIRuleResourceStatus
- type APIRuleSpec
- type APIRuleStatus
- type Authenticator
- type CookieMutatorConfig
- type CorsPolicy
- type Handler
- type HeaderMutatorConfig
- type HttpMethod
- type JwtAuthentication
- type JwtAuthorization
- type JwtConfig
- type JwtHeader
- type Mutator
- type Rule
- func (r *Rule) ContainsAccessStrategy(strategy string) bool
- func (in *Rule) DeepCopy() *Rule
- func (in *Rule) DeepCopyInto(out *Rule)
- func (r *Rule) GetCookieMutator() (CookieMutatorConfig, error)
- func (r *Rule) GetHeaderMutator() (HeaderMutatorConfig, error)
- func (r *Rule) GetJwtIstioAuthorizations() []*JwtAuthorization
- type Service
- type StatusCode
- type StringMatch
- type Timeout
Constants ¶
const ( Regex = "regex" Exact = "exact" Prefix = "prefix" )
const ( CookieMutator = "cookie" HeaderMutator = "header" )
const ( AccessStrategyAllow string = "allow" AccessStrategyNoAuth string = "no_auth" AccessStrategyJwt string = "jwt" AccessStrategyNoop string = "noop" AccessStrategyAnonymous string = "anonymous" AccessStrategyCookieSession string = "cookie_session" AccessStrategyOauth2ClientCredentials string = "oauth2_client_credentials" AccessStrategyOauth2Introspection string = "oauth2_introspection" )
Variables ¶
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: "gateway.kyma-project.io", Version: "v1beta1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
func ConvertHttpMethodsToStrings ¶
func ConvertHttpMethodsToStrings(methods []HttpMethod) []string
Types ¶
type APIRule ¶
type APIRule struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec APIRuleSpec `json:"spec,omitempty"`
Status APIRuleStatus `json:"status,omitempty"`
}
APIRule is the Schema for ApiRule APIs. +kubebuilder:storageversion +kubebuilder:object:root=true +kubebuilder:resource:categories={kyma-api-gateway} +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.APIRuleStatus.code" +kubebuilder:printcolumn:name="Host",type="string",JSONPath=".spec.host"
func (*APIRule) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIRule.
func (*APIRule) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*APIRule) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type APIRuleList ¶
type APIRuleList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []APIRule `json:"items"`
}
APIRuleList contains a list of ApiRule
func (*APIRuleList) DeepCopy ¶
func (in *APIRuleList) DeepCopy() *APIRuleList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIRuleList.
func (*APIRuleList) DeepCopyInto ¶
func (in *APIRuleList) DeepCopyInto(out *APIRuleList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*APIRuleList) DeepCopyObject ¶
func (in *APIRuleList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type APIRuleResourceStatus ¶
type APIRuleResourceStatus struct {
Code StatusCode `json:"code,omitempty"`
Description string `json:"desc,omitempty"`
}
Describes the status of APIRule.
func (*APIRuleResourceStatus) DeepCopy ¶
func (in *APIRuleResourceStatus) DeepCopy() *APIRuleResourceStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIRuleResourceStatus.
func (*APIRuleResourceStatus) DeepCopyInto ¶
func (in *APIRuleResourceStatus) DeepCopyInto(out *APIRuleResourceStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type APIRuleSpec ¶
type APIRuleSpec struct {
// Specifies the URL of the exposed service.
// +kubebuilder:validation:MinLength=3
// +kubebuilder:validation:MaxLength=256
// +kubebuilder:validation:Pattern=^([a-zA-Z0-9][a-zA-Z0-9-_]*\.)*[a-zA-Z0-9]*[a-zA-Z0-9-_]*[[a-zA-Z0-9]+$
Host *string `json:"host"`
// Describes the service to expose.
// +optional
Service *Service `json:"service,omitempty"`
// Specifies the Istio Gateway to be used.
// +kubebuilder:validation:Pattern=`^[0-9a-z-_]+(\/[0-9a-z-_]+|(\.[0-9a-z-_]+)*)$`
Gateway *string `json:"gateway"`
// Specifies CORS headers configuration that will be sent downstream
// +optional
CorsPolicy *CorsPolicy `json:"corsPolicy,omitempty"`
// Represents the array of Oathkeeper access rules to be applied.
// +kubebuilder:validation:MinItems=1
Rules []Rule `json:"rules"`
// +optional
Timeout *Timeout `json:"timeout,omitempty"`
}
Defines the desired state of ApiRule.
func (*APIRuleSpec) DeepCopy ¶
func (in *APIRuleSpec) DeepCopy() *APIRuleSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIRuleSpec.
func (*APIRuleSpec) DeepCopyInto ¶
func (in *APIRuleSpec) DeepCopyInto(out *APIRuleSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type APIRuleStatus ¶
type APIRuleStatus struct {
LastProcessedTime metav1.Time `json:"lastProcessedTime,omitempty"`
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
APIRuleStatus *APIRuleResourceStatus `json:"APIRuleStatus,omitempty"`
VirtualServiceStatus *APIRuleResourceStatus `json:"virtualServiceStatus,omitempty"`
// +optional
AccessRuleStatus *APIRuleResourceStatus `json:"accessRuleStatus,omitempty"`
// +optional
RequestAuthenticationStatus *APIRuleResourceStatus `json:"requestAuthenticationStatus,omitempty"`
// +optional
AuthorizationPolicyStatus *APIRuleResourceStatus `json:"authorizationPolicyStatus,omitempty"`
}
Describes the observed state of ApiRule.
