← Back to index Esc
Kind
Accesscontrolpolicy
Group
hub.traefik.io
Version
v1alpha1
apiVersion: hub.traefik.io/v1alpha1 kind: Accesscontrolpolicy metadata: name: example
View raw schema
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata object
spec object
AccessControlPolicySpec configures an access control policy.
apiKey object
AccessControlPolicyAPIKey configure an APIKey control policy.
forwardHeaders object
ForwardHeaders instructs the middleware to forward key metadata as header values upon successful authentication.
keySource object required
KeySource defines how to extract API keys from requests.
cookie string
Cookie is the name of a cookie.
header string
Header is the name of a header.
headerAuthScheme string
HeaderAuthScheme sets an optional auth scheme when Header is set to "Authorization". If set, this scheme is removed from the token, and all requests not including it are dropped.
query string
Query is the name of a query parameter.
keys []object
Keys define the set of authorized keys to access a protected resource.
id string required
ID is the unique identifier of the key.
metadata object
Metadata holds arbitrary metadata for this key, can be used by ForwardHeaders.
value string required
Value is the SHAKE-256 hash (using 64 bytes) of the API key.
basicAuth object
AccessControlPolicyBasicAuth holds the HTTP basic authentication configuration.
forwardUsernameHeader string
realm string
stripAuthorizationHeader boolean
users []string
jwt object
AccessControlPolicyJWT configures a JWT access control policy.
claims string
forwardHeaders object
jwksFile string
jwksUrl string
publicKey string
signingSecret string
signingSecretBase64Encoded boolean
stripAuthorizationHeader boolean
tokenQueryKey string
oAuthIntro object
AccessControlOAuthIntro configures an OAuth 2.0 Token Introspection access control policy.
claims string
clientConfig object required
AccessControlOAuthIntroClientConfig configures the OAuth 2.0 client for issuing token introspection requests.
headers object
Headers to set when sending requests to the Authorization Server.
maxRetries integer
MaxRetries defines the number of retries for introspection requests.
timeoutSeconds integer
TimeoutSeconds configures the maximum amount of seconds to wait before giving up on requests.
tls object
TLS configures TLS communication with the Authorization Server.
ca string
CA sets the CA bundle used to sign the Authorization Server certificate.
insecureSkipVerify boolean
InsecureSkipVerify skips the Authorization Server certificate validation. For testing purposes only, do not use in production.
tokenTypeHint string
TokenTypeHint is a hint to pass to the Authorization Server. See https://tools.ietf.org/html/rfc7662#section-2.1 for more information.
url string required
URL of the Authorization Server.
forwardHeaders object
tokenSource object required
TokenSource describes how to extract tokens from HTTP requests. If multiple sources are set, the order is the following: header > query > cookie.
cookie string
Cookie is the name of a cookie.
header string
Header is the name of a header.
headerAuthScheme string
HeaderAuthScheme sets an optional auth scheme when Header is set to "Authorization". If set, this scheme is removed from the token, and all requests not including it are dropped.
query string
Query is the name of a query parameter.
oidc object
AccessControlPolicyOIDC holds the OIDC authentication configuration.
authParams object
claims string
clientId string
disableAuthRedirectionPaths []string
forwardHeaders object
issuer string
logoutUrl string
redirectUrl string
scopes []string
secret object
SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
name string
name is unique within a namespace to reference a secret resource.
namespace string
namespace defines the space within which the secret name must be unique.
session object
Session holds session configuration.
domain string
path string
refresh boolean
sameSite string
secure boolean
stateCookie object
StateCookie holds state cookie configuration.
domain string
path string
sameSite string
secure boolean
oidcGoogle object
AccessControlPolicyOIDCGoogle holds the Google OIDC authentication configuration.
authParams object
clientId string
emails []string
Emails are the allowed emails to connect.
minItems: 1
forwardHeaders object
logoutUrl string
redirectUrl string
secret object
SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace
name string
name is unique within a namespace to reference a secret resource.
namespace string
namespace defines the space within which the secret name must be unique.
session object
Session holds session configuration.
domain string
path string
refresh boolean
sameSite string
secure boolean
stateCookie object
StateCookie holds state cookie configuration.
domain string
path string
sameSite string
secure boolean
status object
The current status of this access control policy.
specHash string
syncedAt string
format: date-time
version string
Copied!