Documentation ¶
Overview ¶
Package v1beta1 contains API Schema definitions for the kuadrant v1beta1 API group +kubebuilder:object:generate=true +groupName=kuadrant.io
Index ¶
- Variables
- type AuthPolicy
- func (in *AuthPolicy) DeepCopy() *AuthPolicy
- func (in *AuthPolicy) DeepCopyInto(out *AuthPolicy)
- func (in *AuthPolicy) DeepCopyObject() runtime.Object
- func (ap *AuthPolicy) GetRulesHostnames() (ruleHosts []string)
- func (ap *AuthPolicy) GetTargetRef() gatewayapiv1alpha2.PolicyTargetReference
- func (ap *AuthPolicy) GetWrappedNamespace() gatewayapiv1.Namespace
- func (ap *AuthPolicy) TargetKey() client.ObjectKey
- func (ap *AuthPolicy) Validate() error
- type AuthPolicyList
- type AuthPolicySpec
- type AuthPolicyStatus
- type AuthSchemeSpec
- type AuthenticationSpec
- type AuthorizationSpec
- type CallbackSpec
- type CommonAuthRuleSpec
- type ContextSelector
- type HeaderSuccessResponseSpec
- type Limit
- type MetadataSpec
- type Rate
- type RateLimitPolicy
- func (in *RateLimitPolicy) DeepCopy() *RateLimitPolicy
- func (in *RateLimitPolicy) DeepCopyInto(out *RateLimitPolicy)
- func (in *RateLimitPolicy) DeepCopyObject() runtime.Object
- func (r *RateLimitPolicy) GetRulesHostnames() (ruleHosts []string)
- func (r *RateLimitPolicy) GetTargetRef() gatewayapiv1alpha2.PolicyTargetReference
- func (r *RateLimitPolicy) GetWrappedNamespace() gatewayapiv1.Namespace
- func (r *RateLimitPolicy) TargetKey() client.ObjectKey
- func (r *RateLimitPolicy) Validate() error
- type RateLimitPolicyList
- type RateLimitPolicySpec
- type RateLimitPolicyStatus
- type ResponseSpec
- type RouteSelector
- func (in *RouteSelector) DeepCopy() *RouteSelector
- func (in *RouteSelector) DeepCopyInto(out *RouteSelector)
- func (s *RouteSelector) HostnamesForConditions(route *gatewayapiv1.HTTPRoute) []gatewayapiv1.Hostname
- func (s *RouteSelector) SelectRules(route *gatewayapiv1.HTTPRoute) (rules []gatewayapiv1.HTTPRouteRule)
- type RouteSelectorsGetter
- type SuccessResponseSpec
- type TimeUnit
- type WhenCondition
- type WhenConditionOperator
- type WrappedSuccessResponseSpec
Constants ¶
This section is empty.
Variables ¶
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: "kuadrant.io", Version: "v1beta2"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
This section is empty.
Types ¶
type AuthPolicy ¶
type AuthPolicy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec AuthPolicySpec `json:"spec,omitempty"` Status AuthPolicyStatus `json:"status,omitempty"` }
AuthPolicy enables authentication and authorization for service workloads in a Gateway API network
func (*AuthPolicy) DeepCopy ¶
func (in *AuthPolicy) DeepCopy() *AuthPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthPolicy.
func (*AuthPolicy) DeepCopyInto ¶
func (in *AuthPolicy) DeepCopyInto(out *AuthPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AuthPolicy) DeepCopyObject ¶
func (in *AuthPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*AuthPolicy) GetRulesHostnames ¶
func (ap *AuthPolicy) GetRulesHostnames() (ruleHosts []string)
GetRulesHostnames returns all hostnames referenced in the route selectors of the policy.
func (*AuthPolicy) GetTargetRef ¶
func (ap *AuthPolicy) GetTargetRef() gatewayapiv1alpha2.PolicyTargetReference
func (*AuthPolicy) GetWrappedNamespace ¶
func (ap *AuthPolicy) GetWrappedNamespace() gatewayapiv1.Namespace
func (*AuthPolicy) TargetKey ¶
func (ap *AuthPolicy) TargetKey() client.ObjectKey
func (*AuthPolicy) Validate ¶
func (ap *AuthPolicy) Validate() error
type AuthPolicyList ¶
type AuthPolicyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []AuthPolicy `json:"items"` }
AuthPolicyList contains a list of AuthPolicy
func (*AuthPolicyList) DeepCopy ¶
func (in *AuthPolicyList) DeepCopy() *AuthPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthPolicyList.
