From 5772ec86fa8dd9c1d1bd5ab534d44d1e36f875eb Mon Sep 17 00:00:00 2001 From: Guy Daich Date: Fri, 24 Jan 2025 14:23:18 -0600 Subject: [PATCH] api: cross-namespace policy target selectors Signed-off-by: Guy Daich --- api/v1alpha1/policy_helpers.go | 14 +++++++++++++ api/v1alpha1/zz_generated.deepcopy.go | 20 +++++++++++++++++++ site/content/en/latest/api/extension_types.md | 14 +++++++++++++ site/content/zh/latest/api/extension_types.md | 14 +++++++++++++ 4 files changed, 62 insertions(+) diff --git a/api/v1alpha1/policy_helpers.go b/api/v1alpha1/policy_helpers.go index f1bc16e178b..64dab444497 100644 --- a/api/v1alpha1/policy_helpers.go +++ b/api/v1alpha1/policy_helpers.go @@ -37,6 +37,20 @@ type TargetSelector struct { // MatchLabels are the set of label selectors for identifying the targeted resource MatchLabels map[string]string `json:"matchLabels"` + + // NamespaceSelector determines if the label selectors specified in MatchLabels are applied in + // the policy namespace or across all namespaces. + // Note: when referencing targets in a different namespace, appropriate ReferenceGrants must be + // configured to allow the selection. + // +optional + // +notImplementedHide + NamespaceSelector *NamespaceSelector `json:"namespaceSelector,omitempty"` +} + +// NamespaceSelector is a selector for selecting either all namespaces or the current namespace. +type NamespaceSelector struct { + // Boolean describing whether all namespaces are selected. + Any bool `json:"any,omitempty"` } func (p PolicyTargetReferences) GetTargetRefs() []gwapiv1a2.LocalPolicyTargetReferenceWithSectionName { diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index ee36c4ef023..02e7e07241d 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -4010,6 +4010,21 @@ func (in *Lua) DeepCopy() *Lua { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NamespaceSelector) DeepCopyInto(out *NamespaceSelector) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceSelector. +func (in *NamespaceSelector) DeepCopy() *NamespaceSelector { + if in == nil { + return nil + } + out := new(NamespaceSelector) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OIDC) DeepCopyInto(out *OIDC) { *out = *in @@ -5662,6 +5677,11 @@ func (in *TargetSelector) DeepCopyInto(out *TargetSelector) { (*out)[key] = val } } + if in.NamespaceSelector != nil { + in, out := &in.NamespaceSelector, &out.NamespaceSelector + *out = new(NamespaceSelector) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetSelector. diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index 71fedaf1d1b..4adf1c8b750 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -2898,6 +2898,20 @@ _Appears in:_ | `OpenTelemetry` | | +#### NamespaceSelector + + + +NamespaceSelector is a selector for selecting either all namespaces or the current namespace. + +_Appears in:_ +- [TargetSelector](#targetselector) + +| Field | Type | Required | Default | Description | +| --- | --- | --- | --- | --- | +| `any` | _boolean_ | true | | Boolean describing whether all namespaces are selected. | + + #### OIDC diff --git a/site/content/zh/latest/api/extension_types.md b/site/content/zh/latest/api/extension_types.md index 71fedaf1d1b..4adf1c8b750 100644 --- a/site/content/zh/latest/api/extension_types.md +++ b/site/content/zh/latest/api/extension_types.md @@ -2898,6 +2898,20 @@ _Appears in:_ | `OpenTelemetry` | | +#### NamespaceSelector + + + +NamespaceSelector is a selector for selecting either all namespaces or the current namespace. + +_Appears in:_ +- [TargetSelector](#targetselector) + +| Field | Type | Required | Default | Description | +| --- | --- | --- | --- | --- | +| `any` | _boolean_ | true | | Boolean describing whether all namespaces are selected. | + + #### OIDC