diff --git a/cmd/security-controller/kodata/HEAD b/cmd/policy/controller/kodata/HEAD similarity index 100% rename from cmd/security-controller/kodata/HEAD rename to cmd/policy/controller/kodata/HEAD diff --git a/cmd/security-controller/kodata/LICENSE b/cmd/policy/controller/kodata/LICENSE similarity index 100% rename from cmd/security-controller/kodata/LICENSE rename to cmd/policy/controller/kodata/LICENSE diff --git a/cmd/security-controller/kodata/VENDOR-LICENSE b/cmd/policy/controller/kodata/VENDOR-LICENSE similarity index 100% rename from cmd/security-controller/kodata/VENDOR-LICENSE rename to cmd/policy/controller/kodata/VENDOR-LICENSE diff --git a/cmd/security-controller/kodata/refs/heads/f/bfanout b/cmd/policy/controller/kodata/refs/heads/f/bfanout similarity index 100% rename from cmd/security-controller/kodata/refs/heads/f/bfanout rename to cmd/policy/controller/kodata/refs/heads/f/bfanout diff --git a/cmd/security-controller/kodata/refs/heads/f/fanout2 b/cmd/policy/controller/kodata/refs/heads/f/fanout2 similarity index 100% rename from cmd/security-controller/kodata/refs/heads/f/fanout2 rename to cmd/policy/controller/kodata/refs/heads/f/fanout2 diff --git a/cmd/security-controller/kodata/refs/heads/f/part b/cmd/policy/controller/kodata/refs/heads/f/part similarity index 100% rename from cmd/security-controller/kodata/refs/heads/f/part rename to cmd/policy/controller/kodata/refs/heads/f/part diff --git a/cmd/security-controller/kodata/refs/heads/f/pclean b/cmd/policy/controller/kodata/refs/heads/f/pclean similarity index 100% rename from cmd/security-controller/kodata/refs/heads/f/pclean rename to cmd/policy/controller/kodata/refs/heads/f/pclean diff --git a/cmd/security-controller/kodata/refs/heads/master b/cmd/policy/controller/kodata/refs/heads/master similarity index 100% rename from cmd/security-controller/kodata/refs/heads/master rename to cmd/policy/controller/kodata/refs/heads/master diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/annotations b/cmd/policy/controller/kodata/refs/remotes/nacho/annotations similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/annotations rename to cmd/policy/controller/kodata/refs/remotes/nacho/annotations diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/apigroup b/cmd/policy/controller/kodata/refs/remotes/nacho/apigroup similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/apigroup rename to cmd/policy/controller/kodata/refs/remotes/nacho/apigroup diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/approve b/cmd/policy/controller/kodata/refs/remotes/nacho/approve similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/approve rename to cmd/policy/controller/kodata/refs/remotes/nacho/approve diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/bump_sdk b/cmd/policy/controller/kodata/refs/remotes/nacho/bump_sdk similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/bump_sdk rename to cmd/policy/controller/kodata/refs/remotes/nacho/bump_sdk diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/ce1 b/cmd/policy/controller/kodata/refs/remotes/nacho/ce1 similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/ce1 rename to cmd/policy/controller/kodata/refs/remotes/nacho/ce1 diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/channel_perf b/cmd/policy/controller/kodata/refs/remotes/nacho/channel_perf similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/channel_perf rename to cmd/policy/controller/kodata/refs/remotes/nacho/channel_perf diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/channel_source_metrics b/cmd/policy/controller/kodata/refs/remotes/nacho/channel_source_metrics similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/channel_source_metrics rename to cmd/policy/controller/kodata/refs/remotes/nacho/channel_source_metrics diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/cnrm b/cmd/policy/controller/kodata/refs/remotes/nacho/cnrm similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/cnrm rename to cmd/policy/controller/kodata/refs/remotes/nacho/cnrm diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/contenttype b/cmd/policy/controller/kodata/refs/remotes/nacho/contenttype similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/contenttype rename to cmd/policy/controller/kodata/refs/remotes/nacho/contenttype diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/deps b/cmd/policy/controller/kodata/refs/remotes/nacho/deps similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/deps rename to cmd/policy/controller/kodata/refs/remotes/nacho/deps diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/description b/cmd/policy/controller/kodata/refs/remotes/nacho/description similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/description rename to cmd/policy/controller/kodata/refs/remotes/nacho/description diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/e2e b/cmd/policy/controller/kodata/refs/remotes/nacho/e2e similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/e2e rename to cmd/policy/controller/kodata/refs/remotes/nacho/e2e diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/e2e-1.0 b/cmd/policy/controller/kodata/refs/remotes/nacho/e2e-1.0 similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/e2e-1.0 rename to cmd/policy/controller/kodata/refs/remotes/nacho/e2e-1.0 diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/gcs b/cmd/policy/controller/kodata/refs/remotes/nacho/gcs similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/gcs rename to cmd/policy/controller/kodata/refs/remotes/nacho/gcs diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/importer-registry b/cmd/policy/controller/kodata/refs/remotes/nacho/importer-registry similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/importer-registry rename to cmd/policy/controller/kodata/refs/remotes/nacho/importer-registry diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/internal_metrics b/cmd/policy/controller/kodata/refs/remotes/nacho/internal_metrics similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/internal_metrics rename to cmd/policy/controller/kodata/refs/remotes/nacho/internal_metrics diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/jobs b/cmd/policy/controller/kodata/refs/remotes/nacho/jobs similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/jobs rename to cmd/policy/controller/kodata/refs/remotes/nacho/jobs diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/log_tracing b/cmd/policy/controller/kodata/refs/remotes/nacho/log_tracing similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/log_tracing rename to cmd/policy/controller/kodata/refs/remotes/nacho/log_tracing diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/master b/cmd/policy/controller/kodata/refs/remotes/nacho/master similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/master rename to cmd/policy/controller/kodata/refs/remotes/nacho/master diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/metrics_e2e_ps b/cmd/policy/controller/kodata/refs/remotes/nacho/metrics_e2e_ps similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/metrics_e2e_ps rename to cmd/policy/controller/kodata/refs/remotes/nacho/metrics_e2e_ps diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/n3wscott-patch-1 b/cmd/policy/controller/kodata/refs/remotes/nacho/n3wscott-patch-1 similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/n3wscott-patch-1 rename to cmd/policy/controller/kodata/refs/remotes/nacho/n3wscott-patch-1 diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/perf b/cmd/policy/controller/kodata/refs/remotes/nacho/perf similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/perf rename to cmd/policy/controller/kodata/refs/remotes/nacho/perf diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/pubsub-e2e b/cmd/policy/controller/kodata/refs/remotes/nacho/pubsub-e2e similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/pubsub-e2e rename to cmd/policy/controller/kodata/refs/remotes/nacho/pubsub-e2e diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/pubsub-source b/cmd/policy/controller/kodata/refs/remotes/nacho/pubsub-source similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/pubsub-source rename to cmd/policy/controller/kodata/refs/remotes/nacho/pubsub-source diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/rel-0.11 b/cmd/policy/controller/kodata/refs/remotes/nacho/rel-0.11 similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/rel-0.11 rename to cmd/policy/controller/kodata/refs/remotes/nacho/rel-0.11 diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/rel-prep b/cmd/policy/controller/kodata/refs/remotes/nacho/rel-prep similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/rel-prep rename to cmd/policy/controller/kodata/refs/remotes/nacho/rel-prep diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/schema b/cmd/policy/controller/kodata/refs/remotes/nacho/schema similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/schema rename to cmd/policy/controller/kodata/refs/remotes/nacho/schema diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/schemas b/cmd/policy/controller/kodata/refs/remotes/nacho/schemas similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/schemas rename to cmd/policy/controller/kodata/refs/remotes/nacho/schemas diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/source_registry b/cmd/policy/controller/kodata/refs/remotes/nacho/source_registry similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/source_registry rename to cmd/policy/controller/kodata/refs/remotes/nacho/source_registry diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/storage_metrics b/cmd/policy/controller/kodata/refs/remotes/nacho/storage_metrics similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/storage_metrics rename to cmd/policy/controller/kodata/refs/remotes/nacho/storage_metrics diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/subscription b/cmd/policy/controller/kodata/refs/remotes/nacho/subscription similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/subscription rename to cmd/policy/controller/kodata/refs/remotes/nacho/subscription diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/title b/cmd/policy/controller/kodata/refs/remotes/nacho/title similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/title rename to cmd/policy/controller/kodata/refs/remotes/nacho/title diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/traceparent b/cmd/policy/controller/kodata/refs/remotes/nacho/traceparent similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/traceparent rename to cmd/policy/controller/kodata/refs/remotes/nacho/traceparent diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/type b/cmd/policy/controller/kodata/refs/remotes/nacho/type similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/type rename to cmd/policy/controller/kodata/refs/remotes/nacho/type diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/update-deps b/cmd/policy/controller/kodata/refs/remotes/nacho/update-deps similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/update-deps rename to cmd/policy/controller/kodata/refs/remotes/nacho/update-deps diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/update_eventing b/cmd/policy/controller/kodata/refs/remotes/nacho/update_eventing similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/update_eventing rename to cmd/policy/controller/kodata/refs/remotes/nacho/update_eventing diff --git a/cmd/security-controller/kodata/refs/remotes/nacho/webhook b/cmd/policy/controller/kodata/refs/remotes/nacho/webhook similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/nacho/webhook rename to cmd/policy/controller/kodata/refs/remotes/nacho/webhook diff --git a/cmd/security-controller/kodata/refs/remotes/origin/HEAD b/cmd/policy/controller/kodata/refs/remotes/origin/HEAD similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/origin/HEAD rename to cmd/policy/controller/kodata/refs/remotes/origin/HEAD diff --git a/cmd/security-controller/kodata/refs/remotes/origin/b/iss b/cmd/policy/controller/kodata/refs/remotes/origin/b/iss similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/origin/b/iss rename to cmd/policy/controller/kodata/refs/remotes/origin/b/iss diff --git a/cmd/security-controller/kodata/refs/remotes/origin/chan_lock b/cmd/policy/controller/kodata/refs/remotes/origin/chan_lock similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/origin/chan_lock rename to cmd/policy/controller/kodata/refs/remotes/origin/chan_lock diff --git a/cmd/security-controller/kodata/refs/remotes/origin/cmp_fix b/cmd/policy/controller/kodata/refs/remotes/origin/cmp_fix similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/origin/cmp_fix rename to cmd/policy/controller/kodata/refs/remotes/origin/cmp_fix diff --git a/cmd/security-controller/kodata/refs/remotes/origin/f/add-dummy-secret b/cmd/policy/controller/kodata/refs/remotes/origin/f/add-dummy-secret similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/origin/f/add-dummy-secret rename to cmd/policy/controller/kodata/refs/remotes/origin/f/add-dummy-secret diff --git a/cmd/security-controller/kodata/refs/remotes/origin/f/bfanout b/cmd/policy/controller/kodata/refs/remotes/origin/f/bfanout similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/origin/f/bfanout rename to cmd/policy/controller/kodata/refs/remotes/origin/f/bfanout diff --git a/cmd/security-controller/kodata/refs/remotes/origin/f/cmop b/cmd/policy/controller/kodata/refs/remotes/origin/f/cmop similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/origin/f/cmop rename to cmd/policy/controller/kodata/refs/remotes/origin/f/cmop diff --git a/cmd/security-controller/kodata/refs/remotes/origin/f/create-init-script b/cmd/policy/controller/kodata/refs/remotes/origin/f/create-init-script similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/origin/f/create-init-script rename to cmd/policy/controller/kodata/refs/remotes/origin/f/create-init-script diff --git a/cmd/security-controller/kodata/refs/remotes/origin/f/ep b/cmd/policy/controller/kodata/refs/remotes/origin/f/ep similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/origin/f/ep rename to cmd/policy/controller/kodata/refs/remotes/origin/f/ep diff --git a/cmd/security-controller/kodata/refs/remotes/origin/f/istiob b/cmd/policy/controller/kodata/refs/remotes/origin/f/istiob similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/origin/f/istiob rename to cmd/policy/controller/kodata/refs/remotes/origin/f/istiob diff --git a/cmd/security-controller/kodata/refs/remotes/origin/f/pcheck b/cmd/policy/controller/kodata/refs/remotes/origin/f/pcheck similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/origin/f/pcheck rename to cmd/policy/controller/kodata/refs/remotes/origin/f/pcheck diff --git a/cmd/security-controller/kodata/refs/remotes/origin/f/pclean b/cmd/policy/controller/kodata/refs/remotes/origin/f/pclean similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/origin/f/pclean rename to cmd/policy/controller/kodata/refs/remotes/origin/f/pclean diff --git a/cmd/security-controller/kodata/refs/remotes/origin/f/policyapi b/cmd/policy/controller/kodata/refs/remotes/origin/f/policyapi similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/origin/f/policyapi rename to cmd/policy/controller/kodata/refs/remotes/origin/f/policyapi diff --git a/cmd/security-controller/kodata/refs/remotes/origin/fix_finalizer b/cmd/policy/controller/kodata/refs/remotes/origin/fix_finalizer similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/origin/fix_finalizer rename to cmd/policy/controller/kodata/refs/remotes/origin/fix_finalizer diff --git a/cmd/security-controller/kodata/refs/remotes/origin/fix_job_term b/cmd/policy/controller/kodata/refs/remotes/origin/fix_job_term similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/origin/fix_job_term rename to cmd/policy/controller/kodata/refs/remotes/origin/fix_job_term diff --git a/cmd/security-controller/kodata/refs/remotes/origin/fix_perm b/cmd/policy/controller/kodata/refs/remotes/origin/fix_perm similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/origin/fix_perm rename to cmd/policy/controller/kodata/refs/remotes/origin/fix_perm diff --git a/cmd/security-controller/kodata/refs/remotes/origin/job_del b/cmd/policy/controller/kodata/refs/remotes/origin/job_del similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/origin/job_del rename to cmd/policy/controller/kodata/refs/remotes/origin/job_del diff --git a/cmd/security-controller/kodata/refs/remotes/origin/master b/cmd/policy/controller/kodata/refs/remotes/origin/master similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/origin/master rename to cmd/policy/controller/kodata/refs/remotes/origin/master diff --git a/cmd/security-controller/kodata/refs/remotes/origin/prop_status_topic b/cmd/policy/controller/kodata/refs/remotes/origin/prop_status_topic similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/origin/prop_status_topic rename to cmd/policy/controller/kodata/refs/remotes/origin/prop_status_topic diff --git a/cmd/security-controller/kodata/refs/remotes/origin/ps_adapter_test b/cmd/policy/controller/kodata/refs/remotes/origin/ps_adapter_test similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/origin/ps_adapter_test rename to cmd/policy/controller/kodata/refs/remotes/origin/ps_adapter_test diff --git a/cmd/security-controller/kodata/refs/remotes/origin/secret_final b/cmd/policy/controller/kodata/refs/remotes/origin/secret_final similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/origin/secret_final rename to cmd/policy/controller/kodata/refs/remotes/origin/secret_final diff --git a/cmd/security-controller/kodata/refs/remotes/origin/secret_final_2 b/cmd/policy/controller/kodata/refs/remotes/origin/secret_final_2 similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/origin/secret_final_2 rename to cmd/policy/controller/kodata/refs/remotes/origin/secret_final_2 diff --git a/cmd/security-controller/kodata/refs/remotes/origin/topic_prop_test b/cmd/policy/controller/kodata/refs/remotes/origin/topic_prop_test similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/origin/topic_prop_test rename to cmd/policy/controller/kodata/refs/remotes/origin/topic_prop_test diff --git a/cmd/security-controller/kodata/refs/remotes/upstream/master b/cmd/policy/controller/kodata/refs/remotes/upstream/master similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/upstream/master rename to cmd/policy/controller/kodata/refs/remotes/upstream/master diff --git a/cmd/security-controller/kodata/refs/remotes/upstream/release-0.10 b/cmd/policy/controller/kodata/refs/remotes/upstream/release-0.10 similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/upstream/release-0.10 rename to cmd/policy/controller/kodata/refs/remotes/upstream/release-0.10 diff --git a/cmd/security-controller/kodata/refs/remotes/upstream/release-0.11 b/cmd/policy/controller/kodata/refs/remotes/upstream/release-0.11 similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/upstream/release-0.11 rename to cmd/policy/controller/kodata/refs/remotes/upstream/release-0.11 diff --git a/cmd/security-controller/kodata/refs/remotes/upstream/release-0.12 b/cmd/policy/controller/kodata/refs/remotes/upstream/release-0.12 similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/upstream/release-0.12 rename to cmd/policy/controller/kodata/refs/remotes/upstream/release-0.12 diff --git a/cmd/security-controller/kodata/refs/remotes/upstream/release-0.13 b/cmd/policy/controller/kodata/refs/remotes/upstream/release-0.13 similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/upstream/release-0.13 rename to cmd/policy/controller/kodata/refs/remotes/upstream/release-0.13 diff --git a/cmd/security-controller/kodata/refs/remotes/upstream/release-0.8 b/cmd/policy/controller/kodata/refs/remotes/upstream/release-0.8 similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/upstream/release-0.8 rename to cmd/policy/controller/kodata/refs/remotes/upstream/release-0.8 diff --git a/cmd/security-controller/kodata/refs/remotes/upstream/release-0.9 b/cmd/policy/controller/kodata/refs/remotes/upstream/release-0.9 similarity index 100% rename from cmd/security-controller/kodata/refs/remotes/upstream/release-0.9 rename to cmd/policy/controller/kodata/refs/remotes/upstream/release-0.9 diff --git a/cmd/security-controller/kodata/refs/tags/v0.10.0 b/cmd/policy/controller/kodata/refs/tags/v0.10.0 similarity index 100% rename from cmd/security-controller/kodata/refs/tags/v0.10.0 rename to cmd/policy/controller/kodata/refs/tags/v0.10.0 diff --git a/cmd/security-controller/kodata/refs/tags/v0.10.1 b/cmd/policy/controller/kodata/refs/tags/v0.10.1 similarity index 100% rename from cmd/security-controller/kodata/refs/tags/v0.10.1 rename to cmd/policy/controller/kodata/refs/tags/v0.10.1 diff --git a/cmd/security-controller/kodata/refs/tags/v0.11.0 b/cmd/policy/controller/kodata/refs/tags/v0.11.0 similarity index 100% rename from cmd/security-controller/kodata/refs/tags/v0.11.0 rename to cmd/policy/controller/kodata/refs/tags/v0.11.0 diff --git a/cmd/security-controller/kodata/refs/tags/v0.12.0 b/cmd/policy/controller/kodata/refs/tags/v0.12.0 similarity index 100% rename from cmd/security-controller/kodata/refs/tags/v0.12.0 rename to cmd/policy/controller/kodata/refs/tags/v0.12.0 diff --git a/cmd/security-controller/kodata/refs/tags/v0.12.1 b/cmd/policy/controller/kodata/refs/tags/v0.12.1 similarity index 100% rename from cmd/security-controller/kodata/refs/tags/v0.12.1 rename to cmd/policy/controller/kodata/refs/tags/v0.12.1 diff --git a/cmd/security-controller/kodata/refs/tags/v0.12.2 b/cmd/policy/controller/kodata/refs/tags/v0.12.2 similarity index 100% rename