func (*AuthPolicyList) DeepCopyInto ¶
func (in *AuthPolicyList) DeepCopyInto(out *AuthPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AuthPolicyList) DeepCopyObject ¶
func (in *AuthPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*AuthPolicyList) GetItems ¶
func (l *AuthPolicyList) GetItems() []common.KuadrantPolicy
type AuthPolicySpec ¶
type AuthPolicySpec struct { // TargetRef identifies an API object to apply policy to. // +kubebuilder:validation:XValidation:rule="self.group == 'gateway.networking.k8s.io'",message="Invalid targetRef.group. The only supported value is 'gateway.networking.k8s.io'" // +kubebuilder:validation:XValidation:rule="self.kind == 'HTTPRoute' || self.kind == 'Gateway'",message="Invalid targetRef.kind. The only supported values are 'HTTPRoute' and 'Gateway'" TargetRef gatewayapiv1alpha2.PolicyTargetReference `json:"targetRef"` // Top-level route selectors. // If present, the elements will be used to select HTTPRoute rules that, when activated, trigger the external authorization service. // At least one selected HTTPRoute rule must match to trigger the AuthPolicy. // If no route selectors are specified, the AuthPolicy will be enforced at all requests to the protected routes. // +optional // +kubebuilder:validation:MaxItems=15 RouteSelectors []RouteSelector `json:"routeSelectors,omitempty"` // Named sets of patterns that can be referred in `when` conditions and in pattern-matching authorization policy rules. // +optional NamedPatterns map[string]authorinoapi.PatternExpressions `json:"patterns,omitempty"` // Overall conditions for the AuthPolicy to be enforced. // If omitted, the AuthPolicy will be enforced at all requests to the protected routes. // If present, all conditions must match for the AuthPolicy to be enforced; otherwise, the authorization service skips the AuthPolicy and returns to the auth request with status OK. // +optional Conditions []authorinoapi.PatternExpressionOrRef `json:"when,omitempty"` // The auth rules of the policy. // See Authorino's AuthConfig CRD for more details. AuthScheme AuthSchemeSpec `json:"rules,omitempty"` }
+kubebuilder:validation:XValidation:rule="self.targetRef.kind != 'Gateway' || !has(self.routeSelectors)",message="route selectors not supported when targeting a Gateway" +kubebuilder:validation:XValidation:rule="self.targetRef.kind != 'Gateway' || !has(self.rules.authentication) || !self.rules.authentication.exists(x, has(self.rules.authentication[x].routeSelectors))",message="route selectors not supported when targeting a Gateway" +kubebuilder:validation:XValidation:rule="self.targetRef.kind != 'Gateway' || !has(self.rules.metadata) || !self.rules.metadata.exists(x, has(self.rules.metadata[x].routeSelectors))",message="route selectors not supported when targeting a Gateway" +kubebuilder:validation:XValidation:rule="self.targetRef.kind != 'Gateway' || !has(self.rules.authorization) || !self.rules.authorization.exists(x, has(self.rules.authorization[x].routeSelectors))",message="route selectors not supported when targeting a Gateway" +kubebuilder:validation:XValidation:rule="self.targetRef.kind != 'Gateway' || !has(self.rules.response) || !has(self.rules.response.success) || !has(self.rules.response.success.headers) || !self.rules.response.success.headers.exists(x, has(self.rules.response.success.headers[x].routeSelectors))",message="route selectors not supported when targeting a Gateway" +kubebuilder:validation:XValidation:rule="self.targetRef.kind != 'Gateway' || !has(self.rules.response) || !has(self.rules.response.success) || !has(self.rules.response.success.dynamicMetadata) || !self.rules.response.success.dynamicMetadata.exists(x, has(self.rules.response.success.dynamicMetadata[x].routeSelectors))",message="route selectors not supported when targeting a Gateway" +kubebuilder:validation:XValidation:rule="self.targetRef.kind != 'Gateway' || !has(self.rules.callbacks) || !self.rules.callbacks.exists(x, has(self.rules.callbacks[x].routeSelectors))",message="route selectors not supported when targeting a Gateway"
func (*AuthPolicySpec) DeepCopy ¶
func (in *AuthPolicySpec) DeepCopy() *AuthPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthPolicySpec.
