Portal
Portal API reference.
Proto: portal.proto
Package: apimanagement.gloo.solo.io
PortalReport
Field | Description |
---|---|
workspaces | (repeated PortalReport.WorkspacesEntry ) |
ownerWorkspace | (string ) |
selectedRouteTables | (repeated common.gloo.solo.io.ObjectReference )A list of route tables that are selected by this portal. |
selectedExtAuthPolicies | (repeated common.gloo.solo.io.ObjectReference )A list of ext-auth policies selected by this portal. |
selectedRateLimitPolicies | (repeated common.gloo.solo.io.ObjectReference )A list of rate limit policies selected by this portal. |
selectedPortalBackend | (repeated common.gloo.solo.io.ObjectReference )A list of portal backends selected by this portal. |
PortalReport.WorkspacesEntry
Field | Description |
---|---|
key | (string ) |
value | (common.gloo.solo.io.Report ) |
PortalSpec
The Portal resource configures a developer portal that you can use to securely expose your APIs to end users. Before you create the Portal, you bundle the APIs that you want to expose into a route table. Then, you prepare a usage plan to control access to your APIs by applying rate limiting and external auth policies to the routes in the route table. For more information, see the Portal docs.
The following examples show a Portal resource that refers to usage plans
that are named in the rate limit server config’s descriptors, as well as a corresponding
RateLimitPolicy
and ExternalAuthPolicy
that apply to a route in a route table.
apiVersion: apimanagement.gloo.solo.io/v2
kind: Portal
metadata:
name: public-portal
namespace: gloo-mesh
spec:
portalBackendSelectors:
- selector:
labels:
app: gloo-mesh-portal-server
usagePlans:
- name: bronze
displayName: "Bronze Plan"
description: "A basic usage plan"
- name: silver
description: "A better usage plan"
- name: gold
description: "The best usage plan!"
apis:
- name: productpage
namespace: bookinfo
cluster: cluster-1
- labels:
app: reviews
apiVersion: admin.gloo.solo.io/v2
kind: RateLimitServerConfig
metadata:
name: usage-plans
namespace: gloo-mesh
spec:
destinationServers: [] # omitted, server refs
raw:
descriptors:
- key: usagePlan
value: bronze
descriptors:
- key: userId
rateLimit:
requestsPerUnit: 50
unit: MINUTE
- key: usagePlan
value: silver
descriptors:
- key: userId
rateLimit:
requestsPerUnit: 200
unit: MINUTE
- key: usagePlan
value: gold
descriptors:
- key: userId
rateLimit:
requestsPerUnit: 1000
unit: MINUTE
apiVersion: security.policy.gloo.solo.io/v2
kind: ExtAuthPolicy
metadata:
name: petstore-apiauth
namespace: petstore
spec:
applyToRoutes:
- route:
labels:
route: pets
config:
server:
name: ext-auth-server
namespace: gloo-mesh
cluster: cluster-1
glooAuth:
configs:
- apiKeyAuth:
headersFromMetadata:
x-solo-plan:
name: plan
required: true
k8sSecretApikeyStorage:
labelSelector:
auth: api-key
apiVersion: trafficcontrol.policy.gloo.solo.io/v2
kind: RateLimitPolicy
metadata:
name: pets-rate-limit
namespace: petstore
spec:
applyToRoutes:
- route:
labels:
route: pets
config:
ratelimitServerConfig:
name: usage-plans
namespace: gloo-mesh
cluster: cluster-1
raw:
rateLimits:
- actions:
- requestHeaders:
descriptorKey: usagePlan
headerName: x-solo-plan
- metadata:
descriptorKey: userId
metadataKey:
key: envoy.filters.http.ext_authz
path:
- key: userId
Field | Description |
---|---|
portalBackendSelectors | (repeated common.gloo.solo.io.WorkloadSelector )The workloads where an existing portal backend is running. |
apis | (repeated common.gloo.solo.io.ObjectSelector )A list of route tables with routes to the APIs you want the developer portal to expose. The route table might also have ‘portalMetadata’ key-value fields that you want to display in the developer portal for end users. |
apiProducts | (repeated common.gloo.solo.io.ObjectSelector )A list of route metadata which select the ApiProducts you want the developer portal to expose. $hide_from_docs |
usagePlans | (repeated PortalSpec.UsagePlan )The usage plans to control access to the APIs that the developer portal exposes. |
domains | (repeated string )The domains on which this Portal will be served. The Host header received by the Portal Web App will be matched to one of these domains in order to determine which Portal will be served. If you are using the Gateway through which you are exposing the Portal is listening on a port other than 80/443, you should include the port as part of the domain string, e.g. “portal.solo.io:8443”. To prevent undefined behavior, creating a Portal whose domain conflicts with an existing Portal will result in the Portal resource being placed into an ‘Invalid’ state. |
visibility | (PortalSpec.Visibility )Settings for controlling the visibility of the Portal’s contents. Default visibility for content in the Portal is private. When a Portal is public, individual APIs can be made private, by specifying the labels for private APIs and applying said labels to the route tables that need to be private. When a Portal or its APIs are private, the Portal requires authentication. An external auth policy must be applied to the Portal’s route table in order to enable authentication. The external auth policy must use the idTokenHeader field with the id_token to pass the user’s ID token to the Portal. For authentication to work, the email claim is required in the id_token . |
PortalSpec.UsagePlan
A UsagePlan
defined in the Portal resource is a reference to an existing RateLimitPolicy
and ExtAuthPolicy
that has been
applied to a route table.
The values of the descriptor key usagePlan
in the RateLimitServerConfig
used by an existing RateLimitPolicy
must match the name
of the UsagePlan
defined in the Portal resource, and will be used to determine which rate limiting
and ext auth options are available for this Portal.
Field | Description |
---|---|
name | (string )Match the names of the usage plans with the descriptors that you defined in the rate limit server config. |
displayName | (string )Optional display name for the usage plan to show end users in the developer portal. |
description | (string )Optional description for the usage plan to show end users in the developer portal. You might include information about how to get the plan or what the plan includes and excludes. |
PortalSpec.Visibility
Settings that control the visibility of the Portal’s contents.
Field | Description |
---|---|
public | (bool )If true, all the APIs published in this portal are going to be public (i.e. visible to unauthenticated users); individual APIs can still be made private using the privateAPILabels field. Defaults to false, in which case the privateAPILabels field will have not effect. |
privateAPILabels | (repeated PortalSpec.Visibility.PrivateAPILabelsEntry )Custom labels for private APIs. Apply these labels to route tables that need to be private. Has no effect if the public field is set to false in which case all APIs are private. |
PortalSpec.Visibility.PrivateAPILabelsEntry
Field | Description |
---|---|
key | (string ) |
value | (string ) |
PortalStatus
Field | Description |
---|---|
common | (common.gloo.solo.io.Status )The state and workspace conditions of the applied resource. |
ownerWorkspace | (string ) |
routeTablesCount | (uint32 )The number of route tables that are selected by this portal. |
extAuthPolicyCount | (uint32 )The number of ext-auth policies that this portal selects with the usage plans that are defined in the portal resource. |
rateLimitPolicyCount | (uint32 )The number of rate limit policies that this portal selects with the usage plans that are defined in the portal resource. |
portalBackendCount | (uint32 )The number of portal backends that are selected by this portal. |