Portal authorization
This tutorial explains how to set up and grant access to API Portals.
Introduction¶
In this tutorial, you will learn how to set up and grant user access to API Portals.
This tutorial assumes that you followed the tutorial about how to publish APIs from CRDs
1. User management¶
For this tutorial, you will add a new user called Kim Yeast and this user will be part of the user group support.
Head over to the dashboard overview and add the new user by selecting Create user.
Fill out the form, make sure to add the user to the group support and select Create
If the group does not exist, select Create new User Group and create the group.
Copy the URL shown in the pop-up into your clipboard, open the URL in a new browser tab and fill in a secure password.
Check that the user is created and is assigned to the group support
2. Portal settings¶
After you validated that the user is created and assigned to the right group, head over to the Portal overview and select your API Portal which is assigned to the APIs.
Here you can see that the user group support has access to two APIs, the flight and the ticket API.
API Portal access policies are bind to the APIAccess CRD.
Once you created a user and assigned the user to a user group, you have to appoint the user group to an API.
For quick testing, you can do that through the UI by adjusting the label settings.
For production environments, it is recommended to assign labels via the APIAccess CRD. Adjustments done in the UI will be overwritten next time you redeploy the APIAccess CRD!
3. APIAccess¶
---
apiVersion: hub.traefik.io/v1alpha1
kind: APIAccess
metadata:
name: custom-pick
spec:
groups:
- support
apiSelector:
matchExpressions:
- key: area
operator: In
values:
- flights
- ticketsSummary¶
In this tutorial, you learned how to:
- Add user and create groups
- Add a user group to APIs (API access control)