func (*AuthPolicySpec) DeepCopyInto ¶
func (in *AuthPolicySpec) DeepCopyInto(out *AuthPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (AuthPolicySpec) GetRouteSelectors ¶
func (s AuthPolicySpec) GetRouteSelectors() []RouteSelector
GetRouteSelectors returns the top-level route selectors of the auth scheme. impl: RouteSelectorsGetter
type AuthPolicyStatus ¶
type AuthPolicyStatus struct { // ObservedGeneration reflects the generation of the most recently observed spec. // +optional ObservedGeneration int64 `json:"observedGeneration,omitempty"` // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` }
func (*AuthPolicyStatus) DeepCopy ¶
func (in *AuthPolicyStatus) DeepCopy() *AuthPolicyStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthPolicyStatus.
func (*AuthPolicyStatus) DeepCopyInto ¶
func (in *AuthPolicyStatus) DeepCopyInto(out *AuthPolicyStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AuthPolicyStatus) Equals ¶
func (s *AuthPolicyStatus) Equals(other *AuthPolicyStatus, logger logr.Logger) bool
type AuthSchemeSpec ¶
type AuthSchemeSpec struct { // Authentication configs. // At least one config MUST evaluate to a valid identity object for the auth request to be successful. // +optional // +kubebuilder:validation:MaxProperties=14 Authentication map[string]AuthenticationSpec `json:"authentication,omitempty"` // Metadata sources. // Authorino fetches auth metadata as JSON from sources specified in this config. // +optional // +kubebuilder:validation:MaxProperties=14 Metadata map[string]MetadataSpec `json:"metadata,omitempty"` // Authorization policies. // All policies MUST evaluate to "allowed = true" for the auth request be successful. // +optional // +kubebuilder:validation:MaxProperties=14 Authorization map[string]AuthorizationSpec `json:"authorization,omitempty"` // Response items. // Authorino builds custom responses to the client of the auth request. // +optional Response *ResponseSpec `json:"response,omitempty"` // Callback functions. // Authorino sends callbacks at the end of the auth pipeline to the endpoints specified in this config. // +optional // +kubebuilder:validation:MaxProperties=14 Callbacks map[string]CallbackSpec `json:"callbacks,omitempty"` }
func (*AuthSchemeSpec) DeepCopy ¶
func (in *AuthSchemeSpec) DeepCopy() *AuthSchemeSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthSchemeSpec.
func (*AuthSchemeSpec) DeepCopyInto ¶
func (in *AuthSchemeSpec) DeepCopyInto(out *AuthSchemeSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AuthenticationSpec ¶
type AuthenticationSpec struct { authorinoapi.AuthenticationSpec `json:""` CommonAuthRuleSpec `json:""` }
func (*AuthenticationSpec) DeepCopy ¶
func (in *AuthenticationSpec) DeepCopy() *AuthenticationSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationSpec.
func (*AuthenticationSpec) DeepCopyInto ¶
func (in *AuthenticationSpec) DeepCopyInto(out *AuthenticationSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AuthorizationSpec ¶
type AuthorizationSpec struct { authorinoapi.AuthorizationSpec `json:""` CommonAuthRuleSpec `json:""` }
func (*AuthorizationSpec) DeepCopy ¶
func (in *AuthorizationSpec) DeepCopy() *AuthorizationSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizationSpec.
func (*AuthorizationSpec) DeepCopyInto ¶
func (in *AuthorizationSpec) DeepCopyInto(out *AuthorizationSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CallbackSpec ¶
type CallbackSpec struct { authorinoapi.CallbackSpec `json:""` CommonAuthRuleSpec `json:""` }
func (*CallbackSpec) DeepCopy ¶
func (in *CallbackSpec) DeepCopy() *CallbackSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CallbackSpec.
func (*CallbackSpec) DeepCopyInto ¶
func (in *CallbackSpec) DeepCopyInto(out *CallbackSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CommonAuthRuleSpec ¶
type CommonAuthRuleSpec struct { // Top-level route selectors. // If present, the elements will be used to select HTTPRoute rules that, when activated, trigger the auth rule. // At least one selected HTTPRoute rule must match to trigger the auth rule. // If no route selectors are specified, the auth rule will be evaluated at all requests to the protected routes. // +optional // +kubebuilder:validation:MaxItems=15 RouteSelectors []RouteSelector `json:"routeSelectors,omitempty"` }
func (*CommonAuthRuleSpec) DeepCopy ¶
func (in *CommonAuthRuleSpec) DeepCopy() *CommonAuthRuleSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommonAuthRuleSpec.
