v1beta2

package
v0.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 31, 2024 License: Apache-2.0 Imports: 13 Imported by: 3

Documentation

Overview

Package v1beta1 contains API Schema definitions for the kuadrant v1beta1 API group +kubebuilder:object:generate=true +groupName=kuadrant.io

Index

Constants

This section is empty.

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: "kuadrant.io", Version: "v1beta2"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type AuthPolicy 

type AuthPolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   AuthPolicySpec   `json:"spec,omitempty"`
	Status AuthPolicyStatus `json:"status,omitempty"`
}

AuthPolicy enables authentication and authorization for service workloads in a Gateway API network

func (*AuthPolicy) DeepCopy 

func (in *AuthPolicy) DeepCopy() *AuthPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthPolicy.

func (*AuthPolicy) DeepCopyInto 

func (in *AuthPolicy) DeepCopyInto(out *AuthPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthPolicy) DeepCopyObject 

func (in *AuthPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AuthPolicy) GetRulesHostnames 

func (ap *AuthPolicy) GetRulesHostnames() (ruleHosts []string)

GetRulesHostnames returns all hostnames referenced in the route selectors of the policy.

func (*AuthPolicy) GetTargetRef 

func (ap *AuthPolicy) GetTargetRef() gatewayapiv1alpha2.PolicyTargetReference

func (*AuthPolicy) GetWrappedNamespace 

func (ap *AuthPolicy) GetWrappedNamespace() gatewayapiv1.Namespace

func (*AuthPolicy) TargetKey 

func (ap *AuthPolicy) TargetKey() client.ObjectKey

func (*AuthPolicy) Validate 

func (ap *AuthPolicy) Validate() error

type AuthPolicyList 

type AuthPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AuthPolicy `json:"items"`
}

AuthPolicyList contains a list of AuthPolicy

func (*AuthPolicyList) DeepCopy 

func (in *AuthPolicyList) DeepCopy() *AuthPolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthPolicyList.

func (*AuthPolicyList) DeepCopyInto 

func (in *AuthPolicyList) DeepCopyInto(out *AuthPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthPolicyList) DeepCopyObject 

func (in *AuthPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AuthPolicyList) GetItems 

func (l *AuthPolicyList) GetItems() []common.KuadrantPolicy

type AuthPolicySpec 

type AuthPolicySpec struct {
	// TargetRef identifies an API object to apply policy to.
	// +kubebuilder:validation:XValidation:rule="self.group == 'gateway.networking.k8s.io'",message="Invalid targetRef.group. The only supported value is 'gateway.networking.k8s.io'"
	// +kubebuilder:validation:XValidation:rule="self.kind == 'HTTPRoute' || self.kind == 'Gateway'",message="Invalid targetRef.kind. The only supported values are 'HTTPRoute' and 'Gateway'"
	TargetRef gatewayapiv1alpha2.PolicyTargetReference `json:"targetRef"`

	// Top-level route selectors.
	// If present, the elements will be used to select HTTPRoute rules that, when activated, trigger the external authorization service.
	// At least one selected HTTPRoute rule must match to trigger the AuthPolicy.
	// If no route selectors are specified, the AuthPolicy will be enforced at all requests to the protected routes.
	// +optional
	// +kubebuilder:validation:MaxItems=15
	RouteSelectors []RouteSelector `json:"routeSelectors,omitempty"`

	// Named sets of patterns that can be referred in `when` conditions and in pattern-matching authorization policy rules.
	// +optional
	NamedPatterns map[string]authorinoapi.PatternExpressions `json:"patterns,omitempty"`

	// Overall conditions for the AuthPolicy to be enforced.
	// If omitted, the AuthPolicy will be enforced at all requests to the protected routes.
	// If present, all conditions must match for the AuthPolicy to be enforced; otherwise, the authorization service skips the AuthPolicy and returns to the auth request with status OK.
	// +optional
	Conditions []authorinoapi.PatternExpressionOrRef `json:"when,omitempty"`

	// The auth rules of the policy.
	// See Authorino's AuthConfig CRD for more details.
	AuthScheme AuthSchemeSpec `json:"rules,omitempty"`
}

