docs: update AuthPolicy doc with defaults field

Kuadrant · Apr 2, 2024 · 00a0343 · 00a0343
1 parent bf908a2
commit 00a0343
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/doc/reference/authpolicy.md b/doc/reference/authpolicy.md
@@ -12,6 +12,7 @@
         - [SuccessResponseItem](#successresponseitem)
     - [CallbackRule](#callbackrule)
   - [NamedPattern](#namedpattern)
+  - [AuthPolicyCommonSpec](#authPolicyCommonSpec)
 - [AuthPolicyStatus](#authpolicystatus)
   - [ConditionSpec](#conditionspec)
 
@@ -24,9 +25,20 @@
 
 ## AuthPolicySpec
 
+| **Field**        | **Type**                                                                                                                                    | **Required** | **Description**                                                                                                                                                                                                                                                                                 |
+|------------------|---------------------------------------------------------------------------------------------------------------------------------------------|--------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `targetRef`      | [PolicyTargetReference](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.PolicyTargetReference) | Yes          | Reference to a Kuberentes resource that the policy attaches to                                                                                                                                                                                                                                  |
+| `rules`          | [AuthScheme](#authscheme)                                                                                                                   | No           | Implicit default authentication/authorization rules                                                                                                                                                                                                                                             |
+| `routeSelectors` | [][RouteSelector](route-selectors.md#routeselector)                                                                                         | No           | List of implicit default selectors of HTTPRouteRules whose matching rules activate the policy. At least one HTTPRouteRule must be selected to activate the policy. If omitted, all HTTPRouteRules of the targeted HTTPRoute activate the policy. Do not use it in policies targeting a Gateway. |
+| `patterns`       | Map<String: [NamedPattern](#namedpattern)>                                                                                                  | No           | Implicit default named patterns of lists of `selector`, `operator` and `value` tuples, to be reused in `when` conditions and pattern-matching authorization rules.                                                                                                                              |
+| `when`           | [][PatternExpressionOrRef](https://docs.kuadrant.io/authorino/docs/features/#common-feature-conditions-when)                                | No           | List of implicit default additional dynamic conditions (expressions) to activate the policy. Use it for filtering attributes that cannot be expressed in the targeted HTTPRoute's `spec.hostnames` and `spec.rules.matches` fields, or when targeting a Gateway.                                |
+| `defaults`       | [AuthPolicyCommonSpec](#authPolicyCommonSpec)                                                                                               | No           | Explicit default definitions. This field is mutually exclusive with any of the implicit default definitions: `spec.rules`, `spec.routeSelectors`, `spec.patterns`, `spec.when`                                                                                                                  |
+
+
+## AuthPolicyCommonSpec
+
 | **Field**        | **Type**                                                                                                                                    | **Required** | **Description**                                                                                                                                                                                                                                                                |
 |------------------|---------------------------------------------------------------------------------------------------------------------------------------------|--------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `targetRef`      | [PolicyTargetReference](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.PolicyTargetReference) | Yes          | Reference to a Kuberentes resource that the policy attaches to                                                                                                                                                                                                                 |
 | `rules`          | [AuthScheme](#authscheme)                                                                                                                   | No           | Authentication/authorization rules                                                                                                                                                                                                                                             |
 | `routeSelectors` | [][RouteSelector](route-selectors.md#routeselector)                                                                                         | No           | List of selectors of HTTPRouteRules whose matching rules activate the policy. At least one HTTPRouteRule must be selected to activate the policy. If omitted, all HTTPRouteRules of the targeted HTTPRoute activate the policy. Do not use it in policies targeting a Gateway. |
 | `patterns`       | Map<String: [NamedPattern](#namedpattern)>                                                                                                  | No           | Named patterns of lists of `selector`, `operator` and `value` tuples, to be reused in `when` conditions and pattern-matching authorization rules.                                                                                                                              |