Skip to content

Commit

Permalink
init SecurityPolicy
Browse files Browse the repository at this point in the history
Signed-off-by: huabing zhao <[email protected]>
  • Loading branch information
zhaohuabing committed Oct 12, 2023
1 parent 76704d1 commit 1340d36
Show file tree
Hide file tree
Showing 11 changed files with 527 additions and 3 deletions.
68 changes: 68 additions & 0 deletions api/v1alpha1/securitypolicy_types.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
// Copyright Envoy Gateway Authors
// SPDX-License-Identifier: Apache-2.0
// The full text of the Apache license is available in the LICENSE file at
// the root of the repo.

package v1alpha1

import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
)

const (
// KindSecurityPolicy is the name of the SecurityPolicy kind.
KindSecurityPolicy = "SecurityPolicy"
)

// +kubebuilder:object:root=true
// +kubebuilder:subresource:status
// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Accepted")].reason`
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`

// SecurityPolicy allows the user to configure various security settings for a
// Gateway.
type SecurityPolicy struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

// Spec defines the desired state of SecurityPolicy.
Spec SecurityPolicySpec `json:"spec"`

// Status defines the current status of SecurityPolicy.
Status SecurityPolicyStatus `json:"status,omitempty"`
}

// SecurityPolicySpec defines the desired state of SecurityPolicy.
type SecurityPolicySpec struct {
// TargetRef is the name of the Gateway resource this policy
// is being attached to.
// This Policy and the TargetRef MUST be in the same namespace
// for this Policy to have effect and be applied to the Gateway.
// TargetRef
TargetRef gwapiv1a2.PolicyTargetReferenceWithSectionName `json:"targetRef"`
}

// SecurityPolicyStatus defines the state of SecurityPolicy
type SecurityPolicyStatus struct {
// Conditions describe the current conditions of the SecurityPolicy.
//
// +optional
// +listType=map
// +listMapKey=type
// +kubebuilder:validation:MaxItems=8
Conditions []metav1.Condition `json:"conditions,omitempty"`
}

//+kubebuilder:object:root=true

// SecurityPolicyList contains a list of SecurityPolicy resources.
type SecurityPolicyList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []SecurityPolicy `json:"items"`
}

func init() {
SchemeBuilder.Register(&SecurityPolicy{}, &SecurityPolicyList{})
}
97 changes: 97 additions & 0 deletions api/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions internal/gatewayapi/resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ type Resources struct {
ExtensionRefFilters []unstructured.Unstructured `json:"extensionRefFilters,omitempty" yaml:"extensionRefFilters,omitempty"`
EnvoyPatchPolicies []*egv1a1.EnvoyPatchPolicy `json:"envoyPatchPolicies,omitempty" yaml:"envoyPatchPolicies,omitempty"`
ClientTrafficPolicies []*egv1a1.ClientTrafficPolicy `json:"clientTrafficPolicies,omitempty" yaml:"clientTrafficPolicies,omitempty"`
SecurityPolicies []*egv1a1.SecurityPolicy `json:"securityPolicies,omitempty" yaml:"securityPolicies,omitempty"`
}

func NewResources() *Resources {
Expand All @@ -63,6 +64,7 @@ func NewResources() *Resources {
ExtensionRefFilters: []unstructured.Unstructured{},
EnvoyPatchPolicies: []*egv1a1.EnvoyPatchPolicy{},
ClientTrafficPolicies: []*egv1a1.ClientTrafficPolicy{},
SecurityPolicies: []*egv1a1.SecurityPolicy{},
}
}

Expand Down
6 changes: 5 additions & 1 deletion internal/gatewayapi/runner/runner.go
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,11 @@ func (r *Runner) subscribeAndTranslate(ctx context.Context) {
key := utils.NamespacedName(clientTrafficPolicy)
r.ProviderResources.ClientTrafficPolicyStatuses.Store(key, &clientTrafficPolicy.Status)
}

for _, securityPolicy := range result.SecurityPolicies {
securityPolicy := securityPolicy
key := utils.NamespacedName(securityPolicy)
r.ProviderResources.SecurityPolicyStatuses.Store(key, &securityPolicy.Status)
}
},
)
r.Logger.Info("shutting down")
Expand Down
Loading

0 comments on commit 1340d36

Please sign in to comment.