+kubebuilder:validation:XValidation:rule="self.targetRef.kind != 'Gateway' || !has(self.routeSelectors)",message="route selectors not supported when targeting a Gateway" +kubebuilder:validation:XValidation:rule="self.targetRef.kind != 'Gateway' || !has(self.rules.authentication) || !self.rules.authentication.exists(x, has(self.rules.authentication[x].routeSelectors))",message="route selectors not supported when targeting a Gateway" +kubebuilder:validation:XValidation:rule="self.targetRef.kind != 'Gateway' || !has(self.rules.metadata) || !self.rules.metadata.exists(x, has(self.rules.metadata[x].routeSelectors))",message="route selectors not supported when targeting a Gateway" +kubebuilder:validation:XValidation:rule="self.targetRef.kind != 'Gateway' || !has(self.rules.authorization) || !self.rules.authorization.exists(x, has(self.rules.authorization[x].routeSelectors))",message="route selectors not supported when targeting a Gateway" +kubebuilder:validation:XValidation:rule="self.targetRef.kind != 'Gateway' || !has(self.rules.response) || !has(self.rules.response.success) || !has(self.rules.response.success.headers) || !self.rules.response.success.headers.exists(x, has(self.rules.response.success.headers[x].routeSelectors))",message="route selectors not supported when targeting a Gateway" +kubebuilder:validation:XValidation:rule="self.targetRef.kind != 'Gateway' || !has(self.rules.response) || !has(self.rules.response.success) || !has(self.rules.response.success.dynamicMetadata) || !self.rules.response.success.dynamicMetadata.exists(x, has(self.rules.response.success.dynamicMetadata[x].routeSelectors))",message="route selectors not supported when targeting a Gateway" +kubebuilder:validation:XValidation:rule="self.targetRef.kind != 'Gateway' || !has(self.rules.callbacks) || !self.rules.callbacks.exists(x, has(self.rules.callbacks[x].routeSelectors))",message="route selectors not supported when targeting a Gateway"

func (*AuthPolicySpec) DeepCopy 

func (in *AuthPolicySpec) DeepCopy() *AuthPolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthPolicySpec.

func (*AuthPolicySpec) DeepCopyInto 

func (in *AuthPolicySpec) DeepCopyInto(out *AuthPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (AuthPolicySpec) GetRouteSelectors 

func (s AuthPolicySpec) GetRouteSelectors() []RouteSelector

GetRouteSelectors returns the top-level route selectors of the auth scheme. impl: RouteSelectorsGetter

type AuthPolicyStatus 

type AuthPolicyStatus struct {
	// ObservedGeneration reflects the generation of the most recently observed spec.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`

	// Represents the observations of a foo's current state.
	// Known .status.conditions.type are: "Available"
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
}

func (*AuthPolicyStatus) DeepCopy 

func (in *AuthPolicyStatus) DeepCopy() *AuthPolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthPolicyStatus.

func (*AuthPolicyStatus) DeepCopyInto 

func (in *AuthPolicyStatus) DeepCopyInto(out *AuthPolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthPolicyStatus) Equals 

func (s *AuthPolicyStatus) Equals(other *AuthPolicyStatus, logger logr.Logger) bool

type AuthSchemeSpec 

type AuthSchemeSpec struct {
	// Authentication configs.
	// At least one config MUST evaluate to a valid identity object for the auth request to be successful.
	// +optional
	// +kubebuilder:validation:MaxProperties=14
	Authentication map[string]AuthenticationSpec `json:"authentication,omitempty"`

	// Metadata sources.
	// Authorino fetches auth metadata as JSON from sources specified in this config.
	// +optional
	// +kubebuilder:validation:MaxProperties=14
	Metadata map[string]MetadataSpec `json:"metadata,omitempty"`

	// Authorization policies.
	// All policies MUST evaluate to "allowed = true" for the auth request be successful.
	// +optional
	// +kubebuilder:validation:MaxProperties=14
	Authorization map[string]AuthorizationSpec `json:"authorization,omitempty"`

	// Response items.
	// Authorino builds custom responses to the client of the auth request.
	// +optional
	Response *ResponseSpec `json:"response,omitempty"`

