Skip to content

Commit

Permalink
Renaming ReferencePolicy to ReferenceGrant
Browse files Browse the repository at this point in the history
  • Loading branch information
robscott committed Jun 1, 2022
1 parent d1b8664 commit de99000
Show file tree
Hide file tree
Showing 57 changed files with 577 additions and 573 deletions.
6 changes: 3 additions & 3 deletions apis/v1alpha2/gateway_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -310,8 +310,8 @@ type GatewayTLSConfig struct {
// a Listener, but this behavior is implementation-specific.
//
// References to a resource in different namespace are invalid UNLESS there
// is a ReferencePolicy in the target namespace that allows the certificate
// to be attached. If a ReferencePolicy does not allow this reference, the
// is a ReferenceGrant in the target namespace that allows the certificate
// to be attached. If a ReferenceGrant does not allow this reference, the
// "ResolvedRefs" condition MUST be set to False for this listener with the
// "InvalidCertificateRef" reason.
//
Expand Down Expand Up @@ -754,7 +754,7 @@ const (
// This reason is used with the "ResolvedRefs" condition when
// one of the Listener's Routes has a BackendRef to an object in
// another namespace, where the object in the other namespace does
// not have a ReferencePolicy explicitly allowing the reference.
// not have a ReferenceGrant explicitly allowing the reference.
ListenerReasonRefNotPermitted ListenerConditionReason = "RefNotPermitted"
)

Expand Down
6 changes: 3 additions & 3 deletions apis/v1alpha2/httproute_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -199,7 +199,7 @@ type HTTPRouteRule struct {
// * an unknown or unsupported kind of resource
// * a resource that does not exist
// * a resource in another namespace when the reference has not been
// explicitly allowed by a ReferencePolicy (or equivalent concept).
// explicitly allowed by a ReferenceGrant (or equivalent concept).
//
// When a BackendRef is invalid, 404 status codes MUST be returned for
// requests that would have otherwise been routed to an invalid backend. If
Expand Down Expand Up @@ -828,7 +828,7 @@ type HTTPRequestMirrorFilter struct {
// this backend in the underlying implementation.
//
// If there is a cross-namespace reference to an *existing* object
// that is not allowed by a ReferencePolicy, the controller must ensure the
// that is not allowed by a ReferenceGrant, the controller must ensure the
// "ResolvedRefs" condition on the Route is set to `status: False`,
// with the "RefNotPermitted" reason and not configure this backend in the
// underlying implementation.
Expand All @@ -851,7 +851,7 @@ type HTTPBackendRef struct {
// configure this backend in the underlying implementation.
//
// If there is a cross-namespace reference to an *existing* object
// that is not covered by a ReferencePolicy, the controller must ensure the
// that is not covered by a ReferenceGrant, the controller must ensure the
// "ResolvedRefs" condition on the Route is set to `status: False`,
// with the "RefNotPermitted" reason and not configure this backend in the
// underlying implementation.
Expand Down
12 changes: 6 additions & 6 deletions apis/v1alpha2/object_reference_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,9 +65,9 @@ type SecretObjectReference struct {
// Namespace is the namespace of the backend. When unspecified, the local
// namespace is inferred.
//
// Note that when a namespace is specified, a ReferencePolicy object
// Note that when a namespace is specified, a ReferenceGrant object
// is required in the referent namespace to allow that namespace's
// owner to accept the reference. See the ReferencePolicy documentation
// owner to accept the reference. See the ReferenceGrant documentation
// for details.
//
// Support: Core
Expand All @@ -80,9 +80,9 @@ type SecretObjectReference struct {
// specific to BackendRef. It includes a few additional fields and features
// than a regular ObjectReference.
//
// Note that when a namespace is specified, a ReferencePolicy object
// Note that when a namespace is specified, a ReferenceGrant object
// is required in the referent namespace to allow that namespace's
// owner to accept the reference. See the ReferencePolicy documentation
// owner to accept the reference. See the ReferenceGrant documentation
// for details.
//
// The API object must be valid in the cluster; the Group and Kind must
Expand Down Expand Up @@ -112,9 +112,9 @@ type BackendObjectReference struct {
// Namespace is the namespace of the backend. When unspecified, the local
// namespace is inferred.
//
// Note that when a namespace is specified, a ReferencePolicy object
// Note that when a namespace is specified, a ReferenceGrant object
// is required in the referent namespace to allow that namespace's
// owner to accept the reference. See the ReferencePolicy documentation
// owner to accept the reference. See the ReferenceGrant documentation
// for details.
//
// Support: Core
Expand Down
34 changes: 17 additions & 17 deletions apis/v1alpha2/referencepolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,42 +24,42 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +kubebuilder:storageversion
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`

