Proto: portal.proto

Package: apimanagement.gloo.solo.io

PortalReport

FieldDescription
workspaces(repeated PortalReport.WorkspacesEntry)

ownerWorkspace(string)

selectedRouteTables(repeated common.gloo.solo.io.ObjectReference)

A list of route tables that are selected by this portal.
selectedExtAuthPolicies(repeated common.gloo.solo.io.ObjectReference)

A list of ext-auth policies selected by this portal.
selectedRateLimitPolicies(repeated common.gloo.solo.io.ObjectReference)

A list of rate limit policies selected by this portal.
selectedPortalBackend(repeated common.gloo.solo.io.ObjectReference)

A list of portal backends selected by this portal.

PortalReport.WorkspacesEntry

FieldDescription
key(string)

value(common.gloo.solo.io.Report)

PortalSpec

The Portal resource configures a developer portal that you can use to securely expose your APIs to end users. Before you create the Portal, you bundle the APIs that you want to expose into a route table. Then, you prepare a usage plan to control access to your APIs by applying rate limiting and external auth policies to the routes in the route table. For more information, see the Portal docs.

The following examples show a Portal resource that refers to usage plans that are named in the rate limit server config’s descriptors, as well as a corresponding RateLimitPolicy and ExternalAuthPolicy that apply to a route in a route table.

  apiVersion: apimanagement.gloo.solo.io/v2
kind: Portal
   metadata:
     name: public-portal
     namespace: gloo-mesh
spec:
   portalBackendSelectors:
     - selector:
         labels:
           app: gloo-mesh-portal-server
   usagePlans:
     - name: bronze
       displayName: "Bronze Plan"
       description: "A basic usage plan"
     - name: silver
       description: "A better usage plan"
     - name: gold
       description: "The best usage plan!"
   apis:
     - name: productpage
         namespace: bookinfo
         cluster: cluster-1
     - labels:
           app: reviews
  
  apiVersion: admin.gloo.solo.io/v2
kind: RateLimitServerConfig
   metadata:
     name: usage-plans
     namespace: gloo-mesh
spec:
   destinationServers: [] # omitted, server refs
   raw:
     descriptors:
       - key: usagePlan
         value: bronze
         descriptors:
           - key: userId
             rateLimit:
               requestsPerUnit: 50
               unit: MINUTE
       - key: usagePlan
         value: silver
         descriptors:
           - key: userId
             rateLimit:
               requestsPerUnit: 200
               unit: MINUTE
        - key: usagePlan
          value: gold
          descriptors:
            - key: userId
              rateLimit:
                requestsPerUnit: 1000
                unit: MINUTE
  
  apiVersion: security.policy.gloo.solo.io/v2
kind: ExtAuthPolicy
metadata:
  name: petstore-apiauth
  namespace: petstore
spec:
  applyToRoutes:
    - route:
        labels:
           route: pets
  config:
    server:
      name: ext-auth-server
      namespace: gloo-mesh
      cluster: cluster-1
    glooAuth:
      configs:
        - apiKeyAuth:
            headersFromMetadata:
              x-solo-plan:
                name: plan
                required: true
            k8sSecretApikeyStorage:
              labelSelector:
                auth: api-key
  
  apiVersion: trafficcontrol.policy.gloo.solo.io/v2
kind: RateLimitPolicy
metadata:
  name: pets-rate-limit
  namespace: petstore
spec:
  applyToRoutes:
    - route:
        labels:
           route: pets
  config:
    ratelimitServerConfig:
      name: usage-plans
      namespace: gloo-mesh
      cluster: cluster-1
    raw:
      rateLimits:
        - actions:
            - requestHeaders:
                descriptorKey: usagePlan
                headerName: x-solo-plan
            - metadata:
                descriptorKey: userId
                metadataKey:
                  key: envoy.filters.http.ext_authz
                  path:
                    - key: userId
  
FieldDescription
portalBackendSelectors(repeated common.gloo.solo.io.WorkloadSelector)

The workloads where an existing portal backend is running.
apis(repeated common.gloo.solo.io.ObjectSelector)

A list of route tables with routes to the APIs you want the developer portal to expose. The route table might also have ‘portalMetadata’ key-value fields that you want to display in the developer portal for end users.
apiProducts(repeated common.gloo.solo.io.ObjectSelector)

A list of route metadata which select the ApiProducts you want the developer portal to expose. $hide_from_docs
usagePlans(repeated PortalSpec.UsagePlan)

The usage plans to control access to the APIs that the developer portal exposes.
domains(repeated string)

The domains on which this Portal will be served. The Host header received by the Portal Web App will be matched to one of these domains in order to determine which Portal will be served.
If you are using the Gateway through which you are exposing the Portal is listening on a port other than 80/443, you should include the port as part of the domain string, e.g. “portal.solo.io:8443”.
To prevent undefined behavior, creating a Portal whose domain conflicts with an existing Portal will result in the Portal resource being placed into an ‘Invalid’ state.
visibility(PortalSpec.Visibility)

Settings for controlling the visibility of the Portal’s contents. Default visibility for content in the Portal is private. When a Portal is public, individual APIs can be made private, by specifying the labels for private APIs and applying said labels to the route tables that need to be private. When a Portal or its APIs are private, the Portal requires authentication. An external auth policy must be applied to the Portal’s route table in order to enable authentication. The external auth policy must use the idTokenHeader field with the id_token to pass the user’s ID token to the Portal. For authentication to work, the email claim is required in the id_token.

PortalSpec.UsagePlan

A UsagePlan defined in the Portal resource is a reference to an existing RateLimitPolicy and ExtAuthPolicy that has been applied to a route table. The values of the descriptor key usagePlan in the RateLimitServerConfig used by an existing RateLimitPolicy must match the name of the UsagePlan defined in the Portal resource, and will be used to determine which rate limiting and ext auth options are available for this Portal.

FieldDescription
name(string)

Match the names of the usage plans with the descriptors that you defined in the rate limit server config.
displayName(string)

Optional display name for the usage plan to show end users in the developer portal.
description(string)

Optional description for the usage plan to show end users in the developer portal. You might include information about how to get the plan or what the plan includes and excludes.

PortalSpec.Visibility

Settings that control the visibility of the Portal’s contents.

FieldDescription
public(bool)

If true, all the APIs published in this portal are going to be public (i.e. visible to unauthenticated users); individual APIs can still be made private using the privateAPILabels field. Defaults to false, in which case the privateAPILabels field will have not effect.
privateAPILabels(repeated PortalSpec.Visibility.PrivateAPILabelsEntry)

Custom labels for private APIs. Apply these labels to route tables that need to be private. Has no effect if the public field is set to false in which case all APIs are private.

PortalSpec.Visibility.PrivateAPILabelsEntry

FieldDescription
key(string)

value(string)

PortalStatus

FieldDescription
common(common.gloo.solo.io.Status)

The state and workspace conditions of the applied resource.
ownerWorkspace(string)

routeTablesCount(uint32)

The number of route tables that are selected by this portal.
extAuthPolicyCount(uint32)

The number of ext-auth policies that this portal selects with the usage plans that are defined in the portal resource.
rateLimitPolicyCount(uint32)

The number of rate limit policies that this portal selects with the usage plans that are defined in the portal resource.
portalBackendCount(uint32)

The number of portal backends that are selected by this portal.