Skip to content

Commit

Permalink
add comments
Browse files Browse the repository at this point in the history 
Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
  • Loading branch information
@zhaohuabing
zhaohuabing committed May 8, 2024
1 parent ca5852c commit b96bdc0
Show file tree
Hide file tree
Showing 4 changed files with 76 additions and 33 deletions.
5 changes: 4 additions & 1 deletion api/v1alpha1/authorization_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,19 +8,22 @@ package v1alpha1
// Authorization defines the authorization configuration.
type Authorization struct {
// Rules contains all the authorization rules.
// Rules are evaluated in order, the first matching rule will be applied.
//
// +kubebuilder:validation:MinItems=1
Rules []Rule `json:"rules,omitempty"`
}

// Rule defines the single authorization rule.
type Rule struct {
// Action defines the action to be taken if the rule matches.
Action RuleActionType `json:"action"`

// Policies contains the list of authorization policies.
Policies []Policy `json:"policies"`
}

// Rule defines the single authorization rule.
// Policy defines the authorization policy.
type Policy struct {
// Subject contains the subject configuration.
// If empty, all subjects are included.
Expand Down
36 changes: 26 additions & 10 deletions api/v1alpha1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

44 changes: 27 additions & 17 deletions charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,9 @@ spec:
description: Authorization defines the authorization configuration.
properties:
rules:
description: Rules contains all the authorization rules.
description: |-
Rules contains all the authorization rules.
Rules are evaluated in order, the first matching rule will be applied.
items:
description: Rule defines the single authorization rule.
properties:
Expand All @@ -65,29 +67,37 @@ spec:
- Deny
- Log
type: string
permissions:
description: |-
Permissions contains allowed HTTP methods.
If empty, all methods are matching.
items:
type: string
type: array
subjects:
description: |-
Subjects contains the subject configuration.
If empty, all subjects are included.
policies:
description: Policies contains the list of authorization
policies.
items:
description: Subject contains the subject configuration.
description: Policy defines the authorization policy.
properties:
clientCIDR:
permissions:
description: |-
ClientCIDR contains client cidr configuration.
Valid examples are "192.168.1.0/24" or "2001:db8::/64"
type: string
Permissions contains allowed HTTP methods.
If empty, all methods are matching.
items:
type: string
type: array
subjects:
description: |-
Subject contains the subject configuration.
If empty, all subjects are included.
properties:
clientCIDR:
description: |-
ClientCIDR contains client cidr configuration.
Valid examples are "192.168.1.0/24" or "2001:db8::/64"
items:
type: string
type: array
type: object
type: object
type: array
required:
- action
- policies
type: object
minItems: 1
type: array
Expand Down
24 changes: 19 additions & 5 deletions site/content/en/latest/api/extension_types.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,7 @@ _Appears in:_

| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `rules` | _[Rule](#rule) array_ | true | Rules contains all the authorization rules. |
| `rules` | _[Rule](#rule) array_ | true | Rules contains all the authorization rules.<br />Rules are evaluated in order, the first matching rule will be applied. |


#### BackOffPolicy
Expand Down Expand Up @@ -2248,6 +2248,21 @@ _Appears in:_
| `backOff` | _[BackOffPolicy](#backoffpolicy)_ | false | Backoff is the backoff policy to be applied per retry attempt. gateway uses a fully jittered exponential<br />back-off algorithm for retries. For additional details,<br />see https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#config-http-filters-router-x-envoy-max-retries |


#### Policy



Policy defines the authorization policy.

_Appears in:_
- [Rule](#rule)

| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `subjects` | _[Subject](#subject)_ | false | Subject contains the subject configuration.<br />If empty, all subjects are included. |
| `permissions` | _string array_ | false | Permissions contains allowed HTTP methods.<br />If empty, all methods are matching. |


#### ProcessingModeOptions


Expand Down Expand Up @@ -2890,9 +2905,8 @@ _Appears in:_

| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `subjects` | _[Subject](#subject) array_ | false | Subjects contains the subject configuration.<br />If empty, all subjects are included. |
| `permissions` | _string array_ | false | Permissions contains allowed HTTP methods.<br />If empty, all methods are matching. |
| `action` | _[RuleActionType](#ruleactiontype)_ | true | Action defines the action to be taken if the rule matches. |
| `policies` | _[Policy](#policy) array_ | true | Policies contains the list of authorization policies. |


#### RuleActionType
Expand Down Expand Up @@ -3086,11 +3100,11 @@ _Appears in:_
Subject contains the subject configuration.

_Appears in:_
- [Rule](#rule)
- [Policy](#policy)

| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `clientCIDR` | _string_ | false | ClientCIDR contains client cidr configuration.<br />Valid examples are "192.168.1.0/24" or "2001:db8::/64" |
| `clientCIDR` | _string array_ | false | ClientCIDR contains client cidr configuration.<br />Valid examples are "192.168.1.0/24" or "2001:db8::/64" |


#### TCPActiveHealthChecker
Expand Down

0 comments on commit b96bdc0

Please sign in to comment.