OpenAPI
microgateway.airlock.com/v1alpha1
OpenAPI defines a policy for enforcing an OpenAPI schema.
apiVersion: microgateway.airlock.com/v1alpha1
kind: OpenAPI
metadata:
name: open-api-example
spec:
settings:
schema:
source:
configMapRef:
name: openapi3-spec
threatHandlingMode: Block
logging:
maxFailedSubvalidations: 10
validation:
authentication:
oAuth2:
allowedParameters:
builtIn:
standardParameters: true
custom:
- param1
- param2
oidc:
allowedParameters:
builtIn:
standardParameters: false
custom:
- param3
- param4
response:
unsecured: { }OpenAPI
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| metadata | defines the resource’s metadata | ObjectMeta | yes | ||
| spec | defines the desired OpenAPI schema enforcement configuration. | object | yes |
OpenAPI.spec
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| response | defines the validation behavior for responses. | object | no | unsecured{...} |
secured{}, unsecured{} |
| settings | defines the settings to configure OpenAPI specification enforcement. | object | yes |
OpenAPI.spec.response
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| secured | enables response checking. | object | no | ||
| unsecured | disables response checking. | object | no | {} |
OpenAPI.spec.response.secured
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| validation | defines the validation mode for responses. | enum | no | Lax |
Lax, Strict |
OpenAPI.spec.settings
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| logging | specifies the access log behavior. | object | no | ||
| schema | configures the OpenAPI specification. | object | yes | ||
| threatHandlingMode | specifies how threats should be handled. | enum | no | Block |
Block, LogOnly |
| validation | specifies the patterns for the validation behavior. | object | no |
OpenAPI.spec.settings.logging
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| maxFailedSubvalidations | defines the maximum number of failed subvalidations being logged. | int64 | no | 10 |
[0, 9223372036854775807] |
OpenAPI.spec.settings.schema
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| source | specifies the OpenAPI v3.0 specification to be enforced. | object | yes | configMapRef{} |
OpenAPI.spec.settings.schema.source
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| configMapRef | references the configmap by its name containing the well-known key openapi.json. Use the data field for plaintext or the binaryData for compressed data. Supported compression formats are zstd, gzip or zip. Note: If the provided OpenAPI schema is invalid (e.g., due to syntax errors), the Airlock Microgateway Engine will log an error, OpenAPI validation will always fail, and requests will be blocked. |
object | no |
OpenAPI.spec.settings.schema.source.configMapRef
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| name | of the resource | string | yes |
OpenAPI.spec.settings.validation
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| authentication | defines the settings for the authentication scheme. | object | no |
OpenAPI.spec.settings.validation.authentication
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| oAuth2 | specifies the OAuth2 parameters. | object | no | ||
| oidc | specifies the OIDC parameters. | object | no |
OpenAPI.spec.settings.validation.authentication.oAuth2
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| allowedParameters | specifies the allowed parameters for the authentication scheme. | object | no |
OpenAPI.spec.settings.validation.authentication.oAuth2.allowedParameters
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| builtIn | allows configuring a set of predefined allowed parameters. | object | no | ||
| custom | allows configuring additional allowed parameters. | string[] | no |
OpenAPI.spec.settings.validation.authentication.oAuth2.allowedParameters.builtIn
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| standardParameters | defines whether the allowed parameters should be expanded by the set of common parameters. | bool | no | true |
true, false |
OpenAPI.spec.settings.validation.authentication.oidc
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| allowedParameters | specifies the allowed parameters for the authentication scheme. | object | no |
OpenAPI.spec.settings.validation.authentication.oidc.allowedParameters
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| builtIn | allows configuring a set of predefined allowed parameters. | object | no | ||
| custom | allows configuring additional allowed parameters. | string[] | no |
OpenAPI.spec.settings.validation.authentication.oidc.allowedParameters.builtIn
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| standardParameters | defines whether the allowed parameters should be expanded by the set of common parameters. | bool | no | true |
true, false |