canonical_service_mesh.models.istio

Istio-specific models.

Classes

AuthorizationPolicySpec	AuthorizationPolicySpec defines the structure of an Istio AuthorizationPolicy Kubernetes resource.
ClaimToHeader	ClaimToHeader maps a JWT claim to a request header.
Condition	Condition defines the condition for the rule.
From	From defines the source of the policy.
FromHeader	FromHeader specifies a header location from which to extract a JWT.
JWTRule	JWTRule defines a JWT validation rule for RequestAuthentication.
Operation	Operation defines the operation of the To model.
PolicyTargetReference	PolicyTargetReference defines the target of the policy for waypoint bound policies.
Provider	Provider defines the extension provider for the policy.
RequestAuthenticationSpec	RequestAuthenticationSpec defines the spec of an Istio RequestAuthentication resource.
Rule	Rule defines a policy rule.
Source	Source defines the source of the policy.
To	To defines the destination of the policy.
WorkloadSelector	WorkloadSelector defines the target of the policy for ztunnel bound policies.

Package Contents

class canonical_service_mesh.models.istio.AuthorizationPolicySpec

Bases: pydantic.BaseModel

AuthorizationPolicySpec defines the structure of an Istio AuthorizationPolicy Kubernetes resource.

validate_provider_action()

Validate that CUSTOM action must be set when specifying extension providers.

validate_target()

Validate that at most one of targetRefs and selector is defined.

action: canonical_service_mesh.enums.Action

provider: Provider | None

rules: List[Rule] | None = None

selector: WorkloadSelector | None

targetRefs: List[PolicyTargetReference] | None

class canonical_service_mesh.models.istio.ClaimToHeader

Bases: pydantic.BaseModel

ClaimToHeader maps a JWT claim to a request header.

claim: str

header: str

class canonical_service_mesh.models.istio.Condition

Bases: pydantic.BaseModel

Condition defines the condition for the rule.

key: str

notValues: List[str] | None = None

values: List[str] | None = None

class canonical_service_mesh.models.istio.From

Bases: pydantic.BaseModel

From defines the source of the policy.

source: Source

class canonical_service_mesh.models.istio.FromHeader

Bases: pydantic.BaseModel

FromHeader specifies a header location from which to extract a JWT.

name: str

prefix: str | None = None

class canonical_service_mesh.models.istio.JWTRule

Bases: pydantic.BaseModel

JWTRule defines a JWT validation rule for RequestAuthentication.

audiences: List[str] | None = None

forwardOriginalToken: bool | None = None

fromHeaders: List[FromHeader] | None = None

issuer: str

jwksUri: str | None = None

outputClaimToHeaders: List[ClaimToHeader] | None = None

class canonical_service_mesh.models.istio.Operation

Bases: pydantic.BaseModel

Operation defines the operation of the To model.

hosts: List[str] | None = None

methods: List[canonical_service_mesh.enums.Method] | None = None

notHosts: List[str] | None = None

notMethods: List[canonical_service_mesh.enums.Method] | None = None

notPaths: List[str] | None = None

paths: List[str] | None = None

ports: List[str] | None = None

class canonical_service_mesh.models.istio.PolicyTargetReference

Bases: pydantic.BaseModel

PolicyTargetReference defines the target of the policy for waypoint bound policies.

group: str

kind: str

name: str

namespace: str | None = None

class canonical_service_mesh.models.istio.Provider

Bases: pydantic.BaseModel

Provider defines the extension provider for the policy.

name: str | None = None

class canonical_service_mesh.models.istio.RequestAuthenticationSpec

Bases: pydantic.BaseModel

RequestAuthenticationSpec defines the spec of an Istio RequestAuthentication resource.

validate_target()

Validate that at most one of targetRefs and selector is defined.

jwtRules: List[JWTRule] | None = None

selector: canonical_service_mesh.models.istio._policy.WorkloadSelector | None

targetRefs: List[canonical_service_mesh.models.istio._policy.PolicyTargetReference] | None

class canonical_service_mesh.models.istio.Rule

Bases: pydantic.BaseModel

Rule defines a policy rule.

from_: List[From] | None

model_config

to: List[To] | None = None

when: List[Condition] | None = None

class canonical_service_mesh.models.istio.Source

Bases: pydantic.BaseModel

Source defines the source of the policy.

ipBlocks: List[str] | None = None

namespaces: List[str] | None = None

notIpBlocks: List[str] | None = None

notPrincipals: List[str] | None = None

notRequestPrincipals: List[str] | None = None

principals: List[str] | None = None

requestPrincipals: List[str] | None = None

class canonical_service_mesh.models.istio.To

Bases: pydantic.BaseModel

To defines the destination of the policy.

operation: Operation | None = None

class canonical_service_mesh.models.istio.WorkloadSelector

Bases: pydantic.BaseModel

WorkloadSelector defines the target of the policy for ztunnel bound policies.

matchLabels: Dict[str, str]