func (*CommonAuthRuleSpec) DeepCopyInto ¶
func (in *CommonAuthRuleSpec) DeepCopyInto(out *CommonAuthRuleSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (CommonAuthRuleSpec) GetRouteSelectors ¶
func (s CommonAuthRuleSpec) GetRouteSelectors() []RouteSelector
GetRouteSelectors returns the route selectors of the auth rule spec. impl: RouteSelectorsGetter
type ContextSelector ¶
type ContextSelector string
ContextSelector defines one item from the well known attributes Attributes: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/attributes Well-known selectors: https://github.com/Kuadrant/architecture/blob/main/rfcs/0001-rlp-v2.md#well-known-selectors They are named by a dot-separated path (e.g. request.path) Example: "request.path" -> The path portion of the URL +kubebuilder:validation:MinLength=1 +kubebuilder:validation:MaxLength=253
type HeaderSuccessResponseSpec ¶
type HeaderSuccessResponseSpec struct {
SuccessResponseSpec `json:""`
}
func (*HeaderSuccessResponseSpec) DeepCopy ¶
func (in *HeaderSuccessResponseSpec) DeepCopy() *HeaderSuccessResponseSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderSuccessResponseSpec.
func (*HeaderSuccessResponseSpec) DeepCopyInto ¶
func (in *HeaderSuccessResponseSpec) DeepCopyInto(out *HeaderSuccessResponseSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Limit ¶
type Limit struct { // RouteSelectors defines semantics for matching an HTTP request based on conditions // +optional // +kubebuilder:validation:MaxItems=15 RouteSelectors []RouteSelector `json:"routeSelectors,omitempty"` // When holds the list of conditions for the policy to be enforced. // Called also "soft" conditions as route selectors must also match // +optional When []WhenCondition `json:"when,omitempty"` // Counters defines additional rate limit counters based on context qualifiers and well known selectors // TODO Document properly "Well-known selector" https://github.com/Kuadrant/architecture/blob/main/rfcs/0001-rlp-v2.md#well-known-selectors // +optional Counters []ContextSelector `json:"counters,omitempty"` // Rates holds the list of limit rates // +optional Rates []Rate `json:"rates,omitempty"` }
Limit represents a complete rate limit configuration
func (Limit) CountersAsStringList ¶
func (*Limit) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Limit.
func (*Limit) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MetadataSpec ¶
type MetadataSpec struct { authorinoapi.MetadataSpec `json:""` CommonAuthRuleSpec `json:""` }
func (*MetadataSpec) DeepCopy ¶
func (in *MetadataSpec) DeepCopy() *MetadataSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetadataSpec.
func (*MetadataSpec) DeepCopyInto ¶
func (in *MetadataSpec) DeepCopyInto(out *MetadataSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Rate ¶
type Rate struct { // Limit defines the max value allowed for a given period of time Limit int `json:"limit"` // Duration defines the time period for which the Limit specified above applies. Duration int `json:"duration"` // Duration defines the time uni // Possible values are: "second", "minute", "hour", "day" Unit TimeUnit `json:"unit"` }
Rate defines the actual rate limit that will be used when there is a match
func (*Rate) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rate.
func (*Rate) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RateLimitPolicy ¶
type RateLimitPolicy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec RateLimitPolicySpec `json:"spec,omitempty"` Status RateLimitPolicyStatus `json:"status,omitempty"` }
RateLimitPolicy enables rate limiting for service workloads in a Gateway API network
func (*RateLimitPolicy) DeepCopy ¶
func (in *RateLimitPolicy) DeepCopy() *RateLimitPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitPolicy.
func (*RateLimitPolicy) DeepCopyInto ¶
func (in *RateLimitPolicy) DeepCopyInto(out *RateLimitPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RateLimitPolicy) DeepCopyObject ¶
func (in *RateLimitPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*RateLimitPolicy) GetRulesHostnames ¶
func (r *RateLimitPolicy) GetRulesHostnames() (ruleHosts []string)
func (*RateLimitPolicy) GetTargetRef ¶
func (r *RateLimitPolicy) GetTargetRef() gatewayapiv1alpha2.PolicyTargetReference
func (*RateLimitPolicy) GetWrappedNamespace ¶
func (r *RateLimitPolicy) GetWrappedNamespace() gatewayapiv1.Namespace
func (*RateLimitPolicy) TargetKey ¶
func (r *RateLimitPolicy) TargetKey() client.ObjectKey
func (*RateLimitPolicy) Validate ¶
func (r *RateLimitPolicy) Validate() error
type RateLimitPolicyList ¶
type RateLimitPolicyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []RateLimitPolicy `json:"items"` }
RateLimitPolicyList contains a list of RateLimitPolicy
func (*RateLimitPolicyList) DeepCopy ¶
func (in *RateLimitPolicyList) DeepCopy() *RateLimitPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitPolicyList.
