From ca5852cbd3b7af9c6649f626ec0c499c99878539 Mon Sep 17 00:00:00 2001
From: huabing zhao <zhaohuabing@gmail.com>
Date: Wed, 8 May 2024 14:17:42 -0700
Subject: [PATCH] address comments

Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
---
 api/v1alpha1/authorization_types.go | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/api/v1alpha1/authorization_types.go b/api/v1alpha1/authorization_types.go
index 20b9104bf665..f6ba9e218902 100644
--- a/api/v1alpha1/authorization_types.go
+++ b/api/v1alpha1/authorization_types.go
@@ -13,22 +13,26 @@ type Authorization struct {
 	Rules []Rule `json:"rules,omitempty"`
 }
 
-// Rule defines the single authorization rule.
 type Rule struct {
-	// Subjects contains the subject configuration.
+	// Action defines the action to be taken if the rule matches.
+	Action RuleActionType `json:"action"`
+
+	Policies []Policy `json:"policies"`
+}
+
+// Rule defines the single authorization rule.
+type Policy struct {
+	// Subject contains the subject configuration.
 	// If empty, all subjects are included.
 	//
 	// +optional
-	Subjects []Subject `json:"subjects,omitempty"`
+	Subject Subject `json:"subjects,omitempty"`
 
 	// Permissions contains allowed HTTP methods.
 	// If empty, all methods are matching.
 	//
 	// +optional
 	Permissions []string `json:"permissions,omitempty"`
-
-	// Action defines the action to be taken if the rule matches.
-	Action RuleActionType `json:"action"`
 }
 
 // Subject contains the subject configuration.
@@ -37,7 +41,7 @@ type Subject struct {
 	// Valid examples are "192.168.1.0/24" or "2001:db8::/64"
 	//
 	// +optional
-	ClientCIDR *string `json:"clientCIDR,omitempty"`
+	ClientCIDR []string `json:"clientCIDR,omitempty"`
 }
 
 // RuleActionType specifies the types of authorization rule action.