From a0bc1616e75c50db5b09a37e40be40f030c76a1d Mon Sep 17 00:00:00 2001 From: Aslak Knutsen Date: Tue, 27 Aug 2024 10:25:45 +0200 Subject: [PATCH] squash! feat: add expression support to workloadSelector (#57) --- controllers/authzctrl/reconcile_authpolicy.go | 9 ++++----- pkg/platform/types.go | 4 ++++ 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/controllers/authzctrl/reconcile_authpolicy.go b/controllers/authzctrl/reconcile_authpolicy.go index e8949f2..4e79fd1 100644 --- a/controllers/authzctrl/reconcile_authpolicy.go +++ b/controllers/authzctrl/reconcile_authpolicy.go @@ -29,11 +29,10 @@ func (r *Controller) reconcileAuthPolicy(ctx context.Context, target *unstructur found := &istiosecurityv1beta1.AuthorizationPolicy{} justCreated := false - err = r.Get(ctx, types.NamespacedName{ + typeName := types.NamespacedName{ Name: desired.Name, - Namespace: desired.Namespace, - }, found) - if err != nil { + Namespace: desired.Namespace} + if errGet := r.Get(ctx, typeName, found); errGet != nil { if k8serr.IsNotFound(err) { errCreate := r.Create(ctx, desired) if client.IgnoreAlreadyExists(errCreate) != nil { @@ -42,7 +41,7 @@ func (r *Controller) reconcileAuthPolicy(ctx context.Context, target *unstructur justCreated = true } else { - return fmt.Errorf("unable to fetch AuthorizationPolicy: %w", err) + return fmt.Errorf("unable to fetch AuthorizationPolicy: %w", errGet) } } diff --git a/pkg/platform/types.go b/pkg/platform/types.go index 3807c3d..7a9819e 100644 --- a/pkg/platform/types.go +++ b/pkg/platform/types.go @@ -31,6 +31,10 @@ type ProtectedResource struct { ObjectReference `json:"ref,omitempty"` // WorkloadSelector defines labels used to identify and select the specific workload // to which the authorization policy should be applied. + // All provided label selectors must be present on the Service to find a match. + // + // go expressions are handled in the selector key and value to set dynamic values from the current ObjectReference; + // e.g. "routing.opendatahub.io/{{.kind}}": "{{.metadata.name}}", // > "routing.opendatahub.io/Service": "MyService" WorkloadSelector map[string]string `json:"workloadSelector,omitempty"` // HostPaths defines paths in custom resource where hosts for this component are defined. HostPaths []string `json:"hostPaths,omitempty"` // TODO(mvp): should we switch to annotations like in routing?