func (*RateLimitPolicyList) DeepCopyInto ¶
func (in *RateLimitPolicyList) DeepCopyInto(out *RateLimitPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RateLimitPolicyList) DeepCopyObject ¶
func (in *RateLimitPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*RateLimitPolicyList) GetItems ¶
func (l *RateLimitPolicyList) GetItems() []common.KuadrantPolicy
type RateLimitPolicySpec ¶
type RateLimitPolicySpec struct { // TargetRef identifies an API object to apply policy to. // +kubebuilder:validation:XValidation:rule="self.group == 'gateway.networking.k8s.io'",message="Invalid targetRef.group. The only supported value is 'gateway.networking.k8s.io'" // +kubebuilder:validation:XValidation:rule="self.kind == 'HTTPRoute' || self.kind == 'Gateway'",message="Invalid targetRef.kind. The only supported values are 'HTTPRoute' and 'Gateway'" TargetRef gatewayapiv1alpha2.PolicyTargetReference `json:"targetRef"` // Limits holds the struct of limits indexed by a unique name // +optional // +kubebuilder:validation:MaxProperties=14 Limits map[string]Limit `json:"limits,omitempty"` }
RateLimitPolicySpec defines the desired state of RateLimitPolicy +kubebuilder:validation:XValidation:rule="self.targetRef.kind != 'Gateway' || !has(self.limits) || !self.limits.exists(x, has(self.limits[x].routeSelectors))",message="route selectors not supported when targeting a Gateway"
func (*RateLimitPolicySpec) DeepCopy ¶
func (in *RateLimitPolicySpec) DeepCopy() *RateLimitPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitPolicySpec.
func (*RateLimitPolicySpec) DeepCopyInto ¶
func (in *RateLimitPolicySpec) DeepCopyInto(out *RateLimitPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RateLimitPolicyStatus ¶
type RateLimitPolicyStatus struct { // ObservedGeneration reflects the generation of the most recently observed spec. // +optional ObservedGeneration int64 `json:"observedGeneration,omitempty"` // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` }
RateLimitPolicyStatus defines the observed state of RateLimitPolicy
func (*RateLimitPolicyStatus) DeepCopy ¶
func (in *RateLimitPolicyStatus) DeepCopy() *RateLimitPolicyStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitPolicyStatus.
func (*RateLimitPolicyStatus) DeepCopyInto ¶
func (in *RateLimitPolicyStatus) DeepCopyInto(out *RateLimitPolicyStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RateLimitPolicyStatus) Equals ¶
func (s *RateLimitPolicyStatus) Equals(other *RateLimitPolicyStatus, logger logr.Logger) bool
type ResponseSpec ¶
type ResponseSpec struct { // Customizations on the denial status attributes when the request is unauthenticated. // For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. // Default: 401 Unauthorized // +optional Unauthenticated *authorinoapi.DenyWithSpec `json:"unauthenticated,omitempty"` // For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. // Default: 403 Forbidden // +optional Unauthorized *authorinoapi.DenyWithSpec `json:"unauthorized,omitempty"` // Response items to be included in the auth response when the request is authenticated and authorized. // For integration of Authorino via proxy, the proxy must use these settings to propagate dynamic metadata and/or inject data in the request. // +optional Success WrappedSuccessResponseSpec `json:"success,omitempty"` }
func (*ResponseSpec) DeepCopy ¶
func (in *ResponseSpec) DeepCopy() *ResponseSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResponseSpec.
func (*ResponseSpec) DeepCopyInto ¶
func (in *ResponseSpec) DeepCopyInto(out *ResponseSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RouteSelector ¶
type RouteSelector struct { // Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute to process the request // https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec // +optional Hostnames []gatewayapiv1.Hostname `json:"hostnames,omitempty"` // Matches define conditions used for matching the rule against incoming HTTP requests. // https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec // +optional // +kubebuilder:validation:MaxItems=8 Matches []gatewayapiv1.HTTPRouteMatch `json:"matches,omitempty"` }
RouteSelector defines semantics for matching an HTTP request based on conditions https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec
func (*RouteSelector) DeepCopy ¶
func (in *RouteSelector) DeepCopy() *RouteSelector
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteSelector.
