init SecurityPolicy

Signed-off-by: huabing zhao <[email protected]>

api/v1alpha1/securitypolicy_types.go

@@ -0,0 +1,68 @@
+// Copyright Envoy Gateway Authors
+// SPDX-License-Identifier: Apache-2.0
+// The full text of the Apache license is available in the LICENSE file at
+// the root of the repo.
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
+)
+
+const (
+	// KindSecurityPolicy is the name of the SecurityPolicy kind.
+	KindSecurityPolicy = "SecurityPolicy"
+)
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Accepted")].reason`
+// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
+
+// SecurityPolicy allows the user to configure various security settings for a
+// Gateway.
+type SecurityPolicy struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Spec defines the desired state of SecurityPolicy.
+	Spec SecurityPolicySpec `json:"spec"`
+
+	// Status defines the current status of SecurityPolicy.
+	Status SecurityPolicyStatus `json:"status,omitempty"`
+}
+
+// SecurityPolicySpec defines the desired state of SecurityPolicy.
+type SecurityPolicySpec struct {
+	// TargetRef is the name of the Gateway resource this policy
+	// is being attached to.
+	// This Policy and the TargetRef MUST be in the same namespace
+	// for this Policy to have effect and be applied to the Gateway.
+	// TargetRef
+	TargetRef gwapiv1a2.PolicyTargetReferenceWithSectionName `json:"targetRef"`
+}
+
+// SecurityPolicyStatus defines the state of SecurityPolicy
+type SecurityPolicyStatus struct {
+	// Conditions describe the current conditions of the SecurityPolicy.
+	//
+	// +optional
+	// +listType=map
+	// +listMapKey=type
+	// +kubebuilder:validation:MaxItems=8
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// SecurityPolicyList contains a list of SecurityPolicy resources.
+type SecurityPolicyList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []SecurityPolicy `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&SecurityPolicy{}, &SecurityPolicyList{})
+}

internal/gatewayapi/resource.go

@@ -47,6 +47,7 @@ type Resources struct {
 	EnvoyPatchPolicies     []*egv1a1.EnvoyPatchPolicy     `json:"envoyPatchPolicies,omitempty" yaml:"envoyPatchPolicies,omitempty"`
 	ClientTrafficPolicies  []*egv1a1.ClientTrafficPolicy  `json:"clientTrafficPolicies,omitempty" yaml:"clientTrafficPolicies,omitempty"`
 	BackendTrafficPolicies []*egv1a1.BackendTrafficPolicy `json:"backendTrafficPolicies,omitempty" yaml:"backendTrafficPolicies,omitempty"`
+	SecurityPolicies       []*egv1a1.SecurityPolicy       `json:"securityPolicies,omitempty" yaml:"securityPolicies,omitempty"`
 }
 
 func NewResources() *Resources {
@@ -66,6 +67,7 @@ func NewResources() *Resources {
 		EnvoyPatchPolicies:     []*egv1a1.EnvoyPatchPolicy{},
 		ClientTrafficPolicies:  []*egv1a1.ClientTrafficPolicy{},
 		BackendTrafficPolicies: []*egv1a1.BackendTrafficPolicy{},
+		SecurityPolicies:       []*egv1a1.SecurityPolicy{},
 	}
 }
 

internal/gatewayapi/runner/runner.go

@@ -157,7 +157,11 @@ func (r *Runner) subscribeAndTranslate(ctx context.Context) {
 				key := utils.NamespacedName(backendTrafficPolicy)
 				r.ProviderResources.BackendTrafficPolicyStatuses.Store(key, &backendTrafficPolicy.Status)
 			}
-
+			for _, securityPolicy := range result.SecurityPolicies {
+				securityPolicy := securityPolicy
+				key := utils.NamespacedName(securityPolicy)
+				r.ProviderResources.SecurityPolicyStatuses.Store(key, &securityPolicy.Status)
+			}
 		},
 	)
 	r.Logger.Info("shutting down")