Skip to content

APIPolicy

Package v1alpha2 contains the API Schema definitions for WSO2 APK.

API Policy

APIPolicy is the Schema for the apipolicies API

Field Description
apiVersion
string 		dp.wso2.com/v1alpha2
kind
string 		APIPolicy
metadata
Kubernetes meta/v1.ObjectMeta 		Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
APIPolicySpec

default
PolicySpec
override
PolicySpec
targetRef
sigs.k8s.io/gateway-api/apis/v1alpha2.PolicyTargetReference
status
APIPolicyStatus

APIPolicySpec

(Appears on: APIPolicy)

APIPolicySpec defines the desired state of APIPolicy

Field Description
default
PolicySpec
override
PolicySpec
targetRef
sigs.k8s.io/gateway-api/apis/v1alpha2.PolicyTargetReference

APIPolicyStatus

(Appears on: APIPolicy)

APIPolicyStatus defines the observed state of APIPolicy

BackendJWTToken

(Appears on: PolicySpec)

BackendJWTToken holds backend JWT token information

Field Description
name
string

Name holds the name of the BackendJWT resource.

CORSPolicy

(Appears on: PolicySpec)

CORSPolicy holds CORS policy information

Field Description
accessControlAllowCredentials
bool 		(Optional)

AllowCredentials indicates whether the request can include user credentials like cookies, HTTP authentication or client side SSL certificates.
accessControlAllowHeaders
[]string 		(Optional)

AccessControlAllowHeaders indicates which headers can be used during the actual request.
accessControlAllowMethods
[]string 		(Optional)

AccessControlAllowMethods indicates which methods can be used during the actual request.
accessControlAllowOrigins
[]string 		(Optional)

AccessControlAllowOrigins indicates which origins can be used during the actual request.
accessControlExposeHeaders
[]string 		(Optional)

AccessControlExposeHeaders indicates which headers can be exposed as part of the response by listing their names.
accessControlMaxAge
int 		(Optional)

AccessControlMaxAge indicates how long the results of a preflight request can be cached in a preflight result cache.

InterceptorReference

(Appears on: PolicySpec)

InterceptorReference holds InterceptorService reference using name and namespace

Field Description
name
string

Name is the referced CR’s name of InterceptorService resource.

PolicySpec

(Appears on: APIPolicySpec)

PolicySpec contains API policies

Field Description
requestInterceptors
[]InterceptorReference 		(Optional)

RequestInterceptors referenced to intercetor services to be applied to the request flow.
responseInterceptors
[]InterceptorReference 		(Optional)

ResponseInterceptors referenced to intercetor services to be applied to the response flow.
backendJwtPolicy
BackendJWTToken

BackendJWTPolicy holds reference to backendJWT policy configurations
cORSPolicy
CORSPolicy

CORS policy to be applied to the API.
subscriptionValidation
bool 		(Optional)

SubscriptionValidation denotes whether subscription validation is enabled for the API

Generated with gen-crd-api-reference-docs.

API Policy Samples

Refer Manage API Policy for more information on how to configure API Policy with API.

CORS Policy

apiVersion: dp.wso2.com/v1alpha1
kind: APIPolicy
metadata:
  name: sample-api-policy
spec:
  override:
    cORSPolicy:
      enabled: true
      accessControlAllowCredentials: true
      accessControlAllowOrigins:
        - "*"
      accessControlAllowHeaders:
        - authorization
      accessControlAllowMethods:
        - GET
        - POST
      accessControlExposeHeaders:
        - "*"
  targetRef:
    group: dp.wso2.com
    kind: API
    name: sample-api

Configuration Definition

Configuration Description Sample Values
enabled Determines whether or not the API Gateway should enable CORS for the API. If the value is set to true, the API Gateway will set the CORS headers in the response. true, false
accessControlAllowCredentials Determines whether or not the response to the request can be exposed to the page. It can be exposed when the header value is true. The header value can be set to true/false by enabling/disabling the Access Control Allow Credentials configuration. true, false
accessControlAllowOrigins Determines whether a resource can be shared with the resource of a given origin. The API Gateway validates the origin request header value against the list of origins defined under the Access Control Allow Origins configuration (this can be All Allow Origins or a specific value like localhost). If the host is in the allowed origin list, it will be set as the Access-Control-Allow-Origin response header in the response. * (allow all origins), localhost, *.wso2.com
accessControlAllowHeaders Determines, as part of the response to a preflight request (a request that checks to see if the CORS protocol is understood), which header field names can be used during the actual request. The Gateway will set the header values defined under Access Control Allow Headers configurations. authorization, Access-Control-Allow-Origin, Content-type, SOAPAction, apikey, Internal-Key
accessControlAllowMethods Determines the method(s) allowed when accessing the resource in response to a preflight request. Required methods can be defined under the Access Control Allow Method configuration. GET, PUT, POST, DELETE, PATCH, OPTIONS
accessControlExposeHeaders Determines the headers that are safe to expose to the API. The Gateway will set the header values defined under Access Control Expose Headers configurations. *, Cache-Control, Content-Language, Content-Length, Content-Type

Interceptor Policy

The following is a sample Interceptor API Policy CR.

apiVersion: dp.wso2.com/v1alpha1
kind: APIPolicy
metadata:
  name: interceptor-api-policy-resource-level
spec:
  override:
    requestInterceptors:
      - name: request-interceptor
    responseInterceptors:
      - name: response-interceptor
  targetRef:
    group: gateway.networking.k8s.io
    kind: Resource
    name: my-http-route

Configuration Definition

Configuration Description Sample Values
requestInterceptors Determines the list of names as references of InterceptorService custom resources for intercepting requests to the targeted resource. name: request-interceptor
responseInterceptors Determines the list of names as references of InterceptorService custom resources for intercepting responses from the targeted resource. name: response-interceptor
targetRef Determines the references of resource to apply the API policy.