environment.proto

Package : devportal.solo.io

Top

environment.proto

Table of Contents

APIProductSelector

A reference to a particular APIProduct. Specifies which versions are included in this Environment.

Field Type Label Description
name string The name of the target APIProduct.
namespace string The namespace of the target APIProduct.
publishedVersions []APIVersionSelector repeated The versions of the APIProduct included in this Environment.
plans []UsagePlan repeated A list of Usage Plans available for accessing the APIProduct in this Environment. If none are specified, unlimited access will be enabled for unauthorized users.

APIVersionSelector

Field Type Label Description
name string The internal name of the referenced API Version. Given an APIProduct, this identifies a particular Version within that Product.
externalName string The name used by clients to refer to this API Version.

EnvironmentSpec

An Environment represents information about a set of domains that serve a set of APIProduct versions. Environments control route creation and route-level configuration (e.g. rate limits, user access).

Field Type Label Description
domains []string repeated The domains that will serve the APIProducts in this Environment. Domains must be unique across all Environments. These must be valid FQDN or wildcard hostnames.
When using Istio, these domains must match one or more hosts inside the servers field on the Istio Gateway resource.
apiProducts []APIProductSelector repeated The APIProducts that will be served in this Environment.
displayInfo EnvironmentSpec.DisplayInfo User-facing info to display to GUI users for this Environment.
disableRoutes bool If true, do not generate gateway routes for the API Products published in this environment.
tls EnvironmentSpec.TlsConfig TLS configuration for the API Products published in this Environment.

EnvironmentSpec.DisplayInfo

User-facing display information about the Environment.

Field Type Label Description
displayName string
description string

EnvironmentSpec.TlsConfig

Field Type Label Description
enabled bool Indicates whether the API Products published in this Environment require HTTPS. When set to true, if a user browses the documentation for any API in this environment in a portal, the server URL for that API will contain the https:// scheme; test requests sent via the portal will also use HTTPS.
gatewayConfig gloo.solo.io.SslConfig This field is required to correctly configure TLS on the VirtualServices that are generated by Gloo Portal when Gateway route generation is enabled for this Environment and you are running in Gloo Edge mode. The field is ignored when running in Istio mode, as TLS is configured by the user on Gateway resources.

EnvironmentStatus

Field Type Label Description
observedGeneration int64 The observed generation of the Environment. When this matches the Environment’s metadata.generation, it indicates the status is up-to-date.
state common.devportal.solo.io.State The current state of the Environment.
reason string A human-readable string explaining the error, if any.
modifiedDate google.protobuf.Timestamp Most recent date the Environment was updated.
publishedPortals []EnvironmentStatus.ReferencingPortal repeated The set of Portals on which APIProducts included in this Environment are published. Includes routing data about the Portals relevant to the Product.
usagePlansForProducts []EnvironmentStatus.ProductToPlans repeated For each Usage Plan defined on an APIProduct included in the Environment, indicates the API keys, if any, provisioned for the plan.

EnvironmentStatus.ProductToPlans

An APIProduct and the usage plans the Environment has defined for that APIProduct.

Field Type Label Description
apiProductRef common.devportal.solo.io.ObjectRef
usagePlans []EnvironmentStatus.UsagePlanStatus repeated

EnvironmentStatus.ReferencingPortal

Information about a Portal which references this Environment.

Field Type Label Description
name string The name of the Portal.
namespace string The namespace of the Portal.
domains []string repeated A list of the Portal domains which currently give access to APIProducts in this Environment. This is required to properly configure CORS policies for the Environment so that it can be queried from the interactive API documentation published in the Portal.

EnvironmentStatus.UsagePlanStatus

Gives the Status of a Usage Plan that lives on the Portal.

Field Type Label Description
name string The name of the plan.
provisionedKeys []common.devportal.solo.io.ObjectRef repeated The Secrets containing the API keys that have been provisioned for this usage plan.

UsagePlan

A UsagePlan describes a policy applied to consumers of an APIProduct.

Field Type Label Description
name string The names must be unique for usage plans.
displayName string User-facing display name for the plan.
rateLimit UsagePlan.RateLimitPolicy The rate limits enforced for users (API Consumers) of the plan. Leave empty to allow unlimited API access for users of this plan.
authPolicy UsagePlan.AuthPolicy The auth policy for this plan.

UsagePlan.AuthPolicy

Field Type Label Description
unauthorized UsagePlan.AuthPolicy.Unauthorized Consumers do not require authorization to use this plan. Only one Unauthorized usage plan may exist for an APIProduct.
apiKey UsagePlan.AuthPolicy.APIKey Consumers will authenticate using API Keys created under this usage plan.
oauth UsagePlan.AuthPolicy.OAuth Consumers will authenticate using OAuth 2.0 access tokens. Only one OAuth usage plan may exist for an APIProduct within each Environment. Tokens are obtained using the Authorization Code flow.

UsagePlan.AuthPolicy.APIKey

UsagePlan.AuthPolicy.OAuth

Field Type Label Description
authorizationUrl string The URL of the authorization server’s authorization endpoint. This value will be displayed as part of the API documentation in portal applications and used to initiate the authorization code flow through which users can request access tokens to test an API.
tokenUrl string The URL of the authorization server’s token endpoint. This value will be displayed as part of the API documentation in portal applications and used during the authorization code flow through which users can request access tokens to test an API.
scopes []UsagePlan.AuthPolicy.OAuth.ScopesEntry repeated The available access token scopes. Portal users will be able to select a set of scopes when requesting an access token.
tokenFieldName string By default, when a user requests a token from the OAuth server via the interactive documentation, the portal application will extract the token value from the access_token attribute of the token endpoint response and use it in the Authorization header when a user tests an API. You can use this option to extract the token from a different attribute instead; for example, you could set it to id_token to use the ID token instead of the access token if your OAuth2.0 server also supports OpenID Connect.
introspectionUrl string The URL for the access token introspection endpoint. The (opaque) access token received from the OAuth authorization endpoint will be validated against this endpoint. Scopes should be returned in the scope field of the introspection server response as a space-separated list of scopes in accordance with Section 2.2 of OAuth Token Introspection RFC7662. This field is deprecated; introspection_validation should be used instead.
introspectionValidation enterprise.gloo.solo.io.AccessTokenValidation.IntrospectionValidation Configuration for validating access tokens using OAuth Token Introspection RFC7662.
jwtValidation enterprise.gloo.solo.io.AccessTokenValidation.JwtValidation Configuration for validating access tokens that are JSON Web Token (JWT).

UsagePlan.AuthPolicy.OAuth.Scope

Field Type Label Description
required bool If set to true, Gloo Portal will configure the gateway to require that the given scope be present on tokens used to access the API for which this auth policy is defined. The way in which scope information is derived from a token depends on which token validation method is configured. This value is only relevant if gateway route generation is enabled for the Environment on which the auth policy is defined.
description string An optional description for this token scope. This value will be displayed as part of the API documentation in portal applications.

UsagePlan.AuthPolicy.OAuth.ScopesEntry

Field Type Label Description
key string
value UsagePlan.AuthPolicy.OAuth.Scope

UsagePlan.AuthPolicy.Unauthorized

UsagePlan.RateLimitPolicy

A Rate Limit policy that can be applied to request traffic from an authorized client.

Field Type Label Description
unit UsagePlan.RateLimitPolicy.Unit
requestsPerUnit uint32

UsagePlan.RateLimitPolicy.Unit

Name Number Description
UNKNOWN 0
SECOND 1
MINUTE 2
HOUR 3
DAY 4