Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(&foo)) { ... }
POST /v1/computeeffectiveaccessscope
ComputeEffectiveAccessScope
Returns effective access scope based on the rules in the request. Does not persist anything; not idempotent due to possible changes to clusters and namespaces. POST is chosen due to potentially large payload. There are advantages in both keeping the response slim and detailed. If only IDs of selected clusters and namespaces are included, response latency and processing time are lower but the caller shall overlay the response with its view of the world which is susceptible to consistency issues. Listing all clusters and namespaces with related metadata is convenient for the caller but bloat the message with secondary data. We let the caller decide what level of detail they would like to have: - Minimal, when only roots of included subtrees are listed by their IDs. Clusters can be either INCLUDED (its namespaces are included but are not listed) or PARTIAL (at least one namespace is explicitly included). Namespaces can only be INCLUDED. - Standard [default], when all known clusters and namespaces are listed with their IDs and names. Clusters can be INCLUDED (all its namespaces are explicitly listed as INCLUDED), PARTIAL (all its namespaces are explicitly listed, some as INCLUDED and some as EXCLUDED), and EXCLUDED (all its namespaces are explicitly listed as EXCLUDED). Namespaces can be either INCLUDED or EXCLUDED. - High, when every cluster and namespace is augmented with metadata.
Code | Message | Datatype |
---|---|---|
200 |
A successful response. |
|
0 |
An unexpected error response. |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
simpleRules |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
code |
Integer |
int32 |
|||
message |
String |
||||
details |
List of ProtobufAny |
Any
contains an arbitrary serialized protocol buffer message along with a
URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...; Any any; any.PackFrom(foo); ... if (any.UnpackTo(&foo)) { ... }
Example 2: Pack and unpack a message in Java.
Foo foo = ...; Any any = Any.pack(foo); ... if (any.is(Foo.class)) { foo = any.unpack(Foo.class); } // or ... if (any.isSameTypeAs(Foo.getDefaultInstance())) { foo = any.unpack(Foo.getDefaultInstance()); }
Example 3: Pack and unpack a message in Python.
foo = Foo(...) any = Any() any.Pack(foo) ... if any.Is(Foo.DESCRIPTOR): any.Unpack(foo) ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...} any, err := anypb.New(foo) if err != nil { ... } ... foo := &pb.Foo{} if err := any.UnmarshalTo(foo); err != nil { ... }
The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
The JSON representation of an Any
value uses the regular
representation of the deserialized, embedded message, with an
additional field @type
which contains the type URL. Example:
package google.profile; message Person { string first_name = 1; string last_name = 2; }
{ "@type": "type.googleapis.com/google.profile.Person", "firstName": <string>, "lastName": <string> }
If the embedded message type is well-known and has a custom JSON
representation, that representation will be embedded adding a field
value
which holds the custom JSON in addition to the @type
field. Example (for message [google.protobuf.Duration][]):
{ "@type": "type.googleapis.com/google.protobuf.Duration", "value": "1.212s" }
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
@type |
String |
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in |
Each element of any repeated field is an individual rule. Rules are
joined by logical OR: if there exists a rule allowing resource x
,
x
is in the access scope.
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
includedClusters |
List of |
||||
includedNamespaces |
List of SimpleAccessScopeRulesNamespace |
||||
clusterLabelSelectors |
List of StorageSetBasedLabelSelector |
||||
namespaceLabelSelectors |
List of StorageSetBasedLabelSelector |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
clusterName |
String |
Both fields must be set. |
|||
namespaceName |
String |
EffectiveAccessScope describes which clusters and namespaces are "in scope" given current state. Basically, if AccessScope is applied to the currently known clusters and namespaces, the result is EffectiveAccessScope.
EffectiveAccessScope represents a tree with nodes marked as included and excluded. If a node is included, all its child nodes are included.
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
clusters |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
id |
String |
||||
name |
String |
||||
state |
UNKNOWN, INCLUDED, EXCLUDED, PARTIAL, |
||||
labels |
Map of |
||||
namespaces |
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
id |
String |
||||
name |
String |
||||
state |
UNKNOWN, INCLUDED, EXCLUDED, PARTIAL, |
||||
labels |
Map of |
SetBasedLabelSelector only allows set-based label requirements.
Next available tag: 3
Field Name | Required | Nullable | Type | Description | Format |
---|---|---|---|---|---|
requirements |