Parser
microgateway.airlock.com/v1alpha1
Parser defines a policy how request bodies should be parsed before being filtered e.g., by the deny rules.
The defaults should work for most use cases, but it is possible to customize the behavior e.g., in case the upstream application uses non-standard content types for JSON messages.
apiVersion: microgateway.airlock.com/v1alpha1
kind: Parser
metadata:
name: parser-example
spec:
request:
# Set the content-type to 'application/json' if no content-type header is sent.
defaultContentType: application/json
parsers:
json:
enable: true
mediaTypePattern: .*json.*
form:
enable: true
mediaTypePattern: .*form-urlencoded.*
multipart:
enable: true
mediaTypePattern: .*multipart.*
custom:
rules:
# The POST request to '/company/contact.php' contains a JSON payload
# but has an incorrect content-type header.
# These requests should be treated as JSON.
- requestConditions:
method:
- POST
path:
matcher:
exact: /company/contact.php
action:
parse:
json: {}
# The request to '/support/upload.php' contains a binary payload
# but has an incorrect content-type header 'application/json'.
# These requests should not be parsed (security filters such as deny rules,
# limits, ... should not be applied).
- requestConditions:
path:
matcher:
exact: /support/upload.php
action:
skip: {}apiVersion: microgateway.airlock.com/v1alpha1
kind: Parser
metadata:
name: default
spec:
request:
parsers:
json:
enable: true
mediaTypePattern: ".*json.*"
form:
enable: true
mediaTypePattern: ".*urlencoded.*"
multipart:
enable: true
mediaTypePattern: ".*multipart.*"
defaultContentType: "application/x-www-form-urlencoded"
custom: {}Parser
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| metadata | defines the resource’s metadata | ObjectMeta | yes | ||
| spec | defines the desired parser configuration. | object | no |
Parser.spec
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| request | defines the parsing for downstream requests. | object | no |
Parser.spec.request
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| custom | allows configuring additional rules for parser selection. | object | no | ||
| defaultContentType | specifies the content-type header which should be injected into the request before parser selection if it is not already present and the request has a body. | string | no | application/x-www-form-urlencoded |
|
| parsers | defines the configuration for the available content parsers. | object | no |
Parser.spec.request.custom
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| rules | defines a custom set prepended before built-in rules of enabled request parsers. Disable all built-in parsers to overrule them completely. |
object[] | no |
Parser.spec.request.custom.rules[]
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| action | specifies what should happen when a request condition matches. Only one of parse or skip can be set. |
object | yes | parse{}, skip{} |
|
| requestConditions | defines additional request properties which must all be matched in order for this rule to apply. | object | yes |
Parser.spec.request.custom.rules[].action
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| parse | activates the configured parser. | object | no | form{}, json{}, multipart{} |
|
| skip | disables any content parsing | object | no | {} |
Parser.spec.request.custom.rules[].action.parse
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| form | activates the Form parser. | object | no | {} |
|
| json | activates the JSON parser. | object | no | {} |
|
| multipart | activates the multipart parser. | object | no | {} |
Parser.spec.request.custom.rules[].requestConditions
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| header | defines the matching headers of a request. | object | no | ||
| invert | indicates whether the request condition should be inverted. | bool | no | false |
true, false |
| mediaType | defines the matching media type from the content-type header of a request. | object | no | ||
| method | defines the matching methods of a request. | enum[] | no | CONNECT, DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT, TRACE |
|
| path | defines the matching path of a request. | object | no | ||
| remoteIP | defines the matching remote IPs of a request. Note: Depending on your setup you may need to adapt the remoteIP configuration in the SidecarGateway / GatewayParameters resource to ensure correct client IP detection. |
object | no |
Parser.spec.request.custom.rules[].requestConditions.header
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| name | defines the name of a header. | object | no | ||
| value | defines the value of a header. | object | no |
Parser.spec.request.custom.rules[].requestConditions.header.name
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| matcher | defines the way to match a string. In comparison to a normal StringMatcher, a value is always matched ignoring the case and can’t be inverted. | object | yes | contains{}, exact{}, prefix{}, regex{}, suffix{} |
Parser.spec.request.custom.rules[].requestConditions.header.name.matcher
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| contains | defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. |
string | no | ||
| exact | defines an explicit match on the string specified here. Only one of exact, prefix, suffix, regex or contains can be set. |
string | no | ||
| prefix | defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. |
string | no | ||
