GafaelfawrIngressConfig¶
- pydantic model gafaelfawr.models.kubernetes.GafaelfawrIngressConfig¶
Configuration settings for an ingress using Gafaelfawr for auth.
- Parameters:
data (
Any)
Show JSON schema
{ "title": "GafaelfawrIngressConfig", "description": "Configuration settings for an ingress using Gafaelfawr for auth.", "type": "object", "properties": { "allowCookies": { "default": true, "title": "Allowcookies", "type": "boolean" }, "allowOptions": { "default": false, "title": "Allowoptions", "type": "boolean" }, "authCacheDuration": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Authcacheduration" }, "authType": { "anyOf": [ { "$ref": "#/$defs/AuthType" }, { "type": "null" } ], "default": null }, "baseUrl": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Baseurl" }, "delegate": { "anyOf": [ { "$ref": "#/$defs/GafaelfawrIngressDelegate" }, { "type": "null" } ], "default": null }, "loginRedirect": { "default": false, "title": "Loginredirect", "type": "boolean" }, "onlyServices": { "anyOf": [ { "items": { "type": "string" }, "type": "array" }, { "type": "null" } ], "default": null, "title": "Onlyservices" }, "replace403": { "default": false, "title": "Replace403", "type": "boolean" }, "scopes": { "anyOf": [ { "$ref": "#/$defs/GafaelfawrIngressScopesAll" }, { "$ref": "#/$defs/GafaelfawrIngressScopesAny" }, { "$ref": "#/$defs/GafaelfawrIngressScopesAnonymous" } ], "title": "Scopes" }, "service": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Service" }, "userDomain": { "default": false, "title": "Userdomain", "type": "boolean" }, "username": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Username" } }, "$defs": { "AuthType": { "description": "Authentication types for the WWW-Authenticate header.", "enum": [ "basic", "bearer" ], "title": "AuthType", "type": "string" }, "GafaelfawrIngressDelegate": { "description": "Configuration for delegated tokens requested for a service.", "properties": { "notebook": { "anyOf": [ { "$ref": "#/$defs/GafaelfawrIngressDelegateNotebook" }, { "type": "null" } ], "default": null }, "internal": { "anyOf": [ { "$ref": "#/$defs/GafaelfawrIngressDelegateInternal" }, { "type": "null" } ], "default": null }, "minimumLifetime": { "anyOf": [ { "$ref": "#/$defs/SecondsTimedelta" }, { "type": "null" } ], "default": null }, "useAuthorization": { "default": false, "title": "Useauthorization", "type": "boolean" } }, "title": "GafaelfawrIngressDelegate", "type": "object" }, "GafaelfawrIngressDelegateInternal": { "description": "Configuration for a delegated internal token.", "properties": { "service": { "title": "Service", "type": "string" }, "scopes": { "items": { "type": "string" }, "title": "Scopes", "type": "array" } }, "required": [ "service", "scopes" ], "title": "GafaelfawrIngressDelegateInternal", "type": "object" }, "GafaelfawrIngressDelegateNotebook": { "description": "Configuration for a delegated notebook token.\n\nNotes\n-----\nThis model is currently empty and represents an empty dict on the\nKubernetes side, but it is still an object for parallelism with\n`GafaelfawrIngressDelegateInternal`. It may have parameters for notebook\ntokens in the future.", "properties": {}, "title": "GafaelfawrIngressDelegateNotebook", "type": "object" }, "GafaelfawrIngressScopesAll": { "additionalProperties": false, "description": "Represents scopes where all scopes are required.", "properties": { "all": { "items": { "type": "string" }, "title": "All", "type": "array" } }, "required": [ "all" ], "title": "GafaelfawrIngressScopesAll", "type": "object" }, "GafaelfawrIngressScopesAnonymous": { "additionalProperties": false, "description": "Represents anonymous access.", "properties": { "anonymous": { "const": true, "title": "Anonymous", "type": "boolean" } }, "required": [ "anonymous" ], "title": "GafaelfawrIngressScopesAnonymous", "type": "object" }, "GafaelfawrIngressScopesAny": { "additionalProperties": false, "description": "Represents scopes where any scope is sufficient.", "properties": { "any": { "items": { "type": "string" }, "title": "Any", "type": "array" } }, "required": [ "any" ], "title": "GafaelfawrIngressScopesAny", "type": "object" }, "SecondsTimedelta": { "format": "duration", "type": "string" } }, "required": [ "scopes" ] }
- Fields:
- Validators:
_validate_conflicts»all fields
- field allowCookies: bool = True (name 'allow_cookies')¶
Whether to allow cookie authentication to this ingress.
- Validated by:
_validate_conflicts
- field allowOptions: bool = False (name 'allow_options')¶
Whether to allow non-CORS preflight
OPTIONSrequests.- Validated by:
_validate_conflicts
- field authCacheDuration: str | None = None (name 'auth_cache_duration')¶
How long NGINX should cache the Gafaelfawr authorization response.
- Validated by:
_validate_conflicts
- field authType: AuthType | None = None (name 'auth_type')¶
Auth type of challenge for 401 responses.
- Validated by:
_validate_conflicts
- field baseUrl: str | None = None (name 'base_url')¶
Obsolete field, now ignored.
- Validated by:
_validate_conflicts
- field delegate: GafaelfawrIngressDelegate | None = None¶
Details of the requested delegated token, if any.
- Validated by:
_validate_conflicts
- field loginRedirect: bool = False (name 'login_redirect')¶
Whether to redirect unauthenticated users to the login flow.
- Validated by:
_validate_conflicts
- field onlyServices: list[str] | None = None (name 'only_services')¶
If non-empty, restrict to tokens issued by one of the services.
- Validated by:
_validate_conflicts
- field replace403: bool = False (name 'replace_403')¶
Obsolete field, now ignored.
- Validated by:
_validate_conflicts
- field scopes: GafaelfawrIngressScopesAll | GafaelfawrIngressScopesAny | GafaelfawrIngressScopesAnonymous [Required]¶
The scopes to require for access.
- Validated by:
_validate_conflicts
- field service: str | None = None¶
Name of the service this ingress is for.
- Validated by:
_validate_conflicts
- field userDomain: bool = False (name 'user_domain')¶
Restrict access to the user matching the last hostname component.
Used for per-user hostnames, such as the per-user domain names for JupyterLab pods.
- Validated by:
_validate_conflicts
- field username: str | None = None¶
Restrict access to the given user.
- Validated by:
_validate_conflicts