GafaelfawrIngressConfig¶
- pydantic model gafaelfawr.models.kubernetes.GafaelfawrIngressConfig¶
Configuration settings for an ingress using Gafaelfawr for auth.
- Parameters:
data (
Any)
Show JSON schema
{ "title": "GafaelfawrIngressConfig", "description": "Configuration settings for an ingress using Gafaelfawr for auth.", "type": "object", "properties": { "authCacheDuration": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Authcacheduration" }, "authType": { "anyOf": [ { "$ref": "#/$defs/AuthType" }, { "type": "null" } ], "default": null }, "baseUrl": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Baseurl" }, "delegate": { "anyOf": [ { "$ref": "#/$defs/GafaelfawrIngressDelegate" }, { "type": "null" } ], "default": null }, "loginRedirect": { "default": false, "title": "Loginredirect", "type": "boolean" }, "onlyServices": { "anyOf": [ { "items": { "type": "string" }, "type": "array" }, { "type": "null" } ], "default": null, "title": "Onlyservices" }, "replace403": { "default": false, "title": "Replace403", "type": "boolean" }, "scopes": { "anyOf": [ { "$ref": "#/$defs/GafaelfawrIngressScopesAll" }, { "$ref": "#/$defs/GafaelfawrIngressScopesAny" }, { "$ref": "#/$defs/GafaelfawrIngressScopesAnonymous" } ], "title": "Scopes" }, "service": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Service" }, "username": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Username" } }, "$defs": { "AuthType": { "description": "Authentication types for the WWW-Authenticate header.", "enum": [ "basic", "bearer" ], "title": "AuthType", "type": "string" }, "GafaelfawrIngressDelegate": { "description": "Configuration for delegated tokens requested for a service.", "properties": { "notebook": { "anyOf": [ { "$ref": "#/$defs/GafaelfawrIngressDelegateNotebook" }, { "type": "null" } ], "default": null }, "internal": { "anyOf": [ { "$ref": "#/$defs/GafaelfawrIngressDelegateInternal" }, { "type": "null" } ], "default": null }, "minimumLifetime": { "anyOf": [ { "format": "duration", "type": "string" }, { "type": "null" } ], "default": null, "title": "Minimumlifetime" }, "useAuthorization": { "default": false, "title": "Useauthorization", "type": "boolean" } }, "title": "GafaelfawrIngressDelegate", "type": "object" }, "GafaelfawrIngressDelegateInternal": { "description": "Configuration for a delegated internal token.", "properties": { "service": { "title": "Service", "type": "string" }, "scopes": { "items": { "type": "string" }, "title": "Scopes", "type": "array" } }, "required": [ "service", "scopes" ], "title": "GafaelfawrIngressDelegateInternal", "type": "object" }, "GafaelfawrIngressDelegateNotebook": { "description": "Configuration for a delegated notebook token.\n\nNotes\n-----\nThis model is currently empty and represents an empty dict on the\nKubernetes side, but it is still an object for parallelism with\n`GafaelfawrIngressDelegateInternal`. It may have parameters for notebook\ntokens in the future.", "properties": {}, "title": "GafaelfawrIngressDelegateNotebook", "type": "object" }, "GafaelfawrIngressScopesAll": { "additionalProperties": false, "description": "Represents scopes where all scopes are required.", "properties": { "all": { "items": { "type": "string" }, "title": "All", "type": "array" } }, "required": [ "all" ], "title": "GafaelfawrIngressScopesAll", "type": "object" }, "GafaelfawrIngressScopesAnonymous": { "additionalProperties": false, "description": "Represents anonymous access.", "properties": { "anonymous": { "const": true, "title": "Anonymous", "type": "boolean" } }, "required": [ "anonymous" ], "title": "GafaelfawrIngressScopesAnonymous", "type": "object" }, "GafaelfawrIngressScopesAny": { "additionalProperties": false, "description": "Represents scopes where any scope is sufficient.", "properties": { "any": { "items": { "type": "string" }, "title": "Any", "type": "array" } }, "required": [ "any" ], "title": "GafaelfawrIngressScopesAny", "type": "object" } }, "required": [ "scopes" ] }
- Fields:
- Validators:
_validate_conflicts»all fields
- field authCacheDuration: str | None = None (name 'auth_cache_duration')¶
How long NGINX should cache the Gafaelfawr authorization response.
- Validated by:
_validate_conflicts
- field authType: AuthType | None = None (name 'auth_type')¶
Auth type of challenge for 401 responses.
- Validated by:
_validate_conflicts
- field baseUrl: str | None = None (name 'base_url')¶
The base URL for user-facing Gafaelfawr URLs in Ingress annotations.
- Validated by:
_validate_conflicts
- field delegate: GafaelfawrIngressDelegate | None = None¶
Details of the requested delegated token, if any.
- Validated by:
_validate_conflicts
- field loginRedirect: bool = False (name 'login_redirect')¶
Whether to redirect unauthenticated users to the login flow.
- Validated by:
_validate_conflicts
- field onlyServices: list[str] | None = None (name 'only_services')¶
If non-empty, restrict to tokens issued by one of the services.
- Validated by:
_validate_conflicts
- field replace403: bool = False (name 'replace_403')¶
Whether to generate a custom error response for 403 errors.
- Validated by:
_validate_conflicts
- field scopes: GafaelfawrIngressScopesAll | GafaelfawrIngressScopesAny | GafaelfawrIngressScopesAnonymous [Required]¶
The scopes to require for access.
- Validated by:
_validate_conflicts
- field service: str | None = None¶
Name of the service this ingress is for.
- Validated by:
_validate_conflicts
- field username: str | None = None¶
Restrict access to the given user.
- Validated by:
_validate_conflicts
- to_auth_query()¶
Generate the query corresponding to this ingress configuration.