feat: simplify security and list structures in profile schema and example

jacaudi · jacaudi · commit 1d7ea8c28ea2 · 2025-08-19T01:10:03.000-07:00
diff --git a/apis/nextdnsprofile/composition.yaml b/apis/nextdnsprofile/composition.yaml
@@ -48,7 +48,25 @@ spec:
                       {
                         "name": {{ .observed.composite.resource.spec.name | toJson }}
                         {{- if .observed.composite.resource.spec.security }},
-                        "security": {{ .observed.composite.resource.spec.security | toJson }}
+                        "security": {
+                          {{- $needsComma := false }}
+                          {{- range $key, $value := .observed.composite.resource.spec.security }}
+                          {{- if ne $key "tlds" }}
+                          {{- if $needsComma }},{{- end }}
+                          {{ $key | toJson }}: {{ $value | toJson }}
+                          {{- $needsComma = true }}
+                          {{- end }}
+                          {{- end }}
+                          {{- if .observed.composite.resource.spec.security.tlds }}
+                          {{- if $needsComma }},{{- end }}
+                          "tlds": [
+                            {{- range $i, $tld := .observed.composite.resource.spec.security.tlds }}
+                            {{- if $i }},{{- end }}
+                            {"id": {{ $tld | toJson }}}
+                            {{- end }}
+                          ]
+                          {{- end }}
+                        }
                         {{- end }}
                         {{- if .observed.composite.resource.spec.privacy }},
                         "privacy": {
@@ -84,37 +102,17 @@ spec:
                         {{- end }}
                         {{- if .observed.composite.resource.spec.denylist }},
                         "denylist": [
-                          {{- range $i, $entry := .observed.composite.resource.spec.denylist }}
+                          {{- range $i, $domain := .observed.composite.resource.spec.denylist }}
                           {{- if $i }},{{- end }}
-                          {{- if kindIs "string" $entry }}
-                          {"id": {{ $entry | toJson }}, "active": true}
-                          {{- else }}
-                          {{- $domain := "" }}
-                          {{- range $key, $value := $entry }}
-                          {{- if ne $key "active" }}
-                          {{- $domain = $key }}
-                          {{- end }}
-                          {{- end }}
-                          {"id": {{ $domain | toJson }}, "active": {{ $entry.active | default true }}}
-                          {{- end }}
+                          {"id": {{ $domain | toJson }}, "active": true}
                           {{- end }}
                         ]
                         {{- end }}
                         {{- if .observed.composite.resource.spec.allowlist }},
                         "allowlist": [
-                          {{- range $i, $entry := .observed.composite.resource.spec.allowlist }}
+                          {{- range $i, $domain := .observed.composite.resource.spec.allowlist }}
                           {{- if $i }},{{- end }}
-                          {{- if kindIs "string" $entry }}
-                          {"id": {{ $entry | toJson }}, "active": true}
-                          {{- else }}
-                          {{- $domain := "" }}
-                          {{- range $key, $value := $entry }}
-                          {{- if ne $key "active" }}
-                          {{- $domain = $key }}
-                          {{- end }}
-                          {{- end }}
-                          {"id": {{ $domain | toJson }}, "active": {{ $entry.active | default true }}}
-                          {{- end }}
+                          {"id": {{ $domain | toJson }}, "active": true}
                           {{- end }}
                         ]
                         {{- end }}
diff --git a/apis/nextdnsprofile/definition.yaml b/apis/nextdnsprofile/definition.yaml
@@ -59,12 +59,7 @@ spec:
                     tlds:
                       type: array
                       items:
-                        type: object
-                        properties:
-                          id:
-                            type: string
-                          active:
-                            type: boolean
+                        type: string
                     typosquatting:
                       type: boolean
                 privacy:
@@ -112,25 +107,11 @@ spec:
                 denylist:
                   type: array
                   items:
-                    oneOf:
-                      - type: string
-                      - type: object
-                        properties:
-                          active:
-                            type: boolean
-                        additionalProperties:
-                          type: string
+                    type: string
                 allowlist:
                   type: array
                   items:
-                    oneOf:
-                      - type: string
-                      - type: object
-                        properties:
-                          active:
-                            type: boolean
-                        additionalProperties:
-                          type: string
+                    type: string
                 settings:
                   type: object
                   properties:
diff --git a/example/nextdnsprofile/claim.yaml b/example/nextdnsprofile/claim.yaml
@@ -12,15 +12,20 @@ spec:
   privacy:
     disguisedTrackers: true
     allowAffiliate: false
+    blocklists:
+      - oisd
+      - steven-black
+      - easyprivacy
+      - hagezi-multi-pro
     natives:
-      - id: windows
-      - id: apple
-      - id: samsung
-      - id: xiaomi
-      - id: huawei
-      - id: alexa
-      - id: roku
-      - id: sonos
+      - windows
+      - apple
+      - samsung
+      - xiaomi
+      - huawei
+      - alexa
+      - roku
+      - sonos
   security:
     threatIntelligenceFeeds: true
     aiThreatDetection: true
@@ -35,12 +40,16 @@ spec:
     parking: true
     csam: true
     tlds:
-      - id: ru
-      - id: ch
-      - id: pizza
+      - ru
+      - ch
+      - pizza
   parentalControl:
     safeSearch: false
     youtubeRestrictedMode: true
+  allowlist:
+    - mixpanel.com
+    - newrelic.com
+    - mailchimp.com
+    - hulu.com
   denylist:
-    - id: accuweather.com
-      active: true
+    - accuweather.com