func (*APIRuleStatus) ApiRuleStatusVersion ¶
func (s *APIRuleStatus) ApiRuleStatusVersion() versions.Version
func (*APIRuleStatus) DeepCopy ¶
func (in *APIRuleStatus) DeepCopy() *APIRuleStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIRuleStatus.
func (*APIRuleStatus) DeepCopyInto ¶
func (in *APIRuleStatus) DeepCopyInto(out *APIRuleStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Authenticator ¶
type Authenticator struct {
*Handler `json:",inline"`
}
Represents a handler that authenticates provided credentials. See the corresponding type in the oathkeeper-maester project.
func (*Authenticator) DeepCopy ¶
func (in *Authenticator) DeepCopy() *Authenticator
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Authenticator.
func (*Authenticator) DeepCopyInto ¶
func (in *Authenticator) DeepCopyInto(out *Authenticator)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CookieMutatorConfig ¶
func (*CookieMutatorConfig) DeepCopy ¶
func (in *CookieMutatorConfig) DeepCopy() *CookieMutatorConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CookieMutatorConfig.
func (*CookieMutatorConfig) DeepCopyInto ¶
func (in *CookieMutatorConfig) DeepCopyInto(out *CookieMutatorConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CookieMutatorConfig) HasCookies ¶
func (c *CookieMutatorConfig) HasCookies() bool
func (*CookieMutatorConfig) ToString ¶
func (c *CookieMutatorConfig) ToString() string
type CorsPolicy ¶
type CorsPolicy struct {
AllowHeaders []string `json:"allowHeaders,omitempty"`
AllowMethods []string `json:"allowMethods,omitempty"`
AllowOrigins StringMatch `json:"allowOrigins,omitempty"`
AllowCredentials *bool `json:"allowCredentials,omitempty"`
ExposeHeaders []string `json:"exposeHeaders,omitempty"`
// +kubebuilder:validation:Format=duration
MaxAge *metav1.Duration `json:"maxAge,omitempty"`
}
CorsPolicy allows configuration of CORS headers received downstream. If this is not defined, the default values are applied. If CorsPolicy is configured, CORS headers received downstream will be only those defined on the APIRule
func (*CorsPolicy) DeepCopy ¶
func (in *CorsPolicy) DeepCopy() *CorsPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CorsPolicy.
func (*CorsPolicy) DeepCopyInto ¶
func (in *CorsPolicy) DeepCopyInto(out *CorsPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Handler ¶
type Handler struct {
// Specifies the name of the handler.
Name string `json:"handler"`
// Configures the handler. Configuration keys vary per handler.
// +kubebuilder:validation:Type=object
// +kubebuilder:pruning:PreserveUnknownFields
Config *runtime.RawExtension `json:"config,omitempty"`
}
Handler provides configuration for different Oathkeeper objects. It is used to either validate a request (Authenticator, Authorizer) or modify it (Mutator). See the corresponding type in the oathkeeper-maester project.
func (*Handler) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Handler.
func (*Handler) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HeaderMutatorConfig ¶
func (*HeaderMutatorConfig) DeepCopy ¶
func (in *HeaderMutatorConfig) DeepCopy() *HeaderMutatorConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderMutatorConfig.
func (*HeaderMutatorConfig) DeepCopyInto ¶
func (in *HeaderMutatorConfig) DeepCopyInto(out *HeaderMutatorConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*HeaderMutatorConfig) HasHeaders ¶
func (h *HeaderMutatorConfig) HasHeaders() bool
type HttpMethod ¶
type HttpMethod string
HttpMethod specifies the HTTP request method. The list of supported methods is defined in RFC 9910: HTTP Semantics and RFC 5789: PATCH Method for HTTP. +kubebuilder:validation:Enum=GET;HEAD;POST;PUT;DELETE;CONNECT;OPTIONS;TRACE;PATCH
type JwtAuthentication ¶
type JwtAuthentication struct {
Issuer string `json:"issuer"`
JwksUri string `json:"jwksUri"`
// +optional
FromHeaders []*JwtHeader `json:"fromHeaders,omitempty"`
// +optional
FromParams []string `json:"fromParams,omitempty"`
}
JwtAuthentication Config for Jwt Istio authentication
func (*JwtAuthentication) DeepCopy ¶
func (in *JwtAuthentication) DeepCopy() *JwtAuthentication
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JwtAuthentication.
func (*JwtAuthentication) DeepCopyInto ¶
func (in *JwtAuthentication) DeepCopyInto(out *JwtAuthentication)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type JwtAuthorization ¶
type JwtAuthorization struct {
RequiredScopes []string `json:"requiredScopes"`
Audiences []string `json:"audiences"`
}
JwtAuthorization contains an array of required scopes
func (*JwtAuthorization) DeepCopy ¶
func (in *JwtAuthorization) DeepCopy() *JwtAuthorization
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JwtAuthorization.
