From 3acc7db370ed4fd9af0447aeff2415849fd44139 Mon Sep 17 00:00:00 2001 From: huabing zhao Date: Sat, 28 Oct 2023 09:24:49 +0800 Subject: [PATCH] fix XValidation Signed-off-by: huabing zhao --- api/v1alpha1/securitypolicy_types.go | 2 +- .../generated/gateway.envoyproxy.io_securitypolicies.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/api/v1alpha1/securitypolicy_types.go b/api/v1alpha1/securitypolicy_types.go index 21cac85398d..e5c60882003 100644 --- a/api/v1alpha1/securitypolicy_types.go +++ b/api/v1alpha1/securitypolicy_types.go @@ -37,7 +37,7 @@ type SecurityPolicy struct { // SecurityPolicySpec defines the desired state of SecurityPolicy. type SecurityPolicySpec struct { // +kubebuilder:validation:XValidation:rule="self.group == 'gateway.networking.k8s.io'", message="this policy can only have a targetRef.group of gateway.networking.k8s.io" - // +kubebuilder:validation:XValidation:rule="self.kind == 'Gateway'", message="this policy can only have a targetRef.kind of Gateway" + // +kubebuilder:validation:XValidation:rule="self.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute']", message="this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute" // +kubebuilder:validation:XValidation:rule="!has(self.sectionName)",message="this policy does not yet support the sectionName field" // // TargetRef is the name of the Gateway resource this policy diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml index 544e8dbe867..7fefb8b9d77 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml @@ -238,8 +238,8 @@ spec: x-kubernetes-validations: - message: this policy can only have a targetRef.group of gateway.networking.k8s.io rule: self.group == 'gateway.networking.k8s.io' - - message: this policy can only have a targetRef.kind of Gateway - rule: self.kind == 'Gateway' + - message: this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute + rule: self.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute'] - message: this policy does not yet support the sectionName field rule: '!has(self.sectionName)' required: