1 /* 2 Copyright 2021 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package v1alpha2 18 19 import ( 20 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 21 22 "sigs.k8s.io/gateway-api/apis/v1beta1" 23 ) 24 25 // +genclient 26 // +kubebuilder:object:root=true 27 // +kubebuilder:resource:categories=gateway-api,shortName=refgrant 28 // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` 29 // +kubebuilder:deprecatedversion:warning="The v1alpha2 version of ReferenceGrant has been deprecated and will be removed in a future release of the API. Please upgrade to v1beta1." 30 31 // ReferenceGrant identifies kinds of resources in other namespaces that are 32 // trusted to reference the specified kinds of resources in the same namespace 33 // as the policy. 34 // 35 // Each ReferenceGrant can be used to represent a unique trust relationship. 36 // Additional Reference Grants can be used to add to the set of trusted 37 // sources of inbound references for the namespace they are defined within. 38 // 39 // A ReferenceGrant is required for all cross-namespace references in Gateway API 40 // (with the exception of cross-namespace Route-Gateway attachment, which is 41 // governed by the AllowedRoutes configuration on the Gateway, and cross-namespace 42 // Service ParentRefs on a "consumer" mesh Route, which defines routing rules 43 // applicable only to workloads in the Route namespace). ReferenceGrants allowing 44 // a reference from a Route to a Service are only applicable to BackendRefs. 45 // 46 // ReferenceGrant is a form of runtime verification allowing users to assert 47 // which cross-namespace object references are permitted. Implementations that 48 // support ReferenceGrant MUST NOT permit cross-namespace references which have 49 // no grant, and MUST respond to the removal of a grant by revoking the access 50 // that the grant allowed. 51 type ReferenceGrant v1beta1.ReferenceGrant 52 53 // +kubebuilder:object:root=true 54 // ReferenceGrantList contains a list of ReferenceGrant. 55 type ReferenceGrantList struct { 56 metav1.TypeMeta `json:",inline"` 57 metav1.ListMeta `json:"metadata,omitempty"` 58 Items []ReferenceGrant `json:"items"` 59 } 60 61 // ReferenceGrantSpec identifies a cross namespace relationship that is trusted 62 // for Gateway API. 63 // +k8s:deepcopy-gen=false 64 type ReferenceGrantSpec = v1beta1.ReferenceGrantSpec 65 66 // ReferenceGrantFrom describes trusted namespaces and kinds. 67 // +k8s:deepcopy-gen=false 68 type ReferenceGrantFrom = v1beta1.ReferenceGrantFrom 69 70 // ReferenceGrantTo describes what Kinds are allowed as targets of the 71 // references. 72 // +k8s:deepcopy-gen=false 73 type ReferenceGrantTo = v1beta1.ReferenceGrantTo 74