func (*JwtAuthorization) DeepCopyInto ¶
func (in *JwtAuthorization) DeepCopyInto(out *JwtAuthorization)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*JwtAuthorization) HasRequiredScopes ¶
func (a *JwtAuthorization) HasRequiredScopes() bool
type JwtConfig ¶
type JwtConfig struct {
Authentications []*JwtAuthentication `json:"authentications,omitempty"`
Authorizations []*JwtAuthorization `json:"authorizations,omitempty"`
}
JwtConfig is an array of JwtAuthorization type used by raw field Config of Istio jwt Handler +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*JwtConfig) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JwtConfig.
func (*JwtConfig) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*JwtConfig) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*JwtConfig) GetObjectKind ¶
func (j *JwtConfig) GetObjectKind() schema.ObjectKind
type JwtHeader ¶
type JwtHeader struct {
Name string `json:"name"`
// +optional
Prefix string `json:"prefix,omitempty"`
}
JwtHeader for specifying from header for the Jwt token
func (*JwtHeader) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JwtHeader.
func (*JwtHeader) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Mutator ¶
type Mutator struct {
*Handler `json:",inline"`
}
Mutator represents a handler that transforms the HTTP request before forwarding it. See the corresponding in the oathkeeper-maester project.
func (*Mutator) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Mutator.
func (*Mutator) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Rule ¶
type Rule struct {
// Specifies the path of the exposed service.
// +kubebuilder:validation:Pattern=^([0-9a-zA-Z./*()?!\\_-]+)
Path string `json:"path"`
// Describes the service to expose. Overwrites the **spec** level service if defined.
// +optional
Service *Service `json:"service,omitempty"`
// Represents the list of allowed HTTP request methods available for the **spec.rules.path**.
// +kubebuilder:validation:MinItems=1
Methods []HttpMethod `json:"methods"`
// Specifies the list of access strategies.
// All strategies listed in [Oathkeeper documentation](https://www.ory.sh/docs/oathkeeper/pipeline/authn) are supported.
// +kubebuilder:validation:MinItems=1
AccessStrategies []*Authenticator `json:"accessStrategies"`
// Specifies the list of [Ory Oathkeeper](https://www.ory.sh/docs/oathkeeper/pipeline/mutator) mutators.
// +optional
Mutators []*Mutator `json:"mutators,omitempty"`
// +optional
Timeout *Timeout `json:"timeout,omitempty"`
}
Rule .
func (*Rule) ContainsAccessStrategy ¶
func (*Rule) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule.
func (*Rule) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Rule) GetCookieMutator ¶
func (r *Rule) GetCookieMutator() (CookieMutatorConfig, error)
func (*Rule) GetHeaderMutator ¶
func (r *Rule) GetHeaderMutator() (HeaderMutatorConfig, error)
func (*Rule) GetJwtIstioAuthorizations ¶
func (r *Rule) GetJwtIstioAuthorizations() []*JwtAuthorization
type Service ¶
type Service struct {
// Specifies the name of the exposed service.
Name *string `json:"name"`
// Specifies the Namespace of the exposed service. If not defined, it defaults to the APIRule Namespace.
// +kubebuilder:validation:Pattern=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
// +optional
Namespace *string `json:"namespace,omitempty"`
// Specifies the communication port of the exposed service.
// +kubebuilder:validation:Minimum=1
// +kubebuilder:validation:Maximum=65535
Port *uint32 `json:"port"`
// Specifies if the service is internal (in cluster) or external.
// +optional
IsExternal *bool `json:"external,omitempty"`
}
Service .
func (*Service) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Service.
func (*Service) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type StatusCode ¶
type StatusCode string
Status code describing APIRule.
const ( //StatusOK is set when the reconciliation finished succefully StatusOK StatusCode = "OK" //StatusSkipped is set when reconcilation of the APIRule component was skipped StatusSkipped StatusCode = "SKIPPED" //StatusError is set when an error happened during reconciliation of the APIRule StatusError StatusCode = "ERROR" //StatusWarning is set if an user action is required StatusWarning StatusCode = "WARNING" )
type StringMatch ¶
func (StringMatch) DeepCopy ¶
func (in StringMatch) DeepCopy() StringMatch
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StringMatch.
func (StringMatch) DeepCopyInto ¶
func (in StringMatch) DeepCopyInto(out *StringMatch)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (StringMatch) ToIstioStringMatchArray ¶
func (s StringMatch) ToIstioStringMatchArray() (out []*v1beta1.StringMatch)
type Timeout ¶
type Timeout uint16 // We use unit16 instead of a time.Duration because there is a bug with duration that requires additional validation of the format. Issue: checking https://github.com/kubernetes/apiextensions-apiserver/issues/56
Timeout for HTTP requests in seconds. The timeout can be configured up to 3900 seconds (65 minutes). +kubebuilder:validation:Minimum=1 +kubebuilder:validation:Maximum=3900
Source Files