// ReferencePolicy identifies kinds of resources in other namespaces that are
// ReferenceGrant identifies kinds of resources in other namespaces that are
// trusted to reference the specified kinds of resources in the same namespace
// as the policy.
//
// Each ReferencePolicy can be used to represent a unique trust relationship.
// Each ReferenceGrant can be used to represent a unique trust relationship.
// Additional Reference Policies can be used to add to the set of trusted
// sources of inbound references for the namespace they are defined within.
//
// All cross-namespace references in Gateway API (with the exception of cross-namespace
// Gateway-route attachment) require a ReferencePolicy.
// Gateway-route attachment) require a ReferenceGrant.
//
// Support: Core
//
type ReferencePolicy struct {
type ReferenceGrant struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

// Spec defines the desired state of ReferencePolicy.
Spec ReferencePolicySpec `json:"spec,omitempty"`
// Spec defines the desired state of ReferenceGrant.
Spec ReferenceGrantSpec `json:"spec,omitempty"`

// Note that `Status` sub-resource has been excluded at the
// moment as it was difficult to work out the design.
// `Status` sub-resource may be added in future.
}

// +kubebuilder:object:root=true
// ReferencePolicyList contains a list of ReferencePolicy.
type ReferencePolicyList struct {
// ReferenceGrantList contains a list of ReferenceGrant.
type ReferenceGrantList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ReferencePolicy `json:"items"`
Items []ReferenceGrant `json:"items"`
}

// ReferencePolicySpec identifies a cross namespace relationship that is trusted
// ReferenceGrantSpec identifies a cross namespace relationship that is trusted
// for Gateway API.
type ReferencePolicySpec struct {
type ReferenceGrantSpec struct {
// From describes the trusted namespaces and kinds that can reference the
// resources described in "To". Each entry in this list must be considered
// to be an additional place that references can be valid from, or to put
Expand All @@ -69,7 +69,7 @@ type ReferencePolicySpec struct {
//
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:MaxItems=16
From []ReferencePolicyFrom `json:"from"`
From []ReferenceGrantFrom `json:"from"`

// To describes the resources that may be referenced by the resources
// described in "From". Each entry in this list must be considered to be an
Expand All @@ -80,11 +80,11 @@ type ReferencePolicySpec struct {
//
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:MaxItems=16
To []ReferencePolicyTo `json:"to"`
To []ReferenceGrantTo `json:"to"`
}

// ReferencePolicyFrom describes trusted namespaces and kinds.
type ReferencePolicyFrom struct {
// ReferenceGrantFrom describes trusted namespaces and kinds.
type ReferenceGrantFrom struct {
// Group is the group of the referent.
// When empty, the Kubernetes core API group is inferred.
//
Expand All @@ -107,9 +107,9 @@ type ReferencePolicyFrom struct {
Namespace Namespace `json:"namespace"`
}

// ReferencePolicyTo describes what Kinds are allowed as targets of the
// ReferenceGrantTo describes what Kinds are allowed as targets of the
// references.
type ReferencePolicyTo struct {
type ReferenceGrantTo struct {
// Group is the group of the referent.
// When empty, the Kubernetes core API group is inferred.
//
Expand Down
6 changes: 3 additions & 3 deletions apis/v1alpha2/shared_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -150,9 +150,9 @@ type PortNumber int32
// BackendRef defines how a Route should forward a request to a Kubernetes
// resource.
//
// Note that when a namespace is specified, a ReferencePolicy object
// Note that when a namespace is specified, a ReferenceGrant object
// is required in the referent namespace to allow that namespace's
// owner to accept the reference. See the ReferencePolicy documentation
// owner to accept the reference. See the ReferenceGrant documentation
// for details.
type BackendRef struct {
// BackendObjectReference references a Kubernetes object.
Expand Down Expand Up @@ -239,7 +239,7 @@ const (
// This reason is used with the "ResolvedRefs" condition when
// one of the Listener's Routes has a BackendRef to an object in
// another namespace, where the object in the other namespace does
// not have a ReferencePolicy explicitly allowing the reference.
// not have a ReferenceGrant explicitly allowing the reference.
RouteReasonRefNotPermitted RouteConditionReason = "RefNotPermitted"
)

Expand Down
50 changes: 25 additions & 25 deletions apis/v1alpha2/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions apis/v1alpha2/zz_generated.register.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit de99000

Please sign in to comment.