From acfea5489a3ea7a71ce3fc57567de0d3cd7143fa Mon Sep 17 00:00:00 2001 From: Guy Daich Date: Wed, 29 Jan 2025 13:24:16 -0600 Subject: [PATCH] use gw-api style for namespace selector Signed-off-by: Guy Daich --- api/v1alpha1/policy_helpers.go | 23 ++++++---- api/v1alpha1/zz_generated.deepcopy.go | 36 ++++++++-------- ....envoyproxy.io_backendtrafficpolicies.yaml | 18 ++++---- ...y.envoyproxy.io_clienttrafficpolicies.yaml | 18 ++++---- ....envoyproxy.io_envoyextensionpolicies.yaml | 18 ++++---- ...ateway.envoyproxy.io_securitypolicies.yaml | 18 ++++---- site/content/en/latest/api/extension_types.md | 42 ++++++++++++------- site/content/zh/latest/api/extension_types.md | 42 ++++++++++++------- 8 files changed, 134 insertions(+), 81 deletions(-) diff --git a/api/v1alpha1/policy_helpers.go b/api/v1alpha1/policy_helpers.go index 64dab444497..57f6ba92003 100644 --- a/api/v1alpha1/policy_helpers.go +++ b/api/v1alpha1/policy_helpers.go @@ -38,19 +38,28 @@ type TargetSelector struct { // MatchLabels are the set of label selectors for identifying the targeted resource MatchLabels map[string]string `json:"matchLabels"` - // NamespaceSelector determines if the label selectors specified in MatchLabels are applied in - // the policy namespace or across all namespaces. + // Namespaces determines if the resource from all namespaces or the current namespace + // are considered when matching by label selectors specified in MatchLabels. // Note: when referencing targets in a different namespace, appropriate ReferenceGrants must be // configured to allow the selection. // +optional // +notImplementedHide - NamespaceSelector *NamespaceSelector `json:"namespaceSelector,omitempty"` + Namespaces *TargetSelectorNamespaces `json:"namespaces,omitempty"` } -// NamespaceSelector is a selector for selecting either all namespaces or the current namespace. -type NamespaceSelector struct { - // Boolean describing whether all namespaces are selected. - Any bool `json:"any,omitempty"` +type FromNamespaces string + +const ( + // FromNamespacesAll indicates that the target selector should apply to targets from all namespaces + FromNamespacesAll FromNamespaces = "All" +) + +// TargetSelectorNamespaces determines which namespaces are used when selecting policy targets. +type TargetSelectorNamespaces struct { + // Indicates where targets would be selected for the Policy's TargetSelector. + // +kubebuilder:validation:Enum=All + // +kubebuilder:validation:Required + FromNamespaces FromNamespaces `json:"omitempty"` } func (p PolicyTargetReferences) GetTargetRefs() []gwapiv1a2.LocalPolicyTargetReferenceWithSectionName { diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 02e7e07241d..75047bc0311 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -4010,21 +4010,6 @@ func (in *Lua) DeepCopy() *Lua { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NamespaceSelector) DeepCopyInto(out *NamespaceSelector) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceSelector. -func (in *NamespaceSelector) DeepCopy() *NamespaceSelector { - if in == nil { - return nil - } - out := new(NamespaceSelector) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OIDC) DeepCopyInto(out *OIDC) { *out = *in @@ -5677,9 +5662,9 @@ func (in *TargetSelector) DeepCopyInto(out *TargetSelector) { (*out)[key] = val } } - if in.NamespaceSelector != nil { - in, out := &in.NamespaceSelector, &out.NamespaceSelector - *out = new(NamespaceSelector) + if in.Namespaces != nil { + in, out := &in.Namespaces, &out.Namespaces + *out = new(TargetSelectorNamespaces) **out = **in } } @@ -5694,6 +5679,21 @@ func (in *TargetSelector) DeepCopy() *TargetSelector { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TargetSelectorNamespaces) DeepCopyInto(out *TargetSelectorNamespaces) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetSelectorNamespaces. +func (in *TargetSelectorNamespaces) DeepCopy() *TargetSelectorNamespaces { + if in == nil { + return nil + } + out := new(TargetSelectorNamespaces) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Timeout) DeepCopyInto(out *Timeout) { *out = *in diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml index 3f667a48f61..e94df2112d4 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml @@ -1504,17 +1504,21 @@ spec: description: MatchLabels are the set of label selectors for identifying the targeted resource type: object - namespaceSelector: + namespaces: description: |- - NamespaceSelector determines if the label selectors specified in MatchLabels are applied in - the policy namespace or across all namespaces. + Namespaces determines if the resource from all namespaces or the current namespace + are considered when matching by label selectors specified in MatchLabels. Note: when referencing targets in a different namespace, appropriate ReferenceGrants must be configured to allow the selection. properties: - any: - description: Boolean describing whether all namespaces are - selected. - type: boolean + omitempty: + description: Indicates where targets would be selected for + the Policy's TargetSelector. + enum: + - All + type: string + required: + - omitempty type: object required: - kind diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml index 703be1862cd..5a71e6cedea 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml @@ -614,17 +614,21 @@ spec: description: MatchLabels are the set of label selectors for identifying the targeted resource type: object - namespaceSelector: + namespaces: description: |- - NamespaceSelector determines if the label selectors specified in MatchLabels are applied in - the policy namespace or across all namespaces. + Namespaces determines if the resource from all namespaces or the current namespace + are considered when matching by label selectors specified in MatchLabels. Note: when referencing targets in a different namespace, appropriate ReferenceGrants must be configured to allow the selection. properties: - any: - description: Boolean describing whether all namespaces are - selected. - type: boolean + omitempty: + description: Indicates where targets would be selected for + the Policy's TargetSelector. + enum: + - All + type: string + required: + - omitempty type: object required: - kind diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml index 7ff4b13bd95..cbd45bed279 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml @@ -1197,17 +1197,21 @@ spec: description: MatchLabels are the set of label selectors for identifying the targeted resource type: object - namespaceSelector: + namespaces: description: |- - NamespaceSelector determines if the label selectors specified in MatchLabels are applied in - the policy namespace or across all namespaces. + Namespaces determines if the resource from all namespaces or the current namespace + are considered when matching by label selectors specified in MatchLabels. Note: when referencing targets in a different namespace, appropriate ReferenceGrants must be configured to allow the selection. properties: - any: - description: Boolean describing whether all namespaces are - selected. - type: boolean + omitempty: + description: Indicates where targets would be selected for + the Policy's TargetSelector. + enum: + - All + type: string + required: + - omitempty type: object required: - kind diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml index 6b5ea1fbcc0..9b0419cf2fd 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml @@ -4413,17 +4413,21 @@ spec: description: MatchLabels are the set of label selectors for identifying the targeted resource type: object - namespaceSelector: + namespaces: description: |- - NamespaceSelector determines if the label selectors specified in MatchLabels are applied in - the policy namespace or across all namespaces. + Namespaces determines if the resource from all namespaces or the current namespace + are considered when matching by label selectors specified in MatchLabels. Note: when referencing targets in a different namespace, appropriate ReferenceGrants must be configured to allow the selection. properties: - any: - description: Boolean describing whether all namespaces are - selected. - type: boolean + omitempty: + description: Indicates where targets would be selected for + the Policy's TargetSelector. + enum: + - All + type: string + required: + - omitempty type: object required: - kind diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index 4adf1c8b750..af759c14508 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -1801,6 +1801,20 @@ _Appears in:_ | `after` | _[EnvoyFilter](#envoyfilter)_ | true | | After defines the filter that should come after the filter.
Only one of Before or After must be set. | +#### FromNamespaces + +_Underlying type:_ _string_ + + + +_Appears in:_ +- [TargetSelectorNamespaces](#targetselectornamespaces) + +| Value | Description | +| ----- | ----------- | +| `All` | FromNamespacesAll indicates that the target selector should apply to targets from all namespaces
| + + #### GRPCActiveHealthChecker @@ -2898,20 +2912,6 @@ _Appears in:_ | `OpenTelemetry` | | -#### NamespaceSelector - - - -NamespaceSelector is a selector for selecting either all namespaces or the current namespace. - -_Appears in:_ -- [TargetSelector](#targetselector) - -| Field | Type | Required | Default | Description | -| --- | --- | --- | --- | --- | -| `any` | _boolean_ | true | | Boolean describing whether all namespaces are selected. | - - #### OIDC @@ -4318,6 +4318,20 @@ _Appears in:_ | `matchLabels` | _object (keys:string, values:string)_ | true | | MatchLabels are the set of label selectors for identifying the targeted resource | +#### TargetSelectorNamespaces + + + +TargetSelectorNamespaces determines which namespaces are used when selecting policy targets. + +_Appears in:_ +- [TargetSelector](#targetselector) + +| Field | Type | Required | Default | Description | +| --- | --- | --- | --- | --- | +| `omitempty` | _[FromNamespaces](#fromnamespaces)_ | true | | Indicates where targets would be selected for the Policy's TargetSelector. | + + #### Timeout diff --git a/site/content/zh/latest/api/extension_types.md b/site/content/zh/latest/api/extension_types.md index 4adf1c8b750..af759c14508 100644 --- a/site/content/zh/latest/api/extension_types.md +++ b/site/content/zh/latest/api/extension_types.md @@ -1801,6 +1801,20 @@ _Appears in:_ | `after` | _[EnvoyFilter](#envoyfilter)_ | true | | After defines the filter that should come after the filter.
Only one of Before or After must be set. | +#### FromNamespaces + +_Underlying type:_ _string_ + + + +_Appears in:_ +- [TargetSelectorNamespaces](#targetselectornamespaces) + +| Value | Description | +| ----- | ----------- | +| `All` | FromNamespacesAll indicates that the target selector should apply to targets from all namespaces
| + + #### GRPCActiveHealthChecker @@ -2898,20 +2912,6 @@ _Appears in:_ | `OpenTelemetry` | | -#### NamespaceSelector - - - -NamespaceSelector is a selector for selecting either all namespaces or the current namespace. - -_Appears in:_ -- [TargetSelector](#targetselector) - -| Field | Type | Required | Default | Description | -| --- | --- | --- | --- | --- | -| `any` | _boolean_ | true | | Boolean describing whether all namespaces are selected. | - - #### OIDC @@ -4318,6 +4318,20 @@ _Appears in:_ | `matchLabels` | _object (keys:string, values:string)_ | true | | MatchLabels are the set of label selectors for identifying the targeted resource | +#### TargetSelectorNamespaces + + + +TargetSelectorNamespaces determines which namespaces are used when selecting policy targets. + +_Appears in:_ +- [TargetSelector](#targetselector) + +| Field | Type | Required | Default | Description | +| --- | --- | --- | --- | --- | +| `omitempty` | _[FromNamespaces](#fromnamespaces)_ | true | | Indicates where targets would be selected for the Policy's TargetSelector. | + + #### Timeout