admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fe6c5de00fff2811a64a1243740f62166525b76d
kubesphere/vendor/istio.io/api/security/v1beta1/authorization.gen.json
hongming fe6c5de00f update dependencies 
Signed-off-by: hongming <talonwan@yunify.com>
2021-01-04 15:35:32 +08:00

264 lines
9.5 KiB
JSON
Raw Blame History

{
"openapi": "3.0.0",
"info": {
"title": "Configuration for access control on workloads.",
"version": "v1beta1"
},
"components": {
"schemas": {
"istio.security.v1beta1.AuthorizationPolicy": {
"description": "AuthorizationPolicy enables access control on workloads.",
"type": "object",
"properties": {
"selector": {
"$ref": "#/components/schemas/istio.type.v1beta1.WorkloadSelector"
},
"rules": {
"description": "Optional. A list of rules to match the request. A match occurs when at least one rule matches the request.",
"type": "array",
"items": {
"$ref": "#/components/schemas/istio.security.v1beta1.Rule"
}
},
"action": {
"$ref": "#/components/schemas/istio.security.v1beta1.AuthorizationPolicy.Action"
}
}
},
"istio.security.v1beta1.Rule": {
"description": "Rule matches requests from a list of sources that perform a list of operations subject to a list of conditions. A match occurs when at least one source, operation and condition matches the request. An empty rule is always matched.",
"type": "object",
"properties": {
"from": {
"description": "Optional. from specifies the source of a request.",
"type": "array",
"items": {
"$ref": "#/components/schemas/istio.security.v1beta1.Rule.From"
}
},
"to": {
"description": "Optional. to specifies the operation of a request.",
"type": "array",
"items": {
"$ref": "#/components/schemas/istio.security.v1beta1.Rule.To"
}
},
"when": {
"description": "Optional. when specifies a list of additional conditions of a request.",
"type": "array",
"items": {
"$ref": "#/components/schemas/istio.security.v1beta1.Condition"
}
}
}
},
"istio.security.v1beta1.AuthorizationPolicy.Action": {
"description": "Action specifies the operation to take.",
"type": "string",
"enum": [
"ALLOW",
"DENY"
]
},
"istio.security.v1beta1.Rule.From": {
"description": "From includes a list or sources.",
"type": "object",
"properties": {
"source": {
"$ref": "#/components/schemas/istio.security.v1beta1.Source"
}
}
},
"istio.security.v1beta1.Rule.To": {
"description": "To includes a list or operations.",
"type": "object",
"properties": {
"operation": {
"$ref": "#/components/schemas/istio.security.v1beta1.Operation"
}
}
},
"istio.security.v1beta1.Condition": {
"description": "Condition specifies additional required attributes.",
"type": "object",
"properties": {
"key": {
"description": "The name of an Istio attribute. See the [full list of supported attributes](https://istio.io/docs/reference/config/security/conditions/).",
"type": "string",
"format": "string"
},
"values": {
"description": "Optional. A list of allowed values for the attribute. Note: at least one of values or not_values must be set.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"notValues": {
"description": "Optional. A list of negative match of values for the attribute. Note: at least one of values or not_values must be set.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
}
}
},
"istio.security.v1beta1.Source": {
"description": "Source specifies the source identities of a request. Fields in the source are ANDed together.",
"type": "object",
"properties": {
"principals": {
"description": "Optional. A list of source peer identities (i.e. service account), which matches to the \"source.principal\" attribute. This field requires mTLS enabled.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"notPrincipals": {
"description": "Optional. A list of negative match of source peer identities.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"requestPrincipals": {
"description": "Optional. A list of request identities (i.e. \"iss/sub\" claims), which matches to the \"request.auth.principal\" attribute.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"notRequestPrincipals": {
"description": "Optional. A list of negative match of request identities.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"namespaces": {
"description": "Optional. A list of namespaces, which matches to the \"source.namespace\" attribute. This field requires mTLS enabled.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"notNamespaces": {
"description": "Optional. A list of negative match of namespaces.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"ipBlocks": {
"description": "Optional. A list of IP blocks, which matches to the \"source.ip\" attribute. Single IP (e.g. \"1.2.3.4\") and CIDR (e.g. \"1.2.3.0/24\") are supported.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"notIpBlocks": {
"description": "Optional. A list of negative match of IP blocks.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
}
}
},
"istio.security.v1beta1.Operation": {
"description": "Operation specifies the operations of a request. Fields in the operation are ANDed together.",
"type": "object",
"properties": {
"hosts": {
"description": "Optional. A list of hosts, which matches to the \"request.host\" attribute.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"notHosts": {
"description": "Optional. A list of negative match of hosts.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"ports": {
"description": "Optional. A list of ports, which matches to the \"destination.port\" attribute.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"notPorts": {
"description": "Optional. A list of negative match of ports.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"methods": {
"description": "Optional. A list of methods, which matches to the \"request.method\" attribute. For gRPC service, this will always be \"POST\".",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"notMethods": {
"description": "Optional. A list of negative match of methods.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"paths": {
"description": "Optional. A list of paths, which matches to the \"request.url_path\" attribute. For gRPC service, this will be the fully-qualified name in the form of \"/package.service/method\".",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"notPaths": {
"description": "Optional. A list of negative match of paths.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
}
}
},
"istio.type.v1beta1.WorkloadSelector": {
"description": "The selector determines the workloads to apply the RequestAuthentication on. If not set, the policy will be applied to all workloads in the same namespace as the policy.",
"type": "object",
"properties": {
"matchLabels": {
"description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. The scope of label search is restricted to the configuration namespace in which the resource is present.",
"type": "object",
"additionalProperties": {
"type": "string",
"format": "string"
}
}
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink