access_level.proto

Package : portal.gloo.solo.io

Top

access_level.proto

Table of Contents

AccessLevel

An AccessLevel defines the set of Portals and APIProducts accessible by Users or Groups. Users with access to a Portal will be able to log in, browse portal pages, and view APIProducts. Users with access to an APIProducts will be able to interact with that APIProduct (e.g. view their specification, requests API Keys) if it is published in the accessed Portal.
AccessLevel can be defined at the User level as well as the Group level.

Field Type Label Description
portals []common.portal.gloo.solo.io.ObjectRef repeated Users and Groups with this access level have access to these Portal objects.
apis []AccessLevel.APISelector repeated This array of selector objects determines the set of resources an identity has access to. This set is the union of the resources matched by all the selectors. This means a resource will be selected by the array of selector objects if it matches any of the selectors.

AccessLevel.APISelector

Provides a way to target a set of resources for access. A selector grants an identity access to the matched APIProducts in the set of matched Environments, with the ability to use the given UsagePlans in those Environments.

Field Type Label Description
products ResourceSelector (Required) Determines the set of APIProducts this selector grants access to.
environments ResourceSelector (Required) Determines the set of Environments this selector grants access to.
usagePlans []string repeated Determines the set of UsagePlans this selector grants access to. The reserved value * can be used to grant access to all UsagePlans defined for the matched APIProducts in all the matched Environments.

AccessLevelStatus

Represents the set of resources that an identity has access to.

Field Type Label Description
apiProducts []AccessLevelStatus.APIProduct repeated The set of APIProducts that the identity has access to.

AccessLevelStatus.APIProduct

Identifies an APIProduct for access.

Field Type Label Description
name string The name of the APIProduct.
namespace string The namespace of the APIProduct.
environments []AccessLevelStatus.APIProduct.Environment repeated The Environments in which the specified APIProducts can be accessed.

AccessLevelStatus.APIProduct.Environment

Identifies an Environment for access.

Field Type Label Description
name string The name of the Environment.
namespace string The namespace of the Environment.
usagePlans []string repeated The names of the Usage Plans that the identity is authorized to utilize when accessing the APIProduct in this Environment.

ResourceSelector

Represents criteria to select a top-level Kubernetes resource. The selection criteria specified by the selector are evaluated as operands in a logical AND expression. This means the selector will match the resources that meet all of its criteria.

Field Type Label Description
names []string repeated Select only resources whose name matches one of the values specified in this field. If omitted, resources will be selected regardless of name.
namespaces []string repeated Select only resources which are defined in one of these namespaces. The reserved value * can be used to select resources in all namespaces watched by Gloo Portal. If omitted, we only select resources which are in the same namespace as the resource that defined this selector.
labels []common.portal.gloo.solo.io.LabelExpression repeated Select only resources whose labels match all the given logical expressions. If omitted, resources will be selected regardless of labels. The expressions follow the same rules as the RouteTable selector expressions in Gloo Edge (see an example here.