from cmd/security-controller/kodata/refs/tags/v0.12.2 rename to cmd/policy/controller/kodata/refs/tags/v0.12.2 diff --git a/cmd/security-controller/kodata/refs/tags/v0.13.0 b/cmd/policy/controller/kodata/refs/tags/v0.13.0 similarity index 100% rename from cmd/security-controller/kodata/refs/tags/v0.13.0 rename to cmd/policy/controller/kodata/refs/tags/v0.13.0 diff --git a/cmd/security-controller/main.go b/cmd/policy/controller/main.go similarity index 84% rename from cmd/security-controller/main.go rename to cmd/policy/controller/main.go index 305f5da4a0..eeba7138fe 100644 --- a/cmd/security-controller/main.go +++ b/cmd/policy/controller/main.go @@ -17,8 +17,8 @@ limitations under the License. package main import ( - "github.com/google/knative-gcp/pkg/reconciler/security/istio/eventpolicybinding" - "github.com/google/knative-gcp/pkg/reconciler/security/istio/httppolicybinding" + "github.com/google/knative-gcp/pkg/reconciler/policy/istio/eventpolicybinding" + "github.com/google/knative-gcp/pkg/reconciler/policy/istio/httppolicybinding" // The following line to load the gcp plugin (only required to authenticate against GKE clusters). _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" diff --git a/cmd/security-webhook/kodata/HEAD b/cmd/policy/webhook/kodata/HEAD similarity index 100% rename from cmd/security-webhook/kodata/HEAD rename to cmd/policy/webhook/kodata/HEAD diff --git a/cmd/security-webhook/kodata/LICENSE b/cmd/policy/webhook/kodata/LICENSE similarity index 100% rename from cmd/security-webhook/kodata/LICENSE rename to cmd/policy/webhook/kodata/LICENSE diff --git a/cmd/security-webhook/kodata/VENDOR-LICENSE b/cmd/policy/webhook/kodata/VENDOR-LICENSE similarity index 100% rename from cmd/security-webhook/kodata/VENDOR-LICENSE rename to cmd/policy/webhook/kodata/VENDOR-LICENSE diff --git a/cmd/security-webhook/kodata/refs/heads/f/bfanout b/cmd/policy/webhook/kodata/refs/heads/f/bfanout similarity index 100% rename from cmd/security-webhook/kodata/refs/heads/f/bfanout rename to cmd/policy/webhook/kodata/refs/heads/f/bfanout diff --git a/cmd/security-webhook/kodata/refs/heads/f/fanout2 b/cmd/policy/webhook/kodata/refs/heads/f/fanout2 similarity index 100% rename from cmd/security-webhook/kodata/refs/heads/f/fanout2 rename to cmd/policy/webhook/kodata/refs/heads/f/fanout2 diff --git a/cmd/security-webhook/kodata/refs/heads/f/part b/cmd/policy/webhook/kodata/refs/heads/f/part similarity index 100% rename from cmd/security-webhook/kodata/refs/heads/f/part rename to cmd/policy/webhook/kodata/refs/heads/f/part diff --git a/cmd/security-webhook/kodata/refs/heads/f/pclean b/cmd/policy/webhook/kodata/refs/heads/f/pclean similarity index 100% rename from cmd/security-webhook/kodata/refs/heads/f/pclean rename to cmd/policy/webhook/kodata/refs/heads/f/pclean diff --git a/cmd/security-webhook/kodata/refs/heads/master b/cmd/policy/webhook/kodata/refs/heads/master similarity index 100% rename from cmd/security-webhook/kodata/refs/heads/master rename to cmd/policy/webhook/kodata/refs/heads/master diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/annotations b/cmd/policy/webhook/kodata/refs/remotes/nacho/annotations similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/annotations rename to cmd/policy/webhook/kodata/refs/remotes/nacho/annotations diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/apigroup b/cmd/policy/webhook/kodata/refs/remotes/nacho/apigroup similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/apigroup rename to cmd/policy/webhook/kodata/refs/remotes/nacho/apigroup diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/approve b/cmd/policy/webhook/kodata/refs/remotes/nacho/approve similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/approve rename to cmd/policy/webhook/kodata/refs/remotes/nacho/approve diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/bump_sdk b/cmd/policy/webhook/kodata/refs/remotes/nacho/bump_sdk similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/bump_sdk rename to cmd/policy/webhook/kodata/refs/remotes/nacho/bump_sdk diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/ce1 b/cmd/policy/webhook/kodata/refs/remotes/nacho/ce1 similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/ce1 rename to cmd/policy/webhook/kodata/refs/remotes/nacho/ce1 diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/channel_perf b/cmd/policy/webhook/kodata/refs/remotes/nacho/channel_perf similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/channel_perf rename to cmd/policy/webhook/kodata/refs/remotes/nacho/channel_perf diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/channel_source_metrics b/cmd/policy/webhook/kodata/refs/remotes/nacho/channel_source_metrics similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/channel_source_metrics rename to cmd/policy/webhook/kodata/refs/remotes/nacho/channel_source_metrics diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/cnrm b/cmd/policy/webhook/kodata/refs/remotes/nacho/cnrm similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/cnrm rename to cmd/policy/webhook/kodata/refs/remotes/nacho/cnrm diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/contenttype b/cmd/policy/webhook/kodata/refs/remotes/nacho/contenttype similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/contenttype rename to cmd/policy/webhook/kodata/refs/remotes/nacho/contenttype diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/deps b/cmd/policy/webhook/kodata/refs/remotes/nacho/deps similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/deps rename to cmd/policy/webhook/kodata/refs/remotes/nacho/deps diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/description b/cmd/policy/webhook/kodata/refs/remotes/nacho/description similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/description rename to cmd/policy/webhook/kodata/refs/remotes/nacho/description diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/e2e b/cmd/policy/webhook/kodata/refs/remotes/nacho/e2e similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/e2e rename to cmd/policy/webhook/kodata/refs/remotes/nacho/e2e diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/e2e-1.0 b/cmd/policy/webhook/kodata/refs/remotes/nacho/e2e-1.0 similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/e2e-1.0 rename to cmd/policy/webhook/kodata/refs/remotes/nacho/e2e-1.0 diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/gcs b/cmd/policy/webhook/kodata/refs/remotes/nacho/gcs similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/gcs rename to cmd/policy/webhook/kodata/refs/remotes/nacho/gcs diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/importer-registry b/cmd/policy/webhook/kodata/refs/remotes/nacho/importer-registry similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/importer-registry rename to cmd/policy/webhook/kodata/refs/remotes/nacho/importer-registry diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/internal_metrics b/cmd/policy/webhook/kodata/refs/remotes/nacho/internal_metrics similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/internal_metrics rename to cmd/policy/webhook/kodata/refs/remotes/nacho/internal_metrics diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/jobs b/cmd/policy/webhook/kodata/refs/remotes/nacho/jobs similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/jobs rename to cmd/policy/webhook/kodata/refs/remotes/nacho/jobs diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/log_tracing b/cmd/policy/webhook/kodata/refs/remotes/nacho/log_tracing similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/log_tracing rename to cmd/policy/webhook/kodata/refs/remotes/nacho/log_tracing diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/master b/cmd/policy/webhook/kodata/refs/remotes/nacho/master similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/master rename to cmd/policy/webhook/kodata/refs/remotes/nacho/master diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/metrics_e2e_ps b/cmd/policy/webhook/kodata/refs/remotes/nacho/metrics_e2e_ps similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/metrics_e2e_ps rename to cmd/policy/webhook/kodata/refs/remotes/nacho/metrics_e2e_ps diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/n3wscott-patch-1 b/cmd/policy/webhook/kodata/refs/remotes/nacho/n3wscott-patch-1 similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/n3wscott-patch-1 rename to cmd/policy/webhook/kodata/refs/remotes/nacho/n3wscott-patch-1 diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/perf b/cmd/policy/webhook/kodata/refs/remotes/nacho/perf similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/perf rename to cmd/policy/webhook/kodata/refs/remotes/nacho/perf diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/pubsub-e2e b/cmd/policy/webhook/kodata/refs/remotes/nacho/pubsub-e2e similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/pubsub-e2e rename to cmd/policy/webhook/kodata/refs/remotes/nacho/pubsub-e2e diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/pubsub-source b/cmd/policy/webhook/kodata/refs/remotes/nacho/pubsub-source similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/pubsub-source rename to cmd/policy/webhook/kodata/refs/remotes/nacho/pubsub-source diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/rel-0.11 b/cmd/policy/webhook/kodata/refs/remotes/nacho/rel-0.11 similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/rel-0.11 rename to cmd/policy/webhook/kodata/refs/remotes/nacho/rel-0.11 diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/rel-prep b/cmd/policy/webhook/kodata/refs/remotes/nacho/rel-prep similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/rel-prep rename to cmd/policy/webhook/kodata/refs/remotes/nacho/rel-prep diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/schema b/cmd/policy/webhook/kodata/refs/remotes/nacho/schema similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/schema rename to cmd/policy/webhook/kodata/refs/remotes/nacho/schema diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/schemas b/cmd/policy/webhook/kodata/refs/remotes/nacho/schemas similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/schemas rename to cmd/policy/webhook/kodata/refs/remotes/nacho/schemas diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/source_registry b/cmd/policy/webhook/kodata/refs/remotes/nacho/source_registry similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/source_registry rename to cmd/policy/webhook/kodata/refs/remotes/nacho/source_registry diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/storage_metrics b/cmd/policy/webhook/kodata/refs/remotes/nacho/storage_metrics similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/storage_metrics rename to cmd/policy/webhook/kodata/refs/remotes/nacho/storage_metrics diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/subscription