AccessLevel
Proto: access_level.proto
Package: portal.gloo.solo.io
Types:
- AccessLevel
- AccessLevel.APISelector
- AccessLevelStatus
- AccessLevelStatus.APIProduct
- AccessLevelStatus.APIProduct.Environment
- ResourceSelector
AccessLevel
An AccessLevel defines the set of Portals and APIProducts accessible by Users or Groups. Users with access to a Portal will be able to log in, browse portal pages, and view APIProducts. Users with access to an APIProducts will be able to interact with that APIProduct (e.g. view their specification, requests API Keys) if it is published in the accessed Portal.
AccessLevel can be defined at the User level as well as the Group level.
Field | Type | Label | Description |
---|---|---|---|
portals |
[]common.portal.gloo.solo.io.ObjectRef | repeated | Users and Groups with this access level have access to these Portal objects. |
apis |
[]portal.gloo.solo.io.AccessLevel.APISelector | repeated | This array of selector objects determines the set of resources an identity has access to. This set is the union of the resources matched by all the selectors. This means a resource will be selected by the array of selector objects if it matches any of the selectors. |
AccessLevel.APISelector
Provides a way to target a set of resources for access.
A selector grants an identity access to the matched APIProducts
in the set of matched Environments
,
with the ability to use the given UsagePlans
in those Environments
.
Field | Type | Label | Description |
---|---|---|---|
products |
portal.gloo.solo.io.ResourceSelector | (Required) Determines the set of APIProducts this selector grants access to. |
|
environments |
portal.gloo.solo.io.ResourceSelector | (Required) Determines the set of Environments this selector grants access to. |
|
usagePlans |
[]string | repeated | Determines the set of UsagePlans this selector grants access to. The reserved value * can be used to grant access to all UsagePlans defined for the matched APIProducts in all the matched Environments . |
AccessLevelStatus
Represents the set of resources that an identity has access to.
Field | Type | Label | Description |
---|---|---|---|
apiProducts |
[]portal.gloo.solo.io.AccessLevelStatus.APIProduct | repeated | The set of APIProducts that the identity has access to. |
AccessLevelStatus.APIProduct
Identifies an APIProduct for access.
Field | Type | Label | Description |
---|---|---|---|
name |
string | The name of the APIProduct. | |
namespace |
string | The namespace of the APIProduct. | |
environments |
[]portal.gloo.solo.io.AccessLevelStatus.APIProduct.Environment | repeated | The Environments in which the specified APIProducts can be accessed. |
AccessLevelStatus.APIProduct.Environment
Identifies an Environment for access.
Field | Type | Label | Description |
---|---|---|---|
name |
string | The name of the Environment. | |
namespace |
string | The namespace of the Environment. | |
usagePlans |
[]string | repeated | The names of the Usage Plans that the identity is authorized to utilize when accessing the APIProduct in this Environment. |
ResourceSelector
Represents criteria to select a top-level Kubernetes resource. The selection criteria specified by the selector are evaluated as operands in a logical AND expression. This means the selector will match the resources that meet all of its criteria.
Field | Type | Label | Description |
---|---|---|---|
names |
[]string | repeated | Select only resources whose name matches one of the values specified in this field. If omitted, resources will be selected regardless of name. |
namespaces |
[]string | repeated | Select only resources which are defined in one of these namespaces. The reserved value * can be used to select resources in all namespaces watched by Gloo Portal. If omitted, we only select resources which are in the same namespace as the resource that defined this selector. |
labels |
[]common.portal.gloo.solo.io.LabelExpression | repeated | Select only resources whose labels match all the given logical expressions. If omitted, resources will be selected regardless of labels. The expressions follow the same rules as the RouteTable selector expressions in Gloo Edge (see an example here. |