Skip to content

Commit a169fa2

Browse files
author
Zijun Wang
committed
Add IamAuthPolicy doc
1 parent 25621d0 commit a169fa2

File tree

1 file changed

+176
-0
lines changed

1 file changed

+176
-0
lines changed

docs/reference/iam-auth-policy.md

Lines changed: 176 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,176 @@
1+
# IAMAuthPolicy API Reference
2+
3+
## Introduction
4+
5+
VPC Lattice auth policies are IAM policy documents that you attach to service networks or services to control whether a specified principal has access to a group of services or specific service (AuthZ).
6+
By attaching Kubernetes IAMAuthPolicy CRD to the k8s gateway or k8s route, you could apply auth policy to corresponding VPC Lattice service network or VPC Lattice service that you want to control access.
7+
Please check [VPC Lattice auth policy documentation](https://docs.aws.amazon.com/vpc-lattice/latest/ug/auth-policies.html) for more details.
8+
9+
10+
## API Specification
11+
12+
<h3 id="application-networking.k8s.aws/v1alpha1.IAMAuthPolicy">IAMAuthPolicy</h3>
13+
<div></div>
14+
<table>
15+
<thead>
16+
<tr>
17+
<th>Field</th>
18+
<th>Description</th>
19+
</tr>
20+
</thead>
21+
<tbody>
22+
<tr>
23+
<td>
24+
<code>metadata</code><br/>
25+
<em>
26+
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#objectmeta-v1-meta">
27+
Kubernetes meta/v1.ObjectMeta
28+
</a>
29+
</em>
30+
</td>
31+
<td>
32+
Refer to the Kubernetes API documentation for the fields of the
33+
<code>metadata</code> field.
34+
</td>
35+
</tr>
36+
<tr>
37+
<td>
38+
<code>spec</code><br/>
39+
<em>
40+
<a href="#application-networking.k8s.aws/v1alpha1.IAMAuthPolicySpec">
41+
IAMAuthPolicySpec
42+
</a>
43+
</em>
44+
</td>
45+
<td>
46+
<br/>
47+
<br/>
48+
<table>
49+
<tr>
50+
<td>
51+
<code>policy</code><br/>
52+
<em>
53+
string
54+
</em>
55+
</td>
56+
<td>
57+
<p>IAM auth policy content. It is a JSON string that uses the same syntax as AWS IAM policies. Please check the VPC Lattice documentation to get <a href="https://docs.aws.amazon.com/vpc-lattice/latest/ug/auth-policies.html#auth-policies-common-elements">the common elements in an auth policy</a></p>
58+
</td>
59+
</tr>
60+
<tr>
61+
<td>
62+
<code>targetRef</code><br/>
63+
<em>
64+
sigs.k8s.io/gateway-api/apis/v1alpha2.PolicyTargetReference
65+
</em>
66+
</td>
67+
<td>
68+
<p>TargetRef points to the Kubernetes Gateway, HTTPRoute, or GRPCRoute resource that will have this policy attached.</p>
69+
<p>This field is following the guidelines of Kubernetes Gateway API policy attachment.</p>
70+
</td>
71+
</tr>
72+
</table>
73+
</td>
74+
</tr>
75+
<tr>
76+
<td>
77+
<code>status</code><br/>
78+
<em>
79+
<a href="#application-networking.k8s.aws/v1alpha1.IAMAuthPolicyStatus">
80+
IAMAuthPolicyStatus
81+
</a>
82+
</em>
83+
</td>
84+
<td>
85+
<p>Status defines the current state of IAMAuthPolicy.</p>
86+
</td>
87+
</tr>
88+
</tbody>
89+
</table>
90+
<h3 id="application-networking.k8s.aws/v1alpha1.IAMAuthPolicySpec">IAMAuthPolicySpec</h3>
91+
<p>
92+
(<em>Appears on:</em><a href="#application-networking.k8s.aws/v1alpha1.IAMAuthPolicy">IAMAuthPolicy</a>)
93+
</p>
94+
<div>
95+
<p>IAMAuthPolicySpec defines the desired state of IAMAuthPolicy.
96+
When the controller handles IAMAuthPolicy creation, if the targetRef k8s and VPC Lattice resource exists, the controller will change the auth_type of that VPC Lattice resource to AWS_IAM and attach this policy.
97+
When the controller handles IAMAuthPolicy deletion, if the targetRef k8s and VPC Lattice resource exists, the controller will change the auth_type of that VPC Lattice resource to NONE and detach this policy.
98+
</p>
99+
</div>
100+
<table>
101+
<thead>
102+
<tr>
103+
<th>Field</th>
104+
<th>Description</th>
105+
</tr>
106+
</thead>
107+
<tbody>
108+
<tr>
109+
<td>
110+
<code>policy</code><br/>
111+
<em>
112+
string
113+
</em>
114+
</td>
115+
<td>
116+
<p>IAM auth policy content. It is a JSON string that uses the same syntax as AWS IAM policies. Please check the VPC Lattice documentation to get <a href="https://docs.aws.amazon.com/vpc-lattice/latest/ug/auth-policies.html#auth-policies-common-elements">the common elements in an auth policy</a></p>
117+
</td>
118+
</tr>
119+
<tr>
120+
<td>
121+
<code>targetRef</code><br/>
122+
<em>
123+
sigs.k8s.io/gateway-api/apis/v1alpha2.PolicyTargetReference
124+
</em>
125+
</td>
126+
<td>
127+
<p>TargetRef points to the Kubernetes Gateway, HTTPRoute, or GRPCRoute resource that will have this policy attached.</p>
128+
<p>This field is following the guidelines of Kubernetes Gateway API policy attachment.</p>
129+
</td>
130+
</tr>
131+
</tbody>
132+
</table>
133+
<h3 id="application-networking.k8s.aws/v1alpha1.IAMAuthPolicyStatus">IAMAuthPolicyStatus</h3>
134+
<p>
135+
(<em>Appears on:</em><a href="#application-networking.k8s.aws/v1alpha1.IAMAuthPolicy">IAMAuthPolicy</a>)
136+
</p>
137+
<div>
138+
<p>IAMAuthPolicyStatus defines the observed state of IAMAuthPolicy.</p>
139+
</div>
140+
<table>
141+
<thead>
142+
<tr>
143+
<th>Field</th>
144+
<th>Description</th>
145+
</tr>
146+
</thead>
147+
<tbody>
148+
<tr>
149+
<td>
150+
<code>conditions</code><br/>
151+
<em>
152+
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#condition-v1-meta">
153+
[]Kubernetes meta/v1.Condition
154+
</a>
155+
</em>
156+
</td>
157+
<td>
158+
<em>(Optional)</em>
159+
<p>Conditions describe the current conditions of the IAMAuthPolicy.</p>
160+
<p>Implementations should prefer to express Policy conditions
161+
using the <code>PolicyConditionType</code> and <code>PolicyConditionReason</code>
162+
constants so that operators and tools can converge on a common
163+
vocabulary to describe IAMAuthPolicy state.
164+
</p>
165+
<p>Known condition types are:</p>
166+
<ul>
167+
<li>&ldquo;Accepted&rdquo;</li>
168+
<li>&ldquo;Ready&rdquo;</li>
169+
</ul>
170+
</td>
171+
</tr>
172+
</tbody>
173+
</table>
174+
175+
176+

0 commit comments

Comments
 (0)