Grants communication permission between selected identities (i.e. traffic sources) and Destinations (i.e. destinations). Explicitly granted access permission is required if a VirtualMesh's GlobalAccessPolicy is set to ENABLED.
Specify the identities of Workloads (i.e. traffic sources) for which to apply this AccessPolicy. Leave empty to apply the AccessPolicy to all Workloads colocated in the destination's Mesh.
Specify the Destinations for which to apply this AccessPolicy. Leave empty to apply the AccessPolicy to all Destinations.
allowedPaths
[]string
repeated
Optional. A list of HTTP paths or gRPC methods to allow. gRPC methods must be presented as fully-qualified name in the form of “/packageName.serviceName/methodName” and are case sensitive. Exact match, prefix match, and suffix match are supported for paths. For example, the path “/books/review” matches “/books/review” (exact match), “books/” (suffix match), or “/books” (prefix match). If not specified, allow any path.
allowedMethods
[]string
repeated
Optional. A list of HTTP methods to allow (e.g., “GET”, “POST”). It is ignored in gRPC case because the value is always “POST”. If not specified, allows any method.
allowedPorts
[]uint32
repeated
Optional. A list of ports which to allow. If not set any port is allowed.
AccessPolicyStatus
Field
Type
Label
Description
observedGeneration
int64
The most recent generation observed in the the AccessPolicy metadata. If the observedGeneration does not match metadata.generation, Gloo Mesh has not processed the most recent version of this resource.
The status of the AccessPolicy for each Destination to which it has been applied. An AccessPolicy may be accepted for some Destinations and rejected for others.
workloads
[]string
repeated
The list of Workloads to which this policy has been applied.
errors
[]string
repeated
Any errors found while processing this generation of the resource.