	// Callback functions.
	// Authorino sends callbacks at the end of the auth pipeline to the endpoints specified in this config.
	// +optional
	// +kubebuilder:validation:MaxProperties=14
	Callbacks map[string]CallbackSpec `json:"callbacks,omitempty"`
}

func (*AuthSchemeSpec) DeepCopy 

func (in *AuthSchemeSpec) DeepCopy() *AuthSchemeSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthSchemeSpec.

func (*AuthSchemeSpec) DeepCopyInto 

func (in *AuthSchemeSpec) DeepCopyInto(out *AuthSchemeSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthenticationSpec 

type AuthenticationSpec struct {
	authorinoapi.AuthenticationSpec `json:""`
	CommonAuthRuleSpec              `json:""`
}

func (*AuthenticationSpec) DeepCopy 

func (in *AuthenticationSpec) DeepCopy() *AuthenticationSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationSpec.

func (*AuthenticationSpec) DeepCopyInto 

func (in *AuthenticationSpec) DeepCopyInto(out *AuthenticationSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthorizationSpec 

type AuthorizationSpec struct {
	authorinoapi.AuthorizationSpec `json:""`
	CommonAuthRuleSpec             `json:""`
}

func (*AuthorizationSpec) DeepCopy 

func (in *AuthorizationSpec) DeepCopy() *AuthorizationSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizationSpec.

func (*AuthorizationSpec) DeepCopyInto 

func (in *AuthorizationSpec) DeepCopyInto(out *AuthorizationSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CallbackSpec 

type CallbackSpec struct {
	authorinoapi.CallbackSpec `json:""`
	CommonAuthRuleSpec        `json:""`
}

func (*CallbackSpec) DeepCopy 

func (in *CallbackSpec) DeepCopy() *CallbackSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CallbackSpec.

func (*CallbackSpec) DeepCopyInto 

func (in *CallbackSpec) DeepCopyInto(out *CallbackSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CommonAuthRuleSpec 

type CommonAuthRuleSpec struct {
	// Top-level route selectors.
	// If present, the elements will be used to select HTTPRoute rules that, when activated, trigger the auth rule.
	// At least one selected HTTPRoute rule must match to trigger the auth rule.
	// If no route selectors are specified, the auth rule will be evaluated at all requests to the protected routes.
	// +optional
	// +kubebuilder:validation:MaxItems=15
	RouteSelectors []RouteSelector `json:"routeSelectors,omitempty"`
}

func (*CommonAuthRuleSpec) DeepCopy 

func (in *CommonAuthRuleSpec) DeepCopy() *CommonAuthRuleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommonAuthRuleSpec.

func (*CommonAuthRuleSpec) DeepCopyInto 

func (in *CommonAuthRuleSpec) DeepCopyInto(out *CommonAuthRuleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (CommonAuthRuleSpec) GetRouteSelectors 

func (s CommonAuthRuleSpec) GetRouteSelectors() []RouteSelector

GetRouteSelectors returns the route selectors of the auth rule spec. impl: RouteSelectorsGetter

type ContextSelector 

type ContextSelector string

ContextSelector defines one item from the well known attributes Attributes: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/attributes Well-known selectors: https://github.com/Kuadrant/architecture/blob/main/rfcs/0001-rlp-v2.md#well-known-selectors They are named by a dot-separated path (e.g. request.path) Example: "request.path" -> The path portion of the URL +kubebuilder:validation:MinLength=1 +kubebuilder:validation:MaxLength=253

type HeaderSuccessResponseSpec 

type HeaderSuccessResponseSpec struct {
	SuccessResponseSpec `json:""`
}

func (*HeaderSuccessResponseSpec) DeepCopy 

func (in *HeaderSuccessResponseSpec) DeepCopy() *HeaderSuccessResponseSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderSuccessResponseSpec.

func (*HeaderSuccessResponseSpec) DeepCopyInto 

func (in *HeaderSuccessResponseSpec) DeepCopyInto(out *HeaderSuccessResponseSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Limit 

type Limit struct {
	// RouteSelectors defines semantics for matching an HTTP request based on conditions
	// +optional
	// +kubebuilder:validation:MaxItems=15
	RouteSelectors []RouteSelector `json:"routeSelectors,omitempty"`

