A list of Usage Plans available for accessing the APIProduct in this Environment. If none are specified, unlimited access will be enabled for unauthorized users.
The name used by clients to refer to this API Version.
EnvironmentSpec
An Environment represents information about a set of domains that serve a set of APIProduct versions. Environments control route creation and route-level configuration (e.g. rate limits, user access).
The domains that will serve the APIProducts in this Environment. Domains must be unique across all Environments. These must be valid FQDN or wildcard hostnames. When using Istio, these domains must match one or more hosts inside the servers field on the Istio Gateway resource.
Indicates whether the API Products published in this Environment require HTTPS. When set to true, if a user browses the documentation for any API in this environment in a portal, the server URL for that API will contain the https:// scheme; test requests sent via the portal will also use HTTPS.
This field is required to correctly configure TLS on the VirtualServices that are generated by Gloo Portal when Gateway route generation is enabled for this Environment and you are running in Gloo Edge mode. The field is ignored when running in Istio mode, as TLS is configured by the user on Gateway resources.
A list of the Portal domains which currently give access to APIProducts in this Environment. This is required to properly configure CORS policies for the Environment so that it can be queried from the interactive API documentation published in the Portal.
EnvironmentStatus.UsagePlanStatus
Gives the Status of a Usage Plan that lives on the Portal.
Consumers will authenticate using OAuth 2.0 access tokens. Only one OAuth usage plan may exist for an APIProduct within each Environment. Tokens are obtained using the Authorization Code flow.
The URL of the authorization server’s authorization endpoint. This value will be displayed as part of the API documentation in portal applications and used to initiate the authorization code flow through which users can request access tokens to test an API.
The URL of the authorization server’s token endpoint. This value will be displayed as part of the API documentation in portal applications and used during the authorization code flow through which users can request access tokens to test an API.
By default, when a user requests a token from the OAuth server via the interactive documentation, the portal application will extract the token value from the access_token attribute of the token endpoint response and use it in the Authorization header when a user tests an API. You can use this option to extract the token from a different attribute instead; for example, you could set it to id_token to use the ID token instead of the access token if your OAuth2.0 server also supports OpenID Connect.
The URL for the access token introspection endpoint. The (opaque) access token received from the OAuth authorization endpoint will be validated against this endpoint. Scopes should be returned in the scope field of the introspection server response as a space-separated list of scopes in accordance with Section 2.2 of OAuth Token Introspection RFC7662. This field is deprecated; introspection_validation should be used instead.
If set to true, Gloo Portal will configure the gateway to require that the given scope be present on tokens used to access the API for which this auth policy is defined. The way in which scope information is derived from a token depends on which token validation method is configured. This value is only relevant if gateway route generation is enabled for the Environment on which the auth policy is defined.
