AccessControl
microgateway.airlock.com/v1alpha1
AccessControl specifies the options to perform access control with a Microgateway Engine container.
apiVersion: microgateway.airlock.com/v1alpha1
kind: AccessControl
metadata:
name: access-control-example
spec:
policies:
- authorization:
authentication:
oidc:
oidcRelyingPartyRef:
name: oidc-example
identityPropagation:
actions:
- identityPropagationRef:
name: identity-propagation-example
onFailure: PassapiVersion: microgateway.airlock.com/v1alpha1
kind: AccessControl
metadata:
name: defaultAccessControl
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
metadata |
ObjectMeta | Refer to Kubernetes API documentation for fields of metadata |
yes | ||
| spec | object | Specifies how the Airlock Microgateway Engine performs access control. | yes |
AccessControl.spec
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| policies | object[] | Policies configures access control policies. | yes |
AccessControl.spec.policies[]
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| authorization | object | Authorization configures how requests are authorized. An empty object value {} disables authorization. | yes | ||
| identityPropagation | object | IdentityPropagation configures how the authenticated user’s identity is communicated to the protected application. | no |
AccessControl.spec.policies[].authorization
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| authentication | object | Authentication specifies that clients need to be authenticated with the provided method. | no | oidc{} |
AccessControl.spec.policies[].authorization.authentication
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| oidc | object | OIDC configures client authentication using OpenID Connect. | no |
AccessControl.spec.policies[].authorization.authentication.oidc
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| oidcRelyingPartyRef | object | OIDCRelyingPartyRef configures how the Airlock Microgateway Engine interacts with the OpenID provider. | yes |
AccessControl.spec.policies[].authorization.authentication.oidc.oidcRelyingPartyRef
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
name |
string | Name of the resource | yes |
AccessControl.spec.policies[].identityPropagation
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| actions | object[] | Actions specifies the propagation actions. | yes | ||
onFailure |
enum | OnFailure configures what should happen, if an identity propagation fails. Meaning of the possible values: Pass: The request should be forwarded to the upstream, without including the information from the failed identity propagations. |
yes | Pass |
AccessControl.spec.policies[].identityPropagation.actions[]
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| identityPropagationRef | object | IdentityPropagationRef selects an IdentityPropagation to apply. | yes |
AccessControl.spec.policies[].identityPropagation.actions[].identityPropagationRef
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
name |
string | Name of the resource | yes |