	// When holds the list of conditions for the policy to be enforced.
	// Called also "soft" conditions as route selectors must also match
	// +optional
	When []WhenCondition `json:"when,omitempty"`

	// Counters defines additional rate limit counters based on context qualifiers and well known selectors
	// TODO Document properly "Well-known selector" https://github.com/Kuadrant/architecture/blob/main/rfcs/0001-rlp-v2.md#well-known-selectors
	// +optional
	Counters []ContextSelector `json:"counters,omitempty"`

	// Rates holds the list of limit rates
	// +optional
	Rates []Rate `json:"rates,omitempty"`
}

Limit represents a complete rate limit configuration

func (Limit) CountersAsStringList 

func (l Limit) CountersAsStringList() []string

func (*Limit) DeepCopy 

func (in *Limit) DeepCopy() *Limit

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Limit.

func (*Limit) DeepCopyInto 

func (in *Limit) DeepCopyInto(out *Limit)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MetadataSpec 

type MetadataSpec struct {
	authorinoapi.MetadataSpec `json:""`
	CommonAuthRuleSpec        `json:""`
}

func (*MetadataSpec) DeepCopy 

func (in *MetadataSpec) DeepCopy() *MetadataSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetadataSpec.

func (*MetadataSpec) DeepCopyInto 

func (in *MetadataSpec) DeepCopyInto(out *MetadataSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Rate 

type Rate struct {
	// Limit defines the max value allowed for a given period of time
	Limit int `json:"limit"`

	// Duration defines the time period for which the Limit specified above applies.
	Duration int `json:"duration"`

	// Duration defines the time uni
	// Possible values are: "second", "minute", "hour", "day"
	Unit TimeUnit `json:"unit"`
}

Rate defines the actual rate limit that will be used when there is a match

func (*Rate) DeepCopy 

func (in *Rate) DeepCopy() *Rate

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rate.

func (*Rate) DeepCopyInto 

func (in *Rate) DeepCopyInto(out *Rate)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateLimitPolicy 

type RateLimitPolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   RateLimitPolicySpec   `json:"spec,omitempty"`
	Status RateLimitPolicyStatus `json:"status,omitempty"`
}

RateLimitPolicy enables rate limiting for service workloads in a Gateway API network

func (*RateLimitPolicy) DeepCopy 

func (in *RateLimitPolicy) DeepCopy() *RateLimitPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitPolicy.

func (*RateLimitPolicy) DeepCopyInto 

func (in *RateLimitPolicy) DeepCopyInto(out *RateLimitPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RateLimitPolicy) DeepCopyObject 

func (in *RateLimitPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*RateLimitPolicy) GetRulesHostnames 

func (r *RateLimitPolicy) GetRulesHostnames() (ruleHosts []string)

func (*RateLimitPolicy) GetTargetRef 

func (r *RateLimitPolicy) GetTargetRef() gatewayapiv1alpha2.PolicyTargetReference

func (*RateLimitPolicy) GetWrappedNamespace 

func (r *RateLimitPolicy) GetWrappedNamespace() gatewayapiv1.Namespace

func (*RateLimitPolicy) TargetKey 

func (r *RateLimitPolicy) TargetKey() client.ObjectKey

func (*RateLimitPolicy) Validate 

func (r *RateLimitPolicy) Validate() error

type RateLimitPolicyList 

type RateLimitPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []RateLimitPolicy `json:"items"`
}

RateLimitPolicyList contains a list of RateLimitPolicy

func (*RateLimitPolicyList) DeepCopy 

func (in *RateLimitPolicyList) DeepCopy() *RateLimitPolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitPolicyList.

func (*RateLimitPolicyList) DeepCopyInto 

func (in *RateLimitPolicyList) DeepCopyInto(out *RateLimitPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RateLimitPolicyList) DeepCopyObject 

func (in *RateLimitPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*RateLimitPolicyList) GetItems 

func (l *RateLimitPolicyList) GetItems() []common.KuadrantPolicy

type RateLimitPolicySpec 

type RateLimitPolicySpec struct {
	// TargetRef identifies an API object to apply policy to.
	// +kubebuilder:validation:XValidation:rule="self.group == 'gateway.networking.k8s.io'",message="Invalid targetRef.group. The only supported value is 'gateway.networking.k8s.io'"
	// +kubebuilder:validation:XValidation:rule="self.kind == 'HTTPRoute' || self.kind == 'Gateway'",message="Invalid targetRef.kind. The only supported values are 'HTTPRoute' and 'Gateway'"
	TargetRef gatewayapiv1alpha2.PolicyTargetReference `json:"targetRef"`

	// Limits holds the struct of limits indexed by a unique name
	// +optional
	// +kubebuilder:validation:MaxProperties=14
	Limits map[string]Limit `json:"limits,omitempty"`
}

RateLimitPolicySpec defines the desired state of RateLimitPolicy +kubebuilder:validation:XValidation:rule="self.targetRef.kind != 'Gateway' || !has(self.limits) || !self.limits.exists(x, has(self.limits[x].routeSelectors))",message="route selectors not supported when targeting a Gateway"

func (*RateLimitPolicySpec) DeepCopy 

func (in *RateLimitPolicySpec) DeepCopy() *RateLimitPolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitPolicySpec.

func (*RateLimitPolicySpec) DeepCopyInto 

func (in *RateLimitPolicySpec) DeepCopyInto(out *RateLimitPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateLimitPolicyStatus 

type RateLimitPolicyStatus struct {
	// ObservedGeneration reflects the generation of the most recently observed spec.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`

	// Represents the observations of a foo's current state.
	// Known .status.conditions.type are: "Available"
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
}

RateLimitPolicyStatus defines the observed state of RateLimitPolicy

func (*RateLimitPolicyStatus) DeepCopy 

func (in *RateLimitPolicyStatus) DeepCopy() *RateLimitPolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitPolicyStatus.

func (*RateLimitPolicyStatus) DeepCopyInto 

func (in *RateLimitPolicyStatus) DeepCopyInto(out *RateLimitPolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RateLimitPolicyStatus) Equals 

func (s *RateLimitPolicyStatus) Equals(other *RateLimitPolicyStatus, logger logr.Logger) bool

type ResponseSpec 

type ResponseSpec struct {
	// Customizations on the denial status attributes when the request is unauthenticated.
	// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config.
	// Default: 401 Unauthorized
	// +optional
	Unauthenticated *authorinoapi.DenyWithSpec `json:"unauthenticated,omitempty"`

	// Customizations on the denial status attributes when the request is unauthorized.
	// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config.
	// Default: 403 Forbidden
	// +optional
	Unauthorized *authorinoapi.DenyWithSpec `json:"unauthorized,omitempty"`

	// Response items to be included in the auth response when the request is authenticated and authorized.
	// For integration of Authorino via proxy, the proxy must use these settings to propagate dynamic metadata and/or inject data in the request.
	// +optional
	Success WrappedSuccessResponseSpec `json:"success,omitempty"`
}

func (*ResponseSpec) DeepCopy 

func (in *ResponseSpec) DeepCopy() *ResponseSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResponseSpec.

func (*ResponseSpec) DeepCopyInto 

func (in *ResponseSpec) DeepCopyInto(out *ResponseSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RouteSelector 

type RouteSelector struct {
	// Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute to process the request
	// https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec
	// +optional
	Hostnames []gatewayapiv1.Hostname `json:"hostnames,omitempty"`

	// Matches define conditions used for matching the rule against incoming HTTP requests.
	// https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec
	// +optional
	// +kubebuilder:validation:MaxItems=8
	Matches []gatewayapiv1.HTTPRouteMatch `json:"matches,omitempty"`
}

RouteSelector defines semantics for matching an HTTP request based on conditions https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec

func (*RouteSelector) DeepCopy 

func (in *RouteSelector) DeepCopy() *RouteSelector

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteSelector.

func (*RouteSelector) DeepCopyInto 

func (in *RouteSelector) DeepCopyInto(out *RouteSelector)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RouteSelector) HostnamesForConditions 

func (s *RouteSelector) HostnamesForConditions(route *gatewayapiv1.HTTPRoute) []gatewayapiv1.Hostname

HostnamesForConditions allows avoiding building conditions for hostnames that are excluded by the selector or when the hostname is irrelevant (i.e. matches all hostnames)

func (*RouteSelector) SelectRules 

func (s *RouteSelector) SelectRules(route *gatewayapiv1.HTTPRoute) (rules []gatewayapiv1.HTTPRouteRule)

SelectRules returns, from a HTTPRoute, all HTTPRouteRules that either specify no HTTRouteMatches or that contain at least one HTTRouteMatch whose statements expressly include (partially or totally) the statements of at least one of the matches of the selector. If the selector does not specify any matches, then all HTTPRouteRules are selected.

