PortalGroup
PortalGroup API reference.
Proto: portal_group.proto
Package: apimanagement.gloo.solo.io
Claim
A claim that can be used to define a group of users.
Field | Description |
---|---|
key | (string )The key of the claim. For example, customers or region . This is the key that we will use to match against the claims in the idToken. |
value | (string )The value of the claim. |
Membership
Membership
contains a list of claims that is used to determine whether a user belongs to this group.
A user is considered to be a member of this group if their idToken has all the claims in this list.
For example, a user is considered to be a member of this group if they have defined the following list of membership criteria in their PortalGroup
:
...
membership:
- claims:
- key: type
value: customers
- key: region
value: us-east-1
- claims:
- key: type
value: customers
- key: region
value: us-west-1
and the user has the following claims in their idToken:
{ "type": "customers", "region": "us-east-1" } or { "type": "customers", "region": "us-west-1" }
claims within a Membership
criteria is an AND operation, and the list of Membership
criteria is an OR operation.
Field | Description |
---|---|
claims | (repeated Claim )A list of claims that is used to determine whether a user belongs to this group. A user is considered to be a member of this group if their idToken has claims that match all the claims in this list. |
PortalGroupReport
Field | Description |
---|---|
workspaces | (repeated PortalGroupReport.WorkspacesEntry ) |
ownedByWorkspace | (string )The name of the workspace that owns the PortalGroup schema. |
PortalGroupReport.WorkspacesEntry
Field | Description |
---|---|
key | (string ) |
value | (common.gloo.solo.io.Report ) |
PortalGroupSpec
A PortalGroup
defines what APIs a group of users can view in the portal, and what usage plans they can manage API keys for.
A PortalGroup
consists of a set of permissions defined for the group defined in AccessLevel
, and a set of claims that
is used to determine whether a user belongs to this group.
Below is an example of a PortalGroup
that defines a group of users that can view the APIs (RouteTables) with the customers-group: true
label,
and manage API keys for the bronze
, silver
, and gold
usage plans for said APIs.
A user belongs to this group if they have the following claims in their JWT:
{ "type": "customers", "region": "us-east-1" }
apiVersion: apimanagement.gloo.solo.io/v2
kind: PortalGroup
metadata:
name: customers-group
namespace: gloo-mesh
labels:
portal: sample-bank-portal
spec:
name: customers-group
description: a group for users accessing the customers APIs
membership:
- claims:
- key: type
value: customers
- key: region
value: us-east-1
accessLevel:
apis:
- routeTable:
labels:
customers-group: true
usagePlans:
- name: bronze
- name: silver
- name: gold
Field | Description |
---|---|
name | (string )The name of the group. |
description | (string )The description of the group. |
membership | (repeated Membership )A list of Membership criteria that defines the claims that are used to determine whether a user belongs to this group. A user is considered to be a member of this group if they have claims that match all the claims in any Membership criteria in this list. |
accessLevel | (PortalGroupSpec.AccessLevel )Settings that control the list of APIs that this group can view, and the usage plans that this group can manage API keys for. |
PortalGroupSpec.AccessLevel
Defines the access level of the group. Private APIs listed in the access level allows this group to view the selected APIs in the portal. Usage plans listed in the access level allows this group to manage API keys for the listed usage plans.
Field | Description |
---|---|
apis | (repeated common.gloo.solo.io.ObjectSelector )The APIs that we want to allow this group to view in the portal. An API consists of all routes exposed by a route table, so the apis field is a list of route table selectors. |
usagePlans | (repeated string )The names of usage plans that we want to allow this group to manage API keys for. Note that if your usage plan is applied across different route tables, granting the ability to manage API keys for a usage plan in a group will allow the created API keys to also be used across all route tables that the usage plan applies to. |
PortalGroupStatus
Field | Description |
---|---|
common | (common.gloo.solo.io.Status ) |
ownedByWorkspace | (string )The name of the workspace that owns the PortalGroup schema. |