github.com/verrazzano/verrazzano@v1.7.0/application-operator/apis/oam/v1alpha1/ingresstrait_authorization.go (about) 1 // Copyright (c) 2022, Oracle and/or its affiliates. 2 // Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 4 package v1alpha1 5 6 // AuthorizationRuleFrom includes a list of request principals. 7 type AuthorizationRuleFrom struct { 8 // Specifies the request principals for access to a request. 9 RequestPrincipals []string `json:"requestPrincipals,omitempty"` 10 } 11 12 // AuthorizationRuleCondition provides additional required attributes for authorization. 13 type AuthorizationRuleCondition struct { 14 // The name of a request attribute. 15 Key string `json:"key,omitempty"` 16 // A list of allowed values for the attribute. 17 Values []string `json:"values,omitempty"` 18 } 19 20 // AuthorizationRule matches requests from a list of request principals that access a specific path subject to a 21 // list of conditions. 22 type AuthorizationRule struct { 23 // Specifies the request principals for access to a request. An asterisk (*) will match when the value is not empty, 24 // for example, if any request principal is found in the request. 25 From *AuthorizationRuleFrom `json:"from,omitempty"` 26 // Specifies a list of additional conditions for access to a request. 27 // +optional 28 When []*AuthorizationRuleCondition `json:"when,omitempty"` 29 } 30 31 // AuthorizationPolicy defines the set of rules for authorizing a request. 32 type AuthorizationPolicy struct { 33 // Rules are used to match requests from request principals to specific paths given an optional list of conditions. 34 Rules []*AuthorizationRule `json:"rules,omitempty"` 35 }