| regex | defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used. The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex. Only one of exact, prefix, suffix, regex or contains can be set. |
string | no | ||
| suffix | defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. |
string | no |
Parser.spec.request.custom.rules[].requestConditions.header.value
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| matcher | object | yes | contains{}, exact{}, prefix{}, regex{}, suffix{} |
Parser.spec.request.custom.rules[].requestConditions.header.value.matcher
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| contains | defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. |
string | no | ||
| exact | defines an explicit match on the string specified here. Only one of exact, prefix, suffix, regex or contains can be set. |
string | no | ||
| ignoreCase | indicates whether the matching should be case-insensitive. In case of a regex match, the regex gets wrapped with a group (?i:...). |
bool | no | false |
true, false |
| prefix | defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. |
string | no | ||
| regex | defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used. The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex. Only one of exact, prefix, suffix, regex or contains can be set. |
string | no | ||
| suffix | defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. |
string | no |
Parser.spec.request.custom.rules[].requestConditions.mediaType
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| matcher | object | yes | contains{}, exact{}, prefix{}, regex{}, suffix{} |
Parser.spec.request.custom.rules[].requestConditions.mediaType.matcher
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| contains | defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. |
string | no | ||
| exact | defines an explicit match on the string specified here. Only one of exact, prefix, suffix, regex or contains can be set. |
string | no | ||
| prefix | defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. |
string | no | ||
| regex | defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used. The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex. Only one of exact, prefix, suffix, regex or contains can be set. |
string | no | ||
| suffix | defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. |
string | no |
Parser.spec.request.custom.rules[].requestConditions.path
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| matcher | object | yes | contains{}, exact{}, prefix{}, regex{}, suffix{} |
Parser.spec.request.custom.rules[].requestConditions.path.matcher
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| contains | defines a substring match on the substring specified here. Empty contains match is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. |
string | no | ||
| exact | defines an explicit match on the string specified here. Only one of exact, prefix, suffix, regex or contains can be set. |
string | no | ||
| ignoreCase | indicates whether the matching should be case-insensitive. In case of a regex match, the regex gets wrapped with a group (?i:...). |
bool | no | false |
true, false |
| prefix | defines a prefix match on the prefix specified here. Empty prefix is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. |
string | no | ||
| regex | defines a regex match on the regular expression specified here. Google’s RE2 regex engine is used. The regex matches only single-line by default, even with “.*”. To match a multi-line string prepend (?s) to your regex. Only one of exact, prefix, suffix, regex or contains can be set. |
string | no | ||
| suffix | defines a suffix match on the suffix specified here. Empty suffix is not allowed, please use regex instead. Only one of exact, prefix, suffix, regex or contains can be set. |
string | no |
Parser.spec.request.custom.rules[].requestConditions.remoteIP
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| cidrRanges | defines the IPv4 or IPv6 CIDR ranges, e.g. 196.148.3.128/26 or 2001:db8::/28. |
string[] | yes | ||
| invert | indicates whether the match should be inverted. | bool | no | false |
true, false |
Parser.spec.request.parsers
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| form | defines the configuration for the form parser. | object | no | ||
| json | defines the configuration for the JSON parser. | object | no | ||
| multipart | defines the configuration for the multipart parser. | object | no |
Parser.spec.request.parsers.form
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| enable | defines whether form payloads are inspected. | bool | no | true |
true, false |
| mediaTypePattern | is a regex specifying the media types for which the request body should be treated as form arguments. | string | no | .*urlencoded.* |
Parser.spec.request.parsers.json
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| enable | defines whether json payloads are inspected. | bool | no | true |
true, false |
| mediaTypePattern | is a regex specifying the media types for which the request body should be treated as JSON. | string | no | .*json.* |
Parser.spec.request.parsers.multipart
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| enable | defines whether multipart payloads are inspected. | bool | no | true |
true, false |
| mediaTypePattern | is a regex specifying the media types for which the request body should be treated as a multipart payload. | string | no | .*multipart.* |