Add From/To fields in SecurityPolicy#1391
Open
wenqiq wants to merge 8 commits intovmware-tanzu:mainfrom
Open
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1391 +/- ##
==========================================
+ Coverage 76.74% 76.79% +0.04%
==========================================
Files 151 151
Lines 21307 21342 +35
==========================================
+ Hits 16353 16389 +36
Misses 3784 3784
+ Partials 1170 1169 -1
🚀 New features to boost your workflow:
|
timdengyun
reviewed
Mar 19, 2026
| Sources []SecurityPolicyPeer `json:"sources,omitempty"` | ||
| // Destinations defines the endpoints where the traffic is to. For egress rule only. | ||
| Destinations []SecurityPolicyPeer `json:"destinations,omitempty"` | ||
| // From is an alias of Sources for ingress rules. |
Contributor
There was a problem hiding this comment.
This is for T1 mode, I think we don't need to change it, it's in deprecated stage.
docs/security-policy.md
Outdated
| for compatibility with Kubernetes NetworkPolicy style syntax. `from` can be used in | ||
| place of `sources` for ingress rules, and `to` can be used in place of `destinations` | ||
| for egress rules. If both `sources` and `from` (or `destinations` and `to`) are set | ||
| in the same rule, `sources`/`destinations` takes precedence and the alias is ignored. |
Contributor
There was a problem hiding this comment.
I think we should take From/To take precedence because we want to deprecate sources/destinations
| // fields so that rule hashing and tagging are independent of which alias the user used. | ||
| func normalizeRulePeers(rule *v1alpha1.SecurityPolicyRule) { | ||
| if len(rule.Sources) == 0 && len(rule.From) > 0 { | ||
| rule.Sources = append(rule.Sources, rule.From...) |
Contributor
There was a problem hiding this comment.
we might want to keep rule.From and remove rule.Sources later, so, is better copy to rule.From.
This might need more changes where it's referring to rule.Source.
| rule.Sources = append(rule.Sources, rule.From...) | ||
| } | ||
| if len(rule.Destinations) == 0 && len(rule.To) > 0 { | ||
| rule.Destinations = append(rule.Destinations, rule.To...) |
Signed-off-by: Wenqi Qiu <wenqi.qiu@broadcom.com>
Signed-off-by: Wenqi Qiu <wenqi.qiu@broadcom.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.