Additionally, if the selector specifies a non-empty list of hostnames, a non-empty intersection between the literal hostnames of the selector and set of hostnames specified in the HTTPRoute must exist. Otherwise, the function returns nil.

type RouteSelectorsGetter 

type RouteSelectorsGetter interface {
	GetRouteSelectors() []RouteSelector
}

+kubebuilder:object:generate=false

type SuccessResponseSpec 

type SuccessResponseSpec struct {
	authorinoapi.SuccessResponseSpec `json:""`
	CommonAuthRuleSpec               `json:""`
}

func (*SuccessResponseSpec) DeepCopy 

func (in *SuccessResponseSpec) DeepCopy() *SuccessResponseSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SuccessResponseSpec.

func (*SuccessResponseSpec) DeepCopyInto 

func (in *SuccessResponseSpec) DeepCopyInto(out *SuccessResponseSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TimeUnit 

type TimeUnit string

+kubebuilder:validation:Enum:=second;minute;hour;day

type WhenCondition 

type WhenCondition struct {
	// Selector defines one item from the well known selectors
	// TODO Document properly "Well-known selector" https://github.com/Kuadrant/architecture/blob/main/rfcs/0001-rlp-v2.md#well-known-selectors
	Selector ContextSelector `json:"selector"`

	// The binary operator to be applied to the content fetched from the selector
	// Possible values are: "eq" (equal to), "neq" (not equal to)
	Operator WhenConditionOperator `json:"operator"`

	// The value of reference for the comparison.
	Value string `json:"value"`
}

RouteSelector defines semantics for matching an HTTP request based on conditions https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec

func (*WhenCondition) DeepCopy 

func (in *WhenCondition) DeepCopy() *WhenCondition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhenCondition.

func (*WhenCondition) DeepCopyInto 

func (in *WhenCondition) DeepCopyInto(out *WhenCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WhenConditionOperator 

type WhenConditionOperator string

+kubebuilder:validation:Enum:=eq;neq;startswith;endswith;incl;excl;matches 

const (
	EqualOperator      WhenConditionOperator = "eq"
	NotEqualOperator   WhenConditionOperator = "neq"
	StartsWithOperator WhenConditionOperator = "startswith"
	EndsWithOperator   WhenConditionOperator = "endswith"
	IncludeOperator    WhenConditionOperator = "incl"
	ExcludeOperator    WhenConditionOperator = "excl"
	MatchesOperator    WhenConditionOperator = "matches"
)

type WrappedSuccessResponseSpec 

type WrappedSuccessResponseSpec struct {
	// Custom success response items wrapped as HTTP headers.
	// For integration of Authorino via proxy, the proxy must use these settings to inject data in the request.
	// +kubebuilder:validation:MaxProperties=14
	Headers map[string]HeaderSuccessResponseSpec `json:"headers,omitempty"`

	// Custom success response items wrapped as HTTP headers.
	// For integration of Authorino via proxy, the proxy must use these settings to propagate dynamic metadata.
	// See https://www.envoyproxy.io/docs/envoy/latest/configuration/advanced/well_known_dynamic_metadata
	// +kubebuilder:validation:MaxProperties=14
	DynamicMetadata map[string]SuccessResponseSpec `json:"dynamicMetadata,omitempty"`
}

func (*WrappedSuccessResponseSpec) DeepCopy 

func (in *WrappedSuccessResponseSpec) DeepCopy() *WrappedSuccessResponseSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WrappedSuccessResponseSpec.

func (*WrappedSuccessResponseSpec) DeepCopyInto 

func (in *WrappedSuccessResponseSpec) DeepCopyInto(out *WrappedSuccessResponseSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.