func (*RouteSelector) DeepCopyInto ¶
func (in *RouteSelector) DeepCopyInto(out *RouteSelector)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RouteSelector) HostnamesForConditions ¶
func (s *RouteSelector) HostnamesForConditions(route *gatewayapiv1.HTTPRoute) []gatewayapiv1.Hostname
HostnamesForConditions allows avoiding building conditions for hostnames that are excluded by the selector or when the hostname is irrelevant (i.e. matches all hostnames)
func (*RouteSelector) SelectRules ¶
func (s *RouteSelector) SelectRules(route *gatewayapiv1.HTTPRoute) (rules []gatewayapiv1.HTTPRouteRule)
SelectRules returns, from a HTTPRoute, all HTTPRouteRules that either specify no HTTRouteMatches or that contain at least one HTTRouteMatch whose statements expressly include (partially or totally) the statements of at least one of the matches of the selector. If the selector does not specify any matches, then all HTTPRouteRules are selected.
Additionally, if the selector specifies a non-empty list of hostnames, a non-empty intersection between the literal hostnames of the selector and set of hostnames specified in the HTTPRoute must exist. Otherwise, the function returns nil.
type RouteSelectorsGetter ¶
type RouteSelectorsGetter interface {
GetRouteSelectors() []RouteSelector
}
+kubebuilder:object:generate=false
type SuccessResponseSpec ¶
type SuccessResponseSpec struct { authorinoapi.SuccessResponseSpec `json:""` CommonAuthRuleSpec `json:""` }
func (*SuccessResponseSpec) DeepCopy ¶
func (in *SuccessResponseSpec) DeepCopy() *SuccessResponseSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SuccessResponseSpec.
func (*SuccessResponseSpec) DeepCopyInto ¶
func (in *SuccessResponseSpec) DeepCopyInto(out *SuccessResponseSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WhenCondition ¶
type WhenCondition struct { // Selector defines one item from the well known selectors // TODO Document properly "Well-known selector" https://github.com/Kuadrant/architecture/blob/main/rfcs/0001-rlp-v2.md#well-known-selectors Selector ContextSelector `json:"selector"` // The binary operator to be applied to the content fetched from the selector // Possible values are: "eq" (equal to), "neq" (not equal to) Operator WhenConditionOperator `json:"operator"` // The value of reference for the comparison. Value string `json:"value"` }
RouteSelector defines semantics for matching an HTTP request based on conditions https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteSpec
func (*WhenCondition) DeepCopy ¶
func (in *WhenCondition) DeepCopy() *WhenCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhenCondition.
func (*WhenCondition) DeepCopyInto ¶
func (in *WhenCondition) DeepCopyInto(out *WhenCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WhenConditionOperator ¶
type WhenConditionOperator string
+kubebuilder:validation:Enum:=eq;neq;startswith;endswith;incl;excl;matches
const ( EqualOperator WhenConditionOperator = "eq" NotEqualOperator WhenConditionOperator = "neq" StartsWithOperator WhenConditionOperator = "startswith" EndsWithOperator WhenConditionOperator = "endswith" IncludeOperator WhenConditionOperator = "incl" ExcludeOperator WhenConditionOperator = "excl" MatchesOperator WhenConditionOperator = "matches" )
type WrappedSuccessResponseSpec ¶
type WrappedSuccessResponseSpec struct { // Custom success response items wrapped as HTTP headers. // For integration of Authorino via proxy, the proxy must use these settings to inject data in the request. // +kubebuilder:validation:MaxProperties=14 Headers map[string]HeaderSuccessResponseSpec `json:"headers,omitempty"` // Custom success response items wrapped as HTTP headers. // For integration of Authorino via proxy, the proxy must use these settings to propagate dynamic metadata. // See https://www.envoyproxy.io/docs/envoy/latest/configuration/advanced/well_known_dynamic_metadata // +kubebuilder:validation:MaxProperties=14 DynamicMetadata map[string]SuccessResponseSpec `json:"dynamicMetadata,omitempty"` }
func (*WrappedSuccessResponseSpec) DeepCopy ¶
func (in *WrappedSuccessResponseSpec) DeepCopy() *WrappedSuccessResponseSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WrappedSuccessResponseSpec.
func (*WrappedSuccessResponseSpec) DeepCopyInto ¶
func (in *WrappedSuccessResponseSpec) DeepCopyInto(out *WrappedSuccessResponseSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.