b/cmd/policy/webhook/kodata/refs/remotes/nacho/subscription similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/subscription rename to cmd/policy/webhook/kodata/refs/remotes/nacho/subscription diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/title b/cmd/policy/webhook/kodata/refs/remotes/nacho/title similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/title rename to cmd/policy/webhook/kodata/refs/remotes/nacho/title diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/traceparent b/cmd/policy/webhook/kodata/refs/remotes/nacho/traceparent similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/traceparent rename to cmd/policy/webhook/kodata/refs/remotes/nacho/traceparent diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/type b/cmd/policy/webhook/kodata/refs/remotes/nacho/type similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/type rename to cmd/policy/webhook/kodata/refs/remotes/nacho/type diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/update-deps b/cmd/policy/webhook/kodata/refs/remotes/nacho/update-deps similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/update-deps rename to cmd/policy/webhook/kodata/refs/remotes/nacho/update-deps diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/update_eventing b/cmd/policy/webhook/kodata/refs/remotes/nacho/update_eventing similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/update_eventing rename to cmd/policy/webhook/kodata/refs/remotes/nacho/update_eventing diff --git a/cmd/security-webhook/kodata/refs/remotes/nacho/webhook b/cmd/policy/webhook/kodata/refs/remotes/nacho/webhook similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/nacho/webhook rename to cmd/policy/webhook/kodata/refs/remotes/nacho/webhook diff --git a/cmd/security-webhook/kodata/refs/remotes/origin/HEAD b/cmd/policy/webhook/kodata/refs/remotes/origin/HEAD similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/origin/HEAD rename to cmd/policy/webhook/kodata/refs/remotes/origin/HEAD diff --git a/cmd/security-webhook/kodata/refs/remotes/origin/b/iss b/cmd/policy/webhook/kodata/refs/remotes/origin/b/iss similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/origin/b/iss rename to cmd/policy/webhook/kodata/refs/remotes/origin/b/iss diff --git a/cmd/security-webhook/kodata/refs/remotes/origin/chan_lock b/cmd/policy/webhook/kodata/refs/remotes/origin/chan_lock similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/origin/chan_lock rename to cmd/policy/webhook/kodata/refs/remotes/origin/chan_lock diff --git a/cmd/security-webhook/kodata/refs/remotes/origin/cmp_fix b/cmd/policy/webhook/kodata/refs/remotes/origin/cmp_fix similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/origin/cmp_fix rename to cmd/policy/webhook/kodata/refs/remotes/origin/cmp_fix diff --git a/cmd/security-webhook/kodata/refs/remotes/origin/f/add-dummy-secret b/cmd/policy/webhook/kodata/refs/remotes/origin/f/add-dummy-secret similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/origin/f/add-dummy-secret rename to cmd/policy/webhook/kodata/refs/remotes/origin/f/add-dummy-secret diff --git a/cmd/security-webhook/kodata/refs/remotes/origin/f/bfanout b/cmd/policy/webhook/kodata/refs/remotes/origin/f/bfanout similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/origin/f/bfanout rename to cmd/policy/webhook/kodata/refs/remotes/origin/f/bfanout diff --git a/cmd/security-webhook/kodata/refs/remotes/origin/f/cmop b/cmd/policy/webhook/kodata/refs/remotes/origin/f/cmop similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/origin/f/cmop rename to cmd/policy/webhook/kodata/refs/remotes/origin/f/cmop diff --git a/cmd/security-webhook/kodata/refs/remotes/origin/f/create-init-script b/cmd/policy/webhook/kodata/refs/remotes/origin/f/create-init-script similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/origin/f/create-init-script rename to cmd/policy/webhook/kodata/refs/remotes/origin/f/create-init-script diff --git a/cmd/security-webhook/kodata/refs/remotes/origin/f/ep b/cmd/policy/webhook/kodata/refs/remotes/origin/f/ep similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/origin/f/ep rename to cmd/policy/webhook/kodata/refs/remotes/origin/f/ep diff --git a/cmd/security-webhook/kodata/refs/remotes/origin/f/istiob b/cmd/policy/webhook/kodata/refs/remotes/origin/f/istiob similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/origin/f/istiob rename to cmd/policy/webhook/kodata/refs/remotes/origin/f/istiob diff --git a/cmd/security-webhook/kodata/refs/remotes/origin/f/pcheck b/cmd/policy/webhook/kodata/refs/remotes/origin/f/pcheck similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/origin/f/pcheck rename to cmd/policy/webhook/kodata/refs/remotes/origin/f/pcheck diff --git a/cmd/security-webhook/kodata/refs/remotes/origin/f/pclean b/cmd/policy/webhook/kodata/refs/remotes/origin/f/pclean similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/origin/f/pclean rename to cmd/policy/webhook/kodata/refs/remotes/origin/f/pclean diff --git a/cmd/security-webhook/kodata/refs/remotes/origin/f/policyapi b/cmd/policy/webhook/kodata/refs/remotes/origin/f/policyapi similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/origin/f/policyapi rename to cmd/policy/webhook/kodata/refs/remotes/origin/f/policyapi diff --git a/cmd/security-webhook/kodata/refs/remotes/origin/fix_finalizer b/cmd/policy/webhook/kodata/refs/remotes/origin/fix_finalizer similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/origin/fix_finalizer rename to cmd/policy/webhook/kodata/refs/remotes/origin/fix_finalizer diff --git a/cmd/security-webhook/kodata/refs/remotes/origin/fix_job_term b/cmd/policy/webhook/kodata/refs/remotes/origin/fix_job_term similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/origin/fix_job_term rename to cmd/policy/webhook/kodata/refs/remotes/origin/fix_job_term diff --git a/cmd/security-webhook/kodata/refs/remotes/origin/fix_perm b/cmd/policy/webhook/kodata/refs/remotes/origin/fix_perm similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/origin/fix_perm rename to cmd/policy/webhook/kodata/refs/remotes/origin/fix_perm diff --git a/cmd/security-webhook/kodata/refs/remotes/origin/job_del b/cmd/policy/webhook/kodata/refs/remotes/origin/job_del similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/origin/job_del rename to cmd/policy/webhook/kodata/refs/remotes/origin/job_del diff --git a/cmd/security-webhook/kodata/refs/remotes/origin/master b/cmd/policy/webhook/kodata/refs/remotes/origin/master similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/origin/master rename to cmd/policy/webhook/kodata/refs/remotes/origin/master diff --git a/cmd/security-webhook/kodata/refs/remotes/origin/prop_status_topic b/cmd/policy/webhook/kodata/refs/remotes/origin/prop_status_topic similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/origin/prop_status_topic rename to cmd/policy/webhook/kodata/refs/remotes/origin/prop_status_topic diff --git a/cmd/security-webhook/kodata/refs/remotes/origin/ps_adapter_test b/cmd/policy/webhook/kodata/refs/remotes/origin/ps_adapter_test similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/origin/ps_adapter_test rename to cmd/policy/webhook/kodata/refs/remotes/origin/ps_adapter_test diff --git a/cmd/security-webhook/kodata/refs/remotes/origin/secret_final b/cmd/policy/webhook/kodata/refs/remotes/origin/secret_final similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/origin/secret_final rename to cmd/policy/webhook/kodata/refs/remotes/origin/secret_final diff --git a/cmd/security-webhook/kodata/refs/remotes/origin/secret_final_2 b/cmd/policy/webhook/kodata/refs/remotes/origin/secret_final_2 similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/origin/secret_final_2 rename to cmd/policy/webhook/kodata/refs/remotes/origin/secret_final_2 diff --git a/cmd/security-webhook/kodata/refs/remotes/origin/topic_prop_test b/cmd/policy/webhook/kodata/refs/remotes/origin/topic_prop_test similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/origin/topic_prop_test rename to cmd/policy/webhook/kodata/refs/remotes/origin/topic_prop_test diff --git a/cmd/security-webhook/kodata/refs/remotes/upstream/master b/cmd/policy/webhook/kodata/refs/remotes/upstream/master similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/upstream/master rename to cmd/policy/webhook/kodata/refs/remotes/upstream/master diff --git a/cmd/security-webhook/kodata/refs/remotes/upstream/release-0.10 b/cmd/policy/webhook/kodata/refs/remotes/upstream/release-0.10 similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/upstream/release-0.10 rename to cmd/policy/webhook/kodata/refs/remotes/upstream/release-0.10 diff --git a/cmd/security-webhook/kodata/refs/remotes/upstream/release-0.11 b/cmd/policy/webhook/kodata/refs/remotes/upstream/release-0.11 similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/upstream/release-0.11 rename to cmd/policy/webhook/kodata/refs/remotes/upstream/release-0.11 diff --git a/cmd/security-webhook/kodata/refs/remotes/upstream/release-0.12 b/cmd/policy/webhook/kodata/refs/remotes/upstream/release-0.12 similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/upstream/release-0.12 rename to cmd/policy/webhook/kodata/refs/remotes/upstream/release-0.12 diff --git a/cmd/security-webhook/kodata/refs/remotes/upstream/release-0.13 b/cmd/policy/webhook/kodata/refs/remotes/upstream/release-0.13 similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/upstream/release-0.13 rename to cmd/policy/webhook/kodata/refs/remotes/upstream/release-0.13 diff --git a/cmd/security-webhook/kodata/refs/remotes/upstream/release-0.8 b/cmd/policy/webhook/kodata/refs/remotes/upstream/release-0.8 similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/upstream/release-0.8 rename to cmd/policy/webhook/kodata/refs/remotes/upstream/release-0.8 diff --git a/cmd/security-webhook/kodata/refs/remotes/upstream/release-0.9 b/cmd/policy/webhook/kodata/refs/remotes/upstream/release-0.9 similarity index 100% rename from cmd/security-webhook/kodata/refs/remotes/upstream/release-0.9 rename to cmd/policy/webhook/kodata/refs/remotes/upstream/release-0.9 diff --git a/cmd/security-webhook/kodata/refs/tags/v0.10.0 b/cmd/policy/webhook/kodata/refs/tags/v0.10.0 similarity index 100% rename from cmd/security-webhook/kodata/refs/tags/v0.10.0 rename to cmd/policy/webhook/kodata/refs/tags/v0.10.0 diff --git a/cmd/security-webhook/kodata/refs/tags/v0.10.1 b/cmd/policy/webhook/kodata/refs/tags/v0.10.1 similarity index 100% rename from cmd/security-webhook/kodata/refs/tags/v0.10.1 rename to cmd/policy/webhook/kodata/refs/tags/v0.10.1 diff --git a/cmd/security-webhook/kodata/refs/tags/v0.11.0 b/cmd/policy/webhook/kodata/refs/tags/v0.11.0 similarity index 100% rename from cmd/security-webhook/kodata/refs/tags/v0.11.0 rename to cmd/policy/webhook/kodata/refs/tags/v0.11.0 diff --git a/cmd/security-webhook/kodata/refs/tags/v0.12.0 