# Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: authenticationpolicies.dubbo.apache.org spec: group: dubbo.apache.org versions: - name: v1beta1 served: true storage: true schema: openAPIV3Schema: type: object properties: spec: type: object properties: action: type: string description: "The action to take when a rule is matched." enum: - NONE - DISABLED - PERMISSIVE - STRICT selector: type: array items: type: object description: "The source of the traffic to be matched." properties: namespaces: type: array description: "The namespaces to match of the source workload." items: type: string notNamespaces: type: array description: "The namespaces not to match of the source workload." items: type: string ipBlocks: type: array description: "The IP addresses to match of the source workload." items: type: string notIpBlocks: type: array description: "The IP addresses not to match of the source workload." items: type: string principals: type: array description: "The identities(from spiffe) to match of the source workload." items: type: string notPrincipals: type: array description: "The identities(from spiffe) not to match of the source workload." items: type: string extends: type: array description: "The extended identities(from Dubbo Auth) to match of the source workload." items: type: object properties: key: type: string description: "The key of the extended identity." value: type: string description: "The value of the extended identity." notExtends: type: array description: "The extended identities(from Dubbo Auth) not to match of the source workload." items: type: object properties: key: type: string description: "The key of the extended identity." value: type: string description: "The value of the extended identity." portLevel: type: array items: type: object properties: port: type: number minimum: 0 default: 0 maximum: 65535 action: type: string description: "The action to take when a rule is matched." enum: - NONE - DISABLED - PERMISSIVE - STRICT required: - action - port required: - action scope: Namespaced names: plural: authenticationpolicies singular: authenticationpolicy kind: AuthenticationPolicy shortNames: - ac --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: authorizationpolicies.dubbo.apache.org spec: group: dubbo.apache.org versions: - name: v1beta1 served: true storage: true schema: openAPIV3Schema: type: object properties: spec: type: object properties: action: type: string description: "The action to take when a rule is matched." enum: - ALLOW - DENY - ADULT rules: type: array items: type: object properties: from: type: object description: "The source of the traffic to be matched." properties: namespaces: type: array description: "The namespaces to match of the source workload." items: type: string notNamespaces: type: array description: "The namespaces not to match of the source workload." items: type: string ipBlocks: type: array description: "The IP addresses to match of the source workload." items: type: string notIpBlocks: type: array description: "The IP addresses not to match of the source workload." items: type: string principals: type: array description: "The identities(from spiffe) to match of the source workload." items: type: string notPrincipals: type: array description: "The identities(from spiffe) not to match of the source workload." items: type: string extends: type: array description: "The extended identities(from Dubbo Auth) to match of the source workload." items: type: object properties: key: type: string description: "The key of the extended identity." value: type: string description: "The value of the extended identity." notExtends: type: array description: "The extended identities(from Dubbo Auth) not to match of the source workload." items: type: object properties: key: type: string description: "The key of the extended identity." value: type: string description: "The value of the extended identity." to: type: object description: "The destination of the traffic to be matched." properties: namespaces: type: array description: "The namespaces to match of the source workload." items: type: string notNamespaces: type: array description: "The namespaces not to match of the source workload." items: type: string ipBlocks: type: array description: "The IP addresses to match of the destination workload." items: type: string notIpBlocks: type: array description: "The IP addresses not to match of the destination workload." items: type: string principals: type: array description: "The identities(from spiffe) to match of the destination workload." items: type: string notPrincipals: type: array description: "The identities(from spiffe) not to match of the destination workload." items: type: string extends: type: array description: "The extended identities(from Dubbo Auth) to match of the destination workload." items: type: object properties: key: type: string description: "The key of the extended identity." value: type: string description: "The value of the extended identity." notExtends: type: array description: "The extended identities(from Dubbo Auth) not to match of the destination workload." items: type: object properties: key: type: string description: "The key of the extended identity." value: type: string description: "The value of the extended identity." when: type: object properties: key: type: string values: type: array items: type: object properties: type: type: string enum: - equals - regex - ognl default: equals value: type: string notValues: type: array items: type: object properties: type: type: string enum: - equals - regex - ognl default: equals value: type: string samples: type: number description: "The sample rate of the rule. The value is between 0 and 100." minimum: 0 default: 100 maximum: 100 order: type: number description: "The order of the rule." minimum: -2147483648 default: 0 maximum: 2147483647 matchType: type: string description: "The match type of the rules." enum: - ANY_MATCH - ALL_MATCH default: ANY_MATCH required: - action scope: Namespaced names: plural: authorizationpolicies singular: authorizationpolicy kind: AuthorizationPolicy shortNames: - az