address comments

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>

api/v1alpha1/authorization_types.go

@@ -13,22 +13,26 @@ type Authorization struct {
 	Rules []Rule `json:"rules,omitempty"`
 }
 
-// Rule defines the single authorization rule.
 type Rule struct {
-	// Subjects contains the subject configuration.
+	// Action defines the action to be taken if the rule matches.
+	Action RuleActionType `json:"action"`
+
+	Policies []Policy `json:"policies"`
+}
+
+// Rule defines the single authorization rule.
+type Policy struct {
+	// Subject contains the subject configuration.
 	// If empty, all subjects are included.
 	//
 	// +optional
-	Subjects []Subject `json:"subjects,omitempty"`
+	Subject Subject `json:"subjects,omitempty"`
 
 	// Permissions contains allowed HTTP methods.
 	// If empty, all methods are matching.
 	//
 	// +optional
 	Permissions []string `json:"permissions,omitempty"`
-
-	// Action defines the action to be taken if the rule matches.
-	Action RuleActionType `json:"action"`
 }
 
 // Subject contains the subject configuration.
@@ -37,7 +41,7 @@ type Subject struct {
 	// Valid examples are "192.168.1.0/24" or "2001:db8::/64"
 	//
 	// +optional
-	ClientCIDR *string `json:"clientCIDR,omitempty"`
+	ClientCIDR []string `json:"clientCIDR,omitempty"`
 }
 
 // RuleActionType specifies the types of authorization rule action.