b/cmd/policy/webhook/kodata/refs/tags/v0.12.0 similarity index 100% rename from cmd/security-webhook/kodata/refs/tags/v0.12.0 rename to cmd/policy/webhook/kodata/refs/tags/v0.12.0 diff --git a/cmd/security-webhook/kodata/refs/tags/v0.12.1 b/cmd/policy/webhook/kodata/refs/tags/v0.12.1 similarity index 100% rename from cmd/security-webhook/kodata/refs/tags/v0.12.1 rename to cmd/policy/webhook/kodata/refs/tags/v0.12.1 diff --git a/cmd/security-webhook/kodata/refs/tags/v0.12.2 b/cmd/policy/webhook/kodata/refs/tags/v0.12.2 similarity index 100% rename from cmd/security-webhook/kodata/refs/tags/v0.12.2 rename to cmd/policy/webhook/kodata/refs/tags/v0.12.2 diff --git a/cmd/security-webhook/kodata/refs/tags/v0.13.0 b/cmd/policy/webhook/kodata/refs/tags/v0.13.0 similarity index 100% rename from cmd/security-webhook/kodata/refs/tags/v0.13.0 rename to cmd/policy/webhook/kodata/refs/tags/v0.13.0 diff --git a/cmd/security-webhook/main.go b/cmd/policy/webhook/main.go similarity index 84% rename from cmd/security-webhook/main.go rename to cmd/policy/webhook/main.go index 71bdfad9ab..7f87ee2097 100644 --- a/cmd/security-webhook/main.go +++ b/cmd/policy/webhook/main.go @@ -20,7 +20,7 @@ import ( "context" configvalidation "github.com/google/knative-gcp/pkg/apis/configs/validation" - securityv1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + policyv1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" "k8s.io/apimachinery/pkg/runtime/schema" "knative.dev/eventing/pkg/logconfig" "knative.dev/pkg/configmap" @@ -39,10 +39,10 @@ import ( ) var types = map[schema.GroupVersionKind]resourcesemantics.GenericCRD{ - securityv1alpha1.SchemeGroupVersion.WithKind("HTTPPolicy"): &securityv1alpha1.HTTPPolicy{}, - securityv1alpha1.SchemeGroupVersion.WithKind("EventPolicy"): &securityv1alpha1.EventPolicy{}, - securityv1alpha1.SchemeGroupVersion.WithKind("HTTPPolicyBinding"): &securityv1alpha1.HTTPPolicyBinding{}, - securityv1alpha1.SchemeGroupVersion.WithKind("EventPolicyBinding"): &securityv1alpha1.EventPolicyBinding{}, + policyv1alpha1.SchemeGroupVersion.WithKind("HTTPPolicy"): &policyv1alpha1.HTTPPolicy{}, + policyv1alpha1.SchemeGroupVersion.WithKind("EventPolicy"): &policyv1alpha1.EventPolicy{}, + policyv1alpha1.SchemeGroupVersion.WithKind("HTTPPolicyBinding"): &policyv1alpha1.HTTPPolicyBinding{}, + policyv1alpha1.SchemeGroupVersion.WithKind("EventPolicyBinding"): &policyv1alpha1.EventPolicyBinding{}, } func NewDefaultingAdmissionController(ctx context.Context, cmw configmap.Watcher) *controller.Impl { @@ -54,7 +54,7 @@ func NewDefaultingAdmissionController(ctx context.Context, cmw configmap.Watcher return defaulting.NewAdmissionController(ctx, // Name of the default webhook. - "webhook.security.knative.dev", + "webhook.policy.run.cloud.google.com", // The path on which to serve the webhook. "/defaulting", @@ -74,7 +74,7 @@ func NewValidationAdmissionController(ctx context.Context, cmw configmap.Watcher return validation.NewAdmissionController(ctx, // Name of the validation webhook. - "validation.webhook.security.knative.dev", + "validation.webhook.policy.run.cloud.google.com", // The path on which to serve the webhook. "/validation", @@ -97,7 +97,7 @@ func NewConfigValidationController(ctx context.Context, cmw configmap.Watcher) * return configmaps.NewAdmissionController(ctx, // Name of the configmap webhook. - "config.webhook.security.knative.dev", + "config.webhook.policy.run.cloud.google.com", // The path on which to serve the webhook. "/config-validation", @@ -118,7 +118,7 @@ func main() { ServiceName: logconfig.WebhookName(), Port: 8443, // SecretName must match the name of the Secret created in the configuration. - SecretName: "security-webhook-certs", + SecretName: "policy-webhook-certs", }) sharedmain.WebhookMainWithContext(ctx, logconfig.WebhookName(), diff --git a/config/security/100-namespace.yaml b/config/policy/100-namespace.yaml similarity index 89% rename from config/security/100-namespace.yaml rename to config/policy/100-namespace.yaml index 76efce00ef..e5a081fddd 100644 --- a/config/security/100-namespace.yaml +++ b/config/policy/100-namespace.yaml @@ -15,6 +15,6 @@ apiVersion: v1 kind: Namespace metadata: - name: knative-security + name: cloud-run-policy labels: - security.knative.dev/release: devel + policy.run.cloud.google.com/release: devel diff --git a/config/security/200-serviceaccount.yaml b/config/policy/200-serviceaccount.yaml similarity index 77% rename from config/security/200-serviceaccount.yaml rename to config/policy/200-serviceaccount.yaml index 38c9bdce9c..ddb0c225f8 100644 --- a/config/security/200-serviceaccount.yaml +++ b/config/policy/200-serviceaccount.yaml @@ -15,17 +15,17 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: security-controller - namespace: knative-security + name: policy-controller + namespace: cloud-run-policy labels: - security.knative.dev/release: devel + policy.run.cloud.google.com/release: devel --- apiVersion: v1 kind: ServiceAccount metadata: - name: security-webhook - namespace: knative-security + name: policy-webhook + namespace: cloud-run-policy labels: - security.knative.dev/release: devel + policy.run.cloud.google.com/release: devel diff --git a/config/security/201-clusterrole.yaml b/config/policy/201-clusterrole.yaml similarity index 89% rename from config/security/201-clusterrole.yaml rename to config/policy/201-clusterrole.yaml index 843ed8a363..5cb7b279cb 100644 --- a/config/security/201-clusterrole.yaml +++ b/config/policy/201-clusterrole.yaml @@ -15,13 +15,13 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: security-controller + name: policy-controller labels: - security.knative.dev/release: devel + policy.run.cloud.google.com/release: devel rules: - apiGroups: - - security.knative.dev + - policy.run.cloud.google.com resources: - httppolicies - eventpolicies @@ -37,7 +37,7 @@ rules: - delete - apiGroups: - - security.knative.dev + - policy.run.cloud.google.com resources: - httppolicybindings/status - eventpolicybindings/status @@ -61,6 +61,13 @@ rules: verbs: - get +- apiGroups: [“”] + resources: + - events + verbs: + - create + - patch + # All supported subjects. # TODO: is there a better way to grant get/list permission # for all resources? diff --git a/config/security/201-role.yaml b/config/policy/201-role.yaml similarity index 88% rename from config/security/201-role.yaml rename to config/policy/201-role.yaml index c967b2f994..f5e9d62324 100644 --- a/config/security/201-role.yaml +++ b/config/policy/201-role.yaml @@ -14,12 +14,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role - metadata: - name: security-controller - namespace: knative-security + name: policy-controller + namespace: cloud-run-policy labels: - security.knative.dev/release: devel + policy.run.cloud.google.com/release: devel rules: - apiGroups: - "" diff --git a/config/security/201-webhook-clusterrole.yaml b/config/policy/201-webhook-clusterrole.yaml similarity index 95% rename from config/security/201-webhook-clusterrole.yaml rename to config/policy/201-webhook-clusterrole.yaml index f1e692111b..15f54b92e5 100644 --- a/config/security/201-webhook-clusterrole.yaml +++ b/config/policy/201-webhook-clusterrole.yaml @@ -15,9 +15,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: security-webhook + name: policy-webhook labels: - security.knative.dev/release: devel + policy.run.cloud.google.com/release: devel rules: # For watching logging configuration and getting certs. - apiGroups: diff --git a/config/security/202-clusterrolebinding.yaml b/config/policy/202-clusterrolebinding.yaml similarity index 75% rename from config/security/202-clusterrolebinding.yaml rename to config/policy/202-clusterrolebinding.yaml index bc30cc7804..8b7c29ad1d 100644 --- a/config/security/202-clusterrolebinding.yaml +++ b/config/policy/202-clusterrolebinding.yaml @@ -15,31 +15,31 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: security-controller + name: policy-controller labels: - security.knative.dev/release: devel + policy.run.cloud.google.com/release: devel subjects: - kind: ServiceAccount - name: security-controller - namespace: knative-security + name: policy-controller + namespace: cloud-run-policy roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: security-controller + name: policy-controller --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: security-webhook + name: policy-webhook labels: - security.knative.dev/release: devel + policy.run.cloud.google.com/release: devel subjects: - kind: ServiceAccount - name: security-webhook - namespace: knative-security + name: policy-webhook + namespace: cloud-run-policy roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: security-webhook + name: policy-webhook diff --git a/config/security/202-rolebinding.yaml b/config/policy/202-rolebinding.yaml similarity index 80% rename from config/security/202-rolebinding.yaml rename to config/policy/202-rolebinding.yaml index 483e4e6ac8..65d55a5031 100644 --- a/config/security/202-rolebinding.yaml +++ b/config/policy/202-rolebinding.yaml @@ -15,15 +15,15 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: security-controller - namespace: knative-security + name: policy-controller + namespace: cloud-run-policy labels: - security.knative.dev/release: devel + policy.run.cloud.google.com/release: devel subjects: - kind: ServiceAccount - name: security-controller - namespace: knative-security + name: policy-controller + namespace: cloud-run-policy roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: security-controller + name: policy-controller diff --git a/config/security/300-eventpolicy.yaml b/config/policy/300-eventpolicy.yaml similarity index 82% rename from config/security/300-eventpolicy.yaml rename to config/policy/300-eventpolicy.yaml index 28a05eb0fd..5a37bbfff0 100644 --- a/config/security/300-eventpolicy.yaml +++ b/config/policy/300-eventpolicy.yaml @@ -14,12 +14,12 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: - name: eventpolicies.security.knative.dev + name: eventpolicies.policy.run.cloud.google.com labels: - security.knative.dev/release: devel - security.knative.dev/crd-install: "true" + policy.run.cloud.google.com/release: devel + policy.run.cloud.google.com/crd-install: "true" spec: - group: security.knative.dev + group: policy.run.cloud.google.com version: v1alpha1 names: kind: EventPolicy @@ -28,7 +28,7 @@ spec: categories: - all - knative - - security + - policy scope: Namespaced additionalPrinterColumns: - name: Age diff --git a/config/security/300-eventpolicybinding.yaml b/config/policy/300-eventpolicybinding.yaml similarity index 85% rename from config/security/300-eventpolicybinding.yaml rename to config/policy/300-eventpolicybinding.yaml index 49d3839ca1..02b02a23f9 100644 --- a/config/security/300-eventpolicybinding.yaml +++ b/config/policy/300-eventpolicybinding.yaml @@ -14,12 +14,12 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: - name: eventpolicybindings.security.knative.dev + name: eventpolicybindings.policy.run.cloud.google.com labels: - security.knative.dev/release: devel - security.knative.dev/crd-install: "true" + policy.run.cloud.google.com/release: devel + policy.run.cloud.google.com/crd-install: "true" spec: - group: security.knative.dev + group: policy.run.cloud.google.com version: v1alpha1 names: kind: EventPolicyBinding @@ -28,7 +28,7 @@ spec: categories: - all - knative - - security + - policy scope: Namespaced subresources: status: {} diff --git a/config/security/300-httppolicy.yaml b/config/policy/300-httppolicy.yaml similarity index 82% rename from config/security/300-httppolicy.yaml rename to config/policy/300-httppolicy.yaml index 9e85b48e4b..15b272adf0 100644 --- a/config/security/300-httppolicy.yaml +++ b/config/policy/300-httppolicy.yaml @@ -14,12 +14,12 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: - name: httppolicies.security.knative.dev + name: httppolicies.policy.run.cloud.google.com labels: - security.knative.dev/release: devel - security.knative.dev/crd-install: "true" + policy.run.cloud.google.com/release: devel + policy.run.cloud.google.com/crd-install: "true" spec: - group: security.knative.dev + group: policy.run.cloud.google.com version: v1alpha1 names: kind: HTTPPolicy @@ -28,7 +28,7 @@ spec: categories: - all - knative - - security + - policy scope: Namespaced additionalPrinterColumns: - name: Age diff --git a/config/security/300-httppolicybinding.yaml b/config/policy/300-httppolicybinding.yaml similarity index 85% rename from config/security/300-httppolicybinding.yaml rename to config/policy/300-httppolicybinding.yaml index 5b5c706662..8602e1ac5b 100644 --- a/config/security/300-httppolicybinding.yaml +++ b/config/policy/300-httppolicybinding.yaml @@ -14,12 +14,12 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: - name: httppolicybindings.security.knative.dev + name: httppolicybindings.policy.run.cloud.google.com labels: - security.knative.dev/release: devel - security.knative.dev/crd-install: "true" + policy.run.cloud.google.com/release: devel + policy.run.cloud.google.com/crd-install: "true" spec: - group: security.knative.dev + group: policy.run.cloud.google.com version: v1alpha1 names: kind: HTTPPolicyBinding @@ -28,7 +28,7 @@ spec: categories: - all - knative - - security + - policy scope: Namespaced subresources: status: {} diff --git a/config/security/400-webhook-service.yaml b/config/policy/400-webhook-service.yaml similarity index 82% rename from config/security/400-webhook-service.yaml rename to config/policy/400-webhook-service.yaml index 5103c92eaa..3e885fd729 100644 --- a/config/security/400-webhook-service.yaml +++ b/config/policy/400-webhook-service.yaml @@ -16,13 +16,13 @@ apiVersion: v1 kind: Service metadata: labels: - role: security-webhook - security.knative.dev/release: devel - name: security-webhook - namespace: knative-security + role: policy-webhook + policy.run.cloud.google.com/release: devel + name: policy-webhook + namespace: cloud-run-policy spec: ports: - port: 443 targetPort: 8443 selector: - role: security-webhook + role: policy-webhook diff --git a/config/security/500-controller.yaml b/config/policy/500-controller.yaml similarity index 74% rename from config/security/500-controller.yaml rename to config/policy/500-controller.yaml index 55ad1e31f8..6f8f206dd7 100644 --- a/config/security/500-controller.yaml +++ b/config/policy/500-controller.yaml @@ -15,27 +15,27 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: security-controller - namespace: knative-security + name: policy-controller + namespace: cloud-run-policy labels: - security.knative.dev/release: devel + policy.run.cloud.google.com/release: devel spec: replicas: 1 selector: matchLabels: - app: knative-security - role: security-controller + app: cloud-run-policy + role: policy-controller template: metadata: labels: - app: knative-security - role: security-controller - security.knative.dev/release: devel + app: cloud-run-policy + role: policy-controller + policy.run.cloud.google.com/release: devel spec: - serviceAccountName: security-controller + serviceAccountName: policy-controller containers: - - name: security-controller - image: ko://github.com/google/knative-gcp/cmd/security-controller + - name: policy-controller + image: ko://github.com/google/knative-gcp/cmd/policy/controller imagePullPolicy: Always env: - name: SYSTEM_NAMESPACE @@ -49,7 +49,7 @@ spec: - name: CONFIG_LEADERELECTION_NAME value: config-leader-election - name: METRICS_DOMAIN - value: knative.dev/security + value: run.cloud.google.com/policy resources: limits: cpu: 1000m diff --git a/config/security/500-webhook-config-validation.yaml b/config/policy/500-webhook-config-validation.yaml similarity index 76% rename from config/security/500-webhook-config-validation.yaml rename to config/policy/500-webhook-config-validation.yaml index 647f65cef1..77ebae30a5 100644 --- a/config/security/500-webhook-config-validation.yaml +++ b/config/policy/500-webhook-config-validation.yaml @@ -15,20 +15,20 @@ apiVersion: admissionregistration.k8s.io/v1beta1 kind: ValidatingWebhookConfiguration metadata: - name: config.webhook.security.knative.dev + name: config.webhook.policy.run.cloud.google.com labels: - security.knative.dev/release: devel + policy.run.cloud.google.com/release: devel webhooks: - admissionReviewVersions: - v1beta1 clientConfig: service: - name: security-webhook - namespace: knative-security + name: policy-webhook + namespace: cloud-run-policy failurePolicy: Fail sideEffects: None - name: config.webhook.security.knative.dev + name: config.webhook.policy.run.cloud.google.com namespaceSelector: matchExpressions: - - key: security.knative.dev/release + - key: policy.run.cloud.google.com/release operator: Exists diff --git a/config/security/500-webhook-defaulting.yaml b/config/policy/500-webhook-defaulting.yaml similarity index 80% rename from config/security/500-webhook-defaulting.yaml rename to config/policy/500-webhook-defaulting.yaml index 072eed24ee..8ca77a8f2f 100644 --- a/config/security/500-webhook-defaulting.yaml +++ b/config/policy/500-webhook-defaulting.yaml @@ -15,16 +15,16 @@ apiVersion: admissionregistration.k8s.io/v1beta1 kind: MutatingWebhookConfiguration metadata: - name: webhook.security.knative.dev + name: webhook.policy.run.cloud.google.com labels: - security.knative.dev/release: devel + policy.run.cloud.google.com/release: devel webhooks: - admissionReviewVersions: - v1beta1 clientConfig: service: - name: security-webhook - namespace: knative-security + name: policy-webhook + namespace: cloud-run-policy failurePolicy: Fail sideEffects: None - name: webhook.security.knative.dev + name: webhook.policy.run.cloud.google.com diff --git a/config/security/500-webhook-resource-validation.yaml b/config/policy/500-webhook-resource-validation.yaml similarity index 78% rename from config/security/500-webhook-resource-validation.yaml rename to config/policy/500-webhook-resource-validation.yaml index 9c41630d5a..226cd437a0 100644 --- a/config/security/500-webhook-resource-validation.yaml +++ b/config/policy/500-webhook-resource-validation.yaml @@ -15,16 +15,16 @@ apiVersion: admissionregistration.k8s.io/v1beta1 kind: ValidatingWebhookConfiguration metadata: - name: validation.webhook.security.knative.dev + name: validation.webhook.policy.run.cloud.google.com labels: - security.knative.dev/release: devel + policy.run.cloud.google.com/release: devel webhooks: - admissionReviewVersions: - v1beta1 clientConfig: service: - name: security-webhook - namespace: knative-security + name: policy-webhook + namespace: cloud-run-policy failurePolicy: Fail sideEffects: None - name: validation.webhook.security.knative.dev + name: validation.webhook.policy.run.cloud.google.com diff --git a/config/security/500-webhook-secret.yaml b/config/policy/500-webhook-secret.yaml similarity index 86% rename from config/security/500-webhook-secret.yaml rename to config/policy/500-webhook-secret.yaml index f2e7264c92..110d348dcf 100644 --- a/config/security/500-webhook-secret.yaml +++ b/config/policy/500-webhook-secret.yaml @@ -15,8 +15,8 @@ apiVersion: v1 kind: Secret metadata: - name: security-webhook-certs - namespace: knative-security + name: policy-webhook-certs + namespace: cloud-run-policy labels: - security.knative.dev/release: devel + policy.run.cloud.google.com/release: devel # The data is populated at install time. diff --git a/config/security/500-webhook.yaml b/config/policy/500-webhook.yaml similarity index 77% rename from config/security/500-webhook.yaml rename to config/policy/500-webhook.yaml index ba5be1fb58..a841f53110 100644 --- a/config/security/500-webhook.yaml +++ b/config/policy/500-webhook.yaml @@ -15,30 +15,30 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: security-webhook - namespace: knative-security + name: policy-webhook + namespace: cloud-run-policy labels: - security.knative.dev/release: devel + policy.run.cloud.google.com/release: devel spec: replicas: 1 selector: matchLabels: - app: knative-security - role: security-webhook + app: cloud-run-policy + role: policy-webhook template: metadata: labels: - app: knative-security - role: security-webhook - security.knative.dev/release: devel + app: cloud-run-policy + role: policy-webhook + policy.run.cloud.google.com/release: devel spec: - serviceAccountName: security-webhook + serviceAccountName: policy-webhook containers: - - name: security-webhook + - name: policy-webhook terminationMessagePolicy: FallbackToLogsOnError # This is the Go import path for the binary that is containerized # and substituted here. - image: ko://github.com/google/knative-gcp/cmd/security-webhook + image: ko://github.com/google/knative-gcp/cmd/policy/webhook resources: requests: # taken from serving. @@ -58,4 +58,4 @@ spec: - name: METRICS_DOMAIN value: cloud.google.com/events - name: WEBHOOK_NAME - value: security-webhook + value: policy-webhook diff --git a/config/security/config-leader-election.yaml b/config/policy/config-leader-election.yaml similarity index 96% rename from config/security/config-leader-election.yaml rename to config/policy/config-leader-election.yaml index 2bbae73bf2..ab475bc57a 100644 --- a/config/security/config-leader-election.yaml +++ b/config/policy/config-leader-election.yaml @@ -16,9 +16,9 @@ apiVersion: v1 kind: ConfigMap metadata: name: config-leader-election - namespace: knative-security + namespace: cloud-run-policy labels: - security.knative.dev/release: devel + policy.run.cloud.google.com/release: devel data: # An inactive but valid configuration follows; see example. resourceLock: "leases" diff --git a/config/security/config-logging.yaml b/config/policy/config-logging.yaml similarity index 96% rename from config/security/config-logging.yaml rename to config/policy/config-logging.yaml index 04b8e6a5b3..b95d6c45e1 100644 --- a/config/security/config-logging.yaml +++ b/config/policy/config-logging.yaml @@ -16,9 +16,9 @@ apiVersion: v1 kind: ConfigMap metadata: name: config-logging - namespace: knative-security + namespace: cloud-run-policy labels: - security.knative.dev/release: devel + policy.run.cloud.google.com/release: devel data: _example: | diff --git a/config/security/config-observability.yaml b/config/policy/config-observability.yaml similarity index 97% rename from config/security/config-observability.yaml rename to config/policy/config-observability.yaml index 28d4e7300f..2fdc131a8e 100644 --- a/config/security/config-observability.yaml +++ b/config/policy/config-observability.yaml @@ -16,9 +16,9 @@ apiVersion: v1 kind: ConfigMap metadata: name: config-observability - namespace: knative-security + namespace: cloud-run-policy labels: - security.knative.dev/release: devel + policy.run.cloud.google.com/release: devel data: _example: | diff --git a/config/security/config-tracing.yaml b/config/policy/config-tracing.yaml similarity index 98% rename from config/security/config-tracing.yaml rename to config/policy/config-tracing.yaml index e689c86513..0ca1348bdf 100644 --- a/config/security/config-tracing.yaml +++ b/config/policy/config-tracing.yaml @@ -16,7 +16,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: config-tracing - namespace: knative-security + namespace: cloud-run-policy data: _example: | ################################ diff --git a/hack/update-codegen.sh b/hack/update-codegen.sh index fa0d2bec64..fb5e88d706 100755 --- a/hack/update-codegen.sh +++ b/hack/update-codegen.sh @@ -36,14 +36,14 @@ ${CODEGEN_PKG}/generate-groups.sh "deepcopy" \ # instead of the $GOPATH directly. For normal projects this can be dropped. ${CODEGEN_PKG}/generate-groups.sh "deepcopy,client,informer,lister" \ github.com/google/knative-gcp/pkg/client github.com/google/knative-gcp/pkg/apis \ - "pubsub:v1alpha1 messaging:v1alpha1 events:v1alpha1 security:v1alpha1" \ + "pubsub:v1alpha1 messaging:v1alpha1 events:v1alpha1 policy:v1alpha1" \ --go-header-file ${REPO_ROOT_DIR}/hack/boilerplate/boilerplate.go.txt # Knative Injection ${KNATIVE_CODEGEN_PKG}/hack/generate-knative.sh "injection" \ github.com/google/knative-gcp/pkg/client github.com/google/knative-gcp/pkg/apis \ - "pubsub:v1alpha1 messaging:v1alpha1 events:v1alpha1 duck:v1alpha1 security:v1alpha1" \ + "pubsub:v1alpha1 messaging:v1alpha1 events:v1alpha1 duck:v1alpha1 policy:v1alpha1" \ --go-header-file ${REPO_ROOT_DIR}/hack/boilerplate/boilerplate.go.txt # Generate our own client for istio (otherwise injection won't work) diff --git a/pkg/apis/security/register.go b/pkg/apis/policy/register.go similarity index 90% rename from pkg/apis/security/register.go rename to pkg/apis/policy/register.go index 0fc9cbc617..628e7ef8e4 100644 --- a/pkg/apis/security/register.go +++ b/pkg/apis/policy/register.go @@ -14,12 +14,12 @@ See the License for the specific language governing permissions and limitations under the License. */ -// Package security contains experimental security policy API definitions. -package security +// Package policy contains experimental policy API definitions. +package policy const ( // GroupName is the API group name. - GroupName = "security.knative.dev" + GroupName = "policy.run.cloud.google.com" // PolicyBindingClassAnnotationKey is the annotation key for policy binding class. PolicyBindingClassAnnotationKey = GroupName + "/policybinding-class" diff --git a/pkg/apis/security/v1alpha1/common_defaults.go b/pkg/apis/policy/v1alpha1/common_defaults.go similarity index 100% rename from pkg/apis/security/v1alpha1/common_defaults.go rename to pkg/apis/policy/v1alpha1/common_defaults.go diff --git a/pkg/apis/security/v1alpha1/common_defaults_test.go b/pkg/apis/policy/v1alpha1/common_defaults_test.go similarity index 100% rename from pkg/apis/security/v1alpha1/common_defaults_test.go rename to pkg/apis/policy/v1alpha1/common_defaults_test.go diff --git a/pkg/apis/security/v1alpha1/common_lifecycle.go b/pkg/apis/policy/v1alpha1/common_lifecycle.go similarity index 100% rename from pkg/apis/security/v1alpha1/common_lifecycle.go rename to pkg/apis/policy/v1alpha1/common_lifecycle.go diff --git a/pkg/apis/security/v1alpha1/common_lifecycle_test.go b/pkg/apis/policy/v1alpha1/common_lifecycle_test.go similarity index 100% rename from pkg/apis/security/v1alpha1/common_lifecycle_test.go rename to pkg/apis/policy/v1alpha1/common_lifecycle_test.go diff --git a/pkg/apis/security/v1alpha1/common_types.go b/pkg/apis/policy/v1alpha1/common_types.go similarity index 100% rename from pkg/apis/security/v1alpha1/common_types.go rename to pkg/apis/policy/v1alpha1/common_types.go diff --git a/pkg/apis/security/v1alpha1/common_types_test.go b/pkg/apis/policy/v1alpha1/common_types_test.go similarity index 100% rename from pkg/apis/security/v1alpha1/common_types_test.go rename to pkg/apis/policy/v1alpha1/common_types_test.go diff --git a/pkg/apis/security/v1alpha1/common_validation.go b/pkg/apis/policy/v1alpha1/common_validation.go similarity index 95% rename from pkg/apis/security/v1alpha1/common_validation.go rename to pkg/apis/policy/v1alpha1/common_validation.go index eb0a54f0fa..63420f09fa 100644 --- a/pkg/apis/security/v1alpha1/common_validation.go +++ b/pkg/apis/policy/v1alpha1/common_validation.go @@ -21,7 +21,7 @@ import ( "fmt" "net/http" - "github.com/google/knative-gcp/pkg/apis/security" + "github.com/google/knative-gcp/pkg/apis/policy" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/sets" "knative.dev/pkg/apis" @@ -230,15 +230,15 @@ func CheckImmutableBindingObjectMeta(ctx context.Context, current, original *met } var currBindingClass, originalBindingClass string if current.Annotations != nil { - currBindingClass = current.Annotations[security.PolicyBindingClassAnnotationKey] + currBindingClass = current.Annotations[policy.PolicyBindingClassAnnotationKey] } if original.Annotations != nil { - originalBindingClass = original.Annotations[security.PolicyBindingClassAnnotationKey] + originalBindingClass = original.Annotations[policy.PolicyBindingClassAnnotationKey] } if currBindingClass != originalBindingClass { return &apis.FieldError{ Message: "Immutable fields changed (-old +new)", - Paths: []string{"annotations", security.PolicyBindingClassAnnotationKey}, + Paths: []string{"annotations", policy.PolicyBindingClassAnnotationKey}, Details: fmt.Sprintf("-: %q\n+: %q", originalBindingClass, currBindingClass), } } diff --git a/pkg/apis/security/v1alpha1/common_validation_test.go b/pkg/apis/policy/v1alpha1/common_validation_test.go similarity index 98% rename from pkg/apis/security/v1alpha1/common_validation_test.go rename to pkg/apis/policy/v1alpha1/common_validation_test.go index d4dabfe055..f9e490d12f 100644 --- a/pkg/apis/security/v1alpha1/common_validation_test.go +++ b/pkg/apis/policy/v1alpha1/common_validation_test.go @@ -21,7 +21,7 @@ import ( "testing" "github.com/google/go-cmp/cmp" - "github.com/google/knative-gcp/pkg/apis/security" + "github.com/google/knative-gcp/pkg/apis/policy" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "knative.dev/pkg/apis" duckv1 "knative.dev/pkg/apis/duck/v1" @@ -503,18 +503,18 @@ func TestPolicyBindingSpecCheckImmutableFields(t *testing.T) { func TestCheckPolicyBindingImmutableObjectMeta(t *testing.T) { m1 := &metav1.ObjectMeta{ Annotations: map[string]string{ - security.PolicyBindingClassAnnotationKey: "foo", + policy.PolicyBindingClassAnnotationKey: "foo", }, } m2 := &metav1.ObjectMeta{ Annotations: map[string]string{ - security.PolicyBindingClassAnnotationKey: "bar", + policy.PolicyBindingClassAnnotationKey: "bar", }, } wantErr := &apis.FieldError{ Message: "Immutable fields changed (-old +new)", - Paths: []string{"annotations", security.PolicyBindingClassAnnotationKey}, + Paths: []string{"annotations", policy.PolicyBindingClassAnnotationKey}, Details: "-: \"foo\"\n+: \"bar\"", } gotErr := CheckImmutableBindingObjectMeta(context.Background(), m2, m1) diff --git a/pkg/apis/security/v1alpha1/doc.go b/pkg/apis/policy/v1alpha1/doc.go similarity index 77% rename from pkg/apis/security/v1alpha1/doc.go rename to pkg/apis/policy/v1alpha1/doc.go index f8e57eac52..0ed0ceb2eb 100644 --- a/pkg/apis/security/v1alpha1/doc.go +++ b/pkg/apis/policy/v1alpha1/doc.go @@ -14,10 +14,10 @@ See the License for the specific language governing permissions and limitations under the License. */ -// Package v1alpha1 contains API Schema definitions for the security v1alpha1 API group +// Package v1alpha1 contains API Schema definitions for the policy v1alpha1 API group // +k8s:openapi-gen=true // +k8s:deepcopy-gen=package,register -// +k8s:conversion-gen=github.com/google/knative-gcp/pkg/apis/security +// +k8s:conversion-gen=github.com/google/knative-gcp/pkg/apis/policy // +k8s:defaulter-gen=TypeMeta -// +groupName=security.knative.dev +// +groupName=policy.run.cloud.google.com package v1alpha1 diff --git a/pkg/apis/security/v1alpha1/eventpolicy_defaults.go b/pkg/apis/policy/v1alpha1/eventpolicy_defaults.go similarity index 100% rename from pkg/apis/security/v1alpha1/eventpolicy_defaults.go rename to pkg/apis/policy/v1alpha1/eventpolicy_defaults.go diff --git a/pkg/apis/security/v1alpha1/eventpolicy_defaults_test.go b/pkg/apis/policy/v1alpha1/eventpolicy_defaults_test.go similarity index 100% rename from pkg/apis/security/v1alpha1/eventpolicy_defaults_test.go rename to pkg/apis/policy/v1alpha1/eventpolicy_defaults_test.go diff --git a/pkg/apis/security/v1alpha1/eventpolicy_types.go b/pkg/apis/policy/v1alpha1/eventpolicy_types.go similarity index 100% rename from pkg/apis/security/v1alpha1/eventpolicy_types.go rename to pkg/apis/policy/v1alpha1/eventpolicy_types.go diff --git a/pkg/apis/security/v1alpha1/eventpolicy_types_test.go b/pkg/apis/policy/v1alpha1/eventpolicy_types_test.go similarity index 100% rename from pkg/apis/security/v1alpha1/eventpolicy_types_test.go rename to pkg/apis/policy/v1alpha1/eventpolicy_types_test.go diff --git a/pkg/apis/security/v1alpha1/eventpolicy_validation.go b/pkg/apis/policy/v1alpha1/eventpolicy_validation.go similarity index 100% rename from pkg/apis/security/v1alpha1/eventpolicy_validation.go rename to pkg/apis/policy/v1alpha1/eventpolicy_validation.go diff --git a/pkg/apis/security/v1alpha1/eventpolicy_validation_test.go b/pkg/apis/policy/v1alpha1/eventpolicy_validation_test.go similarity index 100% rename from pkg/apis/security/v1alpha1/eventpolicy_validation_test.go rename to pkg/apis/policy/v1alpha1/eventpolicy_validation_test.go diff --git a/pkg/apis/security/v1alpha1/eventpolicybinding_defaults.go b/pkg/apis/policy/v1alpha1/eventpolicybinding_defaults.go similarity index 100% rename from pkg/apis/security/v1alpha1/eventpolicybinding_defaults.go rename to pkg/apis/policy/v1alpha1/eventpolicybinding_defaults.go diff --git a/pkg/apis/security/v1alpha1/eventpolicybinding_defaults_test.go b/pkg/apis/policy/v1alpha1/eventpolicybinding_defaults_test.go