OpenAPI
microgateway.airlock.com/v1alpha1
OpenAPI contains the configuration for the OpenAPI specification.
apiVersion: microgateway.airlock.com/v1alpha1
kind: OpenAPI
metadata:
name: open-api-example
spec:
settings:
schema:
source:
configMapRef:
name: openapi3-spec
threatHandlingMode: Block
logging:
maxFailedSubvalidations: 10
validation:
authentication:
oAuth2:
allowedParameters:
builtIn:
standardParameters: true
custom:
- param1
- param2
oidc:
allowedParameters:
builtIn:
standardParameters: false
custom:
- param3
- param4
response:
unsecured: { }apiVersion: microgateway.airlock.com/v1alpha1
kind: OpenAPI
metadata:
name: defaultOpenAPI
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
metadata |
ObjectMeta | Refer to Kubernetes API documentation for fields of metadata |
yes | ||
| spec | object | Specification of the desired OpenAPI specification. | yes |
OpenAPI.spec
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| response | object | Response defines the validation behavior for responses. | no | unsecured{...} |
secured{}, unsecured{} |
| settings | object | Settings defines the settings to configure OpenAPI specification enforcement. | yes |
OpenAPI.spec.response
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| secured | object | Secured enables response checking. | no | ||
| unsecured | object | Unsecured disables response checking. | no |
OpenAPI.spec.response.secured
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
validation |
enum | Validation defines the validation mode for responses. | no | Lax |
Lax, Strict |
OpenAPI.spec.settings
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| logging | object | Logging specifies the access log behavior. | no | ||
| schema | object | Schema configures the OpenAPI specification. | yes | ||
threatHandlingMode |
enum | ThreatHandlingMode specifies how threats should be handled. | no | Block |
Block, LogOnly |
| validation | object | Validation specifies the patterns for the validation behavior. | no |
OpenAPI.spec.settings.logging
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
maxFailedSubvalidations |
uint64 | MaxFailedSubvalidations defines the maximum number of failed subvalidations being logged. | no | 10 |
[0, 18446744073709551615] |
OpenAPI.spec.settings.schema
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| source | object | Source specifies the OpenAPI v3.0 specification to be enforced. | yes | configMapRef{} |
OpenAPI.spec.settings.schema.source
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| configMapRef | object | ConfigMapRef references the configmap by its name containing the well-known key openapi.json. Use the data field for plaintext or the binaryData for compressed data. Supported compression formats are zstd, gzip or zip. Note: If the provided OpenAPI schema is invalid (e.g., due to syntax errors), the Airlock Microgateway Engine will log an error, OpenAPI validation will always fail, and requests will be blocked. |
no |
OpenAPI.spec.settings.schema.source.configMapRef
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
name |
string | Name of the resource | yes |
OpenAPI.spec.settings.validation
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| authentication | object | Authentication defines the settings for the authentication scheme. | no |
OpenAPI.spec.settings.validation.authentication
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| oAuth2 | object | OAuth2 specifies the OAuth2 parameters. | no | ||
| oidc | object | Oidc specifies the OIDC parameters. | no |
OpenAPI.spec.settings.validation.authentication.oAuth2
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| allowedParameters | object | AllowedParameters specifies the allowed parameters for the authentication scheme. | no |
OpenAPI.spec.settings.validation.authentication.oAuth2.allowedParameters
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| builtIn | object | BuiltIn allows configuring a set of predefined allowed parameters. | no | ||
custom |
string[] | Custom allows configuring additional allowed parameters. | no |
OpenAPI.spec.settings.validation.authentication.oAuth2.allowedParameters.builtIn
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
standardParameters |
bool | StandardParameters defines whether the allowed parameters should be expanded by the set of common parameters. | no | true |
true, false |
OpenAPI.spec.settings.validation.authentication.oidc
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| allowedParameters | object | AllowedParameters specifies the allowed parameters for the authentication scheme. | no |
OpenAPI.spec.settings.validation.authentication.oidc.allowedParameters
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| builtIn | object | BuiltIn allows configuring a set of predefined allowed parameters. | no | ||
custom |
string[] | Custom allows configuring additional allowed parameters. | no |
OpenAPI.spec.settings.validation.authentication.oidc.allowedParameters.builtIn
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
standardParameters |
bool | StandardParameters defines whether the allowed parameters should be expanded by the set of common parameters. | no | true |
true, false |