generated from kubernetes/kubernetes-template-project
-
Notifications
You must be signed in to change notification settings - Fork 468
/
policy_types.go
122 lines (104 loc) · 4.76 KB
/
policy_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
/*
Copyright 2021 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha2
const (
// PolicyLabelKey is the label whose presence identifies a CRD that the
// Gateway API Policy attachment model. The value of the label SHOULD be one
// of the following:
// - A label value of "Inherited" indicates that this Policy is inheritable.
// An example of inheritable policy is one which if applied at the Gateway
// level would affect all attached HTTPRoutes and their respective
// Backends.
// - A label value of "Direct" indicates that the policy only affects the
// resource to which it is attached and does not affect it's sub resources.
PolicyLabelKey = "gateway.networking.k8s.io/policy"
)
// PolicyTargetReference identifies an API object to apply a direct or
// inherited policy to. This should be used as part of Policy resources
// that can target Gateway API resources. For more information on how this
// policy attachment model works, and a sample Policy resource, refer to
// the policy attachment documentation for Gateway API.
type PolicyTargetReference struct {
// Group is the group of the target resource.
Group Group `json:"group"`
// Kind is kind of the target resource.
Kind Kind `json:"kind"`
// Name is the name of the target resource.
Name ObjectName `json:"name"`
// Namespace is the namespace of the referent. When unspecified, the local
// namespace is inferred. Even when policy targets a resource in a different
// namespace, it MUST only apply to traffic originating from the same
// namespace as the policy.
//
// +optional
Namespace *Namespace `json:"namespace,omitempty"`
}
// PolicyTargetReferenceWithSectionName identifies an API object to apply a direct
// policy to. This should be used as part of Policy resources that can target
// single resources. For more information on how this policy attachment mode
// works, and a sample Policy resource, refer to the policy attachment documentation
// for Gateway API.
//
// Note: This should only be used for direct policy attachment when references
// to SectionName are actually needed. In all other cases, PolicyTargetReference
// should be used.
type PolicyTargetReferenceWithSectionName struct {
PolicyTargetReference `json:",inline"`
// SectionName is the name of a section within the target resource. When
// unspecified, this targetRef targets the entire resource. In the following
// resources, SectionName is interpreted as the following:
//
// * Gateway: Listener Name
// * Service: Port Name
//
// If a SectionName is specified, but does not exist on the targeted object,
// the Policy must fail to attach, and the policy implementation should record
// a `ResolvedRefs` or similar Condition in the Policy's status.
//
// +optional
SectionName *SectionName `json:"sectionName,omitempty"`
}
// PolicyConditionType is a type of condition for a policy. This type should be
// used with a Policy resource Status.Conditions field.
type PolicyConditionType string
// PolicyConditionReason is a reason for a policy condition.
type PolicyConditionReason string
const (
// PolicyConditionAccepted indicates whether the policy has been accepted or
// rejected by a targeted resource, and why.
//
// Possible reasons for this condition to be True are:
//
// * "Accepted"
//
// Possible reasons for this condition to be False are:
//
// * "Conflicted"
// * "Invalid"
// * "TargetNotFound"
//
PolicyConditionAccepted PolicyConditionType = "Accepted"
// PolicyReasonAccepted is used with the "Accepted" condition when the policy
// has been accepted by the targeted resource.
PolicyReasonAccepted PolicyConditionReason = "Accepted"
// PolicyReasonConflicted is used with the "Accepted" condition when the
// policy has not been accepted by a targeted resource because there is
// another policy that targets the same resource and a merge is not possible.
PolicyReasonConflicted PolicyConditionReason = "Conflicted"
// PolicyReasonInvalid is used with the "Accepted" condition when the policy
// is syntactically or semantically invalid.
PolicyReasonInvalid PolicyConditionReason = "Invalid"
// PolicyReasonTargetNotFound is used with the "Accepted" condition when the
// policy is attached to an invalid target resource.
PolicyReasonTargetNotFound PolicyConditionReason = "TargetNotFound"
)