similarity index 100% rename from pkg/apis/security/v1alpha1/eventpolicybinding_defaults_test.go rename to pkg/apis/policy/v1alpha1/eventpolicybinding_defaults_test.go diff --git a/pkg/apis/security/v1alpha1/eventpolicybinding_types.go b/pkg/apis/policy/v1alpha1/eventpolicybinding_types.go similarity index 100% rename from pkg/apis/security/v1alpha1/eventpolicybinding_types.go rename to pkg/apis/policy/v1alpha1/eventpolicybinding_types.go diff --git a/pkg/apis/security/v1alpha1/eventpolicybinding_types_test.go b/pkg/apis/policy/v1alpha1/eventpolicybinding_types_test.go similarity index 100% rename from pkg/apis/security/v1alpha1/eventpolicybinding_types_test.go rename to pkg/apis/policy/v1alpha1/eventpolicybinding_types_test.go diff --git a/pkg/apis/security/v1alpha1/eventpolicybinding_validation.go b/pkg/apis/policy/v1alpha1/eventpolicybinding_validation.go similarity index 100% rename from pkg/apis/security/v1alpha1/eventpolicybinding_validation.go rename to pkg/apis/policy/v1alpha1/eventpolicybinding_validation.go diff --git a/pkg/apis/security/v1alpha1/eventpolicybinding_validation_test.go b/pkg/apis/policy/v1alpha1/eventpolicybinding_validation_test.go similarity index 97% rename from pkg/apis/security/v1alpha1/eventpolicybinding_validation_test.go rename to pkg/apis/policy/v1alpha1/eventpolicybinding_validation_test.go index 90bd7d0dc6..4d95b80a58 100644 --- a/pkg/apis/security/v1alpha1/eventpolicybinding_validation_test.go +++ b/pkg/apis/policy/v1alpha1/eventpolicybinding_validation_test.go @@ -21,7 +21,7 @@ import ( "testing" "github.com/google/go-cmp/cmp" - "github.com/google/knative-gcp/pkg/apis/security" + "github.com/google/knative-gcp/pkg/apis/policy" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "knative.dev/pkg/apis" duckv1 "knative.dev/pkg/apis/duck/v1" @@ -281,7 +281,7 @@ func TestEventPolicyBindingCheckImmutableFields(t *testing.T) { orignal: &EventPolicyBinding{ ObjectMeta: metav1.ObjectMeta{ Annotations: map[string]string{ - security.PolicyBindingClassAnnotationKey: "foo", + policy.PolicyBindingClassAnnotationKey: "foo", }, }, Spec: PolicyBindingSpec{ @@ -300,7 +300,7 @@ func TestEventPolicyBindingCheckImmutableFields(t *testing.T) { updated: &EventPolicyBinding{ ObjectMeta: metav1.ObjectMeta{ Annotations: map[string]string{ - security.PolicyBindingClassAnnotationKey: "bar", + policy.PolicyBindingClassAnnotationKey: "bar", }, }, Spec: PolicyBindingSpec{ @@ -318,7 +318,7 @@ func TestEventPolicyBindingCheckImmutableFields(t *testing.T) { }, wantErr: &apis.FieldError{ Message: "Immutable fields changed (-old +new)", - Paths: []string{"annotations", security.PolicyBindingClassAnnotationKey}, + Paths: []string{"annotations", policy.PolicyBindingClassAnnotationKey}, Details: "-: \"foo\"\n+: \"bar\"", }, }} diff --git a/pkg/apis/security/v1alpha1/httppolicy_defaults.go b/pkg/apis/policy/v1alpha1/httppolicy_defaults.go similarity index 100% rename from pkg/apis/security/v1alpha1/httppolicy_defaults.go rename to pkg/apis/policy/v1alpha1/httppolicy_defaults.go diff --git a/pkg/apis/security/v1alpha1/httppolicy_defaults_test.go b/pkg/apis/policy/v1alpha1/httppolicy_defaults_test.go similarity index 100% rename from pkg/apis/security/v1alpha1/httppolicy_defaults_test.go rename to pkg/apis/policy/v1alpha1/httppolicy_defaults_test.go diff --git a/pkg/apis/security/v1alpha1/httppolicy_types.go b/pkg/apis/policy/v1alpha1/httppolicy_types.go similarity index 100% rename from pkg/apis/security/v1alpha1/httppolicy_types.go rename to pkg/apis/policy/v1alpha1/httppolicy_types.go diff --git a/pkg/apis/security/v1alpha1/httppolicy_types_test.go b/pkg/apis/policy/v1alpha1/httppolicy_types_test.go similarity index 100% rename from pkg/apis/security/v1alpha1/httppolicy_types_test.go rename to pkg/apis/policy/v1alpha1/httppolicy_types_test.go diff --git a/pkg/apis/security/v1alpha1/httppolicy_validation.go b/pkg/apis/policy/v1alpha1/httppolicy_validation.go similarity index 100% rename from pkg/apis/security/v1alpha1/httppolicy_validation.go rename to pkg/apis/policy/v1alpha1/httppolicy_validation.go diff --git a/pkg/apis/security/v1alpha1/httppolicy_validation_test.go b/pkg/apis/policy/v1alpha1/httppolicy_validation_test.go similarity index 100% rename from pkg/apis/security/v1alpha1/httppolicy_validation_test.go rename to pkg/apis/policy/v1alpha1/httppolicy_validation_test.go diff --git a/pkg/apis/security/v1alpha1/httppolicybinding_defaults.go b/pkg/apis/policy/v1alpha1/httppolicybinding_defaults.go similarity index 100% rename from pkg/apis/security/v1alpha1/httppolicybinding_defaults.go rename to pkg/apis/policy/v1alpha1/httppolicybinding_defaults.go diff --git a/pkg/apis/security/v1alpha1/httppolicybinding_defaults_test.go b/pkg/apis/policy/v1alpha1/httppolicybinding_defaults_test.go similarity index 100% rename from pkg/apis/security/v1alpha1/httppolicybinding_defaults_test.go rename to pkg/apis/policy/v1alpha1/httppolicybinding_defaults_test.go diff --git a/pkg/apis/security/v1alpha1/httppolicybinding_types.go b/pkg/apis/policy/v1alpha1/httppolicybinding_types.go similarity index 100% rename from pkg/apis/security/v1alpha1/httppolicybinding_types.go rename to pkg/apis/policy/v1alpha1/httppolicybinding_types.go diff --git a/pkg/apis/security/v1alpha1/httppolicybinding_types_test.go b/pkg/apis/policy/v1alpha1/httppolicybinding_types_test.go similarity index 100% rename from pkg/apis/security/v1alpha1/httppolicybinding_types_test.go rename to pkg/apis/policy/v1alpha1/httppolicybinding_types_test.go diff --git a/pkg/apis/security/v1alpha1/httppolicybinding_validation.go b/pkg/apis/policy/v1alpha1/httppolicybinding_validation.go similarity index 100% rename from pkg/apis/security/v1alpha1/httppolicybinding_validation.go rename to pkg/apis/policy/v1alpha1/httppolicybinding_validation.go diff --git a/pkg/apis/security/v1alpha1/httppolicybinding_validation_test.go b/pkg/apis/policy/v1alpha1/httppolicybinding_validation_test.go similarity index 97% rename from pkg/apis/security/v1alpha1/httppolicybinding_validation_test.go rename to pkg/apis/policy/v1alpha1/httppolicybinding_validation_test.go index 8da8105ee5..4eaca21c01 100644 --- a/pkg/apis/security/v1alpha1/httppolicybinding_validation_test.go +++ b/pkg/apis/policy/v1alpha1/httppolicybinding_validation_test.go @@ -21,7 +21,7 @@ import ( "testing" "github.com/google/go-cmp/cmp" - "github.com/google/knative-gcp/pkg/apis/security" + "github.com/google/knative-gcp/pkg/apis/policy" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "knative.dev/pkg/apis" duckv1 "knative.dev/pkg/apis/duck/v1" @@ -281,7 +281,7 @@ func TestHTTPPolicyBindingCheckImmutableFields(t *testing.T) { orignal: &HTTPPolicyBinding{ ObjectMeta: metav1.ObjectMeta{ Annotations: map[string]string{ - security.PolicyBindingClassAnnotationKey: "foo", + policy.PolicyBindingClassAnnotationKey: "foo", }, }, Spec: PolicyBindingSpec{ @@ -300,7 +300,7 @@ func TestHTTPPolicyBindingCheckImmutableFields(t *testing.T) { updated: &HTTPPolicyBinding{ ObjectMeta: metav1.ObjectMeta{ Annotations: map[string]string{ - security.PolicyBindingClassAnnotationKey: "bar", + policy.PolicyBindingClassAnnotationKey: "bar", }, }, Spec: PolicyBindingSpec{ @@ -318,7 +318,7 @@ func TestHTTPPolicyBindingCheckImmutableFields(t *testing.T) { }, wantErr: &apis.FieldError{ Message: "Immutable fields changed (-old +new)", - Paths: []string{"annotations", security.PolicyBindingClassAnnotationKey}, + Paths: []string{"annotations", policy.PolicyBindingClassAnnotationKey}, Details: "-: \"foo\"\n+: \"bar\"", }, }} diff --git a/pkg/apis/security/v1alpha1/register.go b/pkg/apis/policy/v1alpha1/register.go similarity index 92% rename from pkg/apis/security/v1alpha1/register.go rename to pkg/apis/policy/v1alpha1/register.go index 6a1183103f..656d82055b 100644 --- a/pkg/apis/security/v1alpha1/register.go +++ b/pkg/apis/policy/v1alpha1/register.go @@ -21,11 +21,11 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" - "github.com/google/knative-gcp/pkg/apis/security" + "github.com/google/knative-gcp/pkg/apis/policy" ) // SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: security.GroupName, Version: "v1alpha1"} +var SchemeGroupVersion = schema.GroupVersion{Group: policy.GroupName, Version: "v1alpha1"} // Kind takes an unqualified kind and returns back a Group qualified GroupKind func Kind(kind string) schema.GroupKind { diff --git a/pkg/apis/security/v1alpha1/register_test.go b/pkg/apis/policy/v1alpha1/register_test.go similarity index 95% rename from pkg/apis/security/v1alpha1/register_test.go rename to pkg/apis/policy/v1alpha1/register_test.go index 29fc936137..2ca790d549 100644 --- a/pkg/apis/security/v1alpha1/register_test.go +++ b/pkg/apis/policy/v1alpha1/register_test.go @@ -27,7 +27,7 @@ import ( // Resource takes an unqualified resource and returns a Group qualified GroupResource func TestResource(t *testing.T) { want := schema.GroupResource{ - Group: "security.knative.dev", + Group: "policy.run.cloud.google.com", Resource: "foo", } @@ -40,7 +40,7 @@ func TestResource(t *testing.T) { func TestKind(t *testing.T) { want := schema.GroupKind{ - Group: "security.knative.dev", + Group: "policy.run.cloud.google.com", Kind: "foo", } diff --git a/pkg/apis/security/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/policy/v1alpha1/zz_generated.deepcopy.go similarity index 100% rename from pkg/apis/security/v1alpha1/zz_generated.deepcopy.go rename to pkg/apis/policy/v1alpha1/zz_generated.deepcopy.go diff --git a/pkg/client/clientset/versioned/clientset.go b/pkg/client/clientset/versioned/clientset.go index b21b2a7cb6..635d4122bc 100644 --- a/pkg/client/clientset/versioned/clientset.go +++ b/pkg/client/clientset/versioned/clientset.go @@ -23,8 +23,8 @@ import ( eventsv1alpha1 "github.com/google/knative-gcp/pkg/client/clientset/versioned/typed/events/v1alpha1" messagingv1alpha1 "github.com/google/knative-gcp/pkg/client/clientset/versioned/typed/messaging/v1alpha1" + policyv1alpha1 "github.com/google/knative-gcp/pkg/client/clientset/versioned/typed/policy/v1alpha1" pubsubv1alpha1 "github.com/google/knative-gcp/pkg/client/clientset/versioned/typed/pubsub/v1alpha1" - securityv1alpha1 "github.com/google/knative-gcp/pkg/client/clientset/versioned/typed/security/v1alpha1" discovery "k8s.io/client-go/discovery" rest "k8s.io/client-go/rest" flowcontrol "k8s.io/client-go/util/flowcontrol" @@ -34,8 +34,8 @@ type Interface interface { Discovery() discovery.DiscoveryInterface EventsV1alpha1() eventsv1alpha1.EventsV1alpha1Interface MessagingV1alpha1() messagingv1alpha1.MessagingV1alpha1Interface + PolicyV1alpha1() policyv1alpha1.PolicyV1alpha1Interface PubsubV1alpha1() pubsubv1alpha1.PubsubV1alpha1Interface - SecurityV1alpha1() securityv1alpha1.SecurityV1alpha1Interface } // Clientset contains the clients for groups. Each group has exactly one @@ -44,8 +44,8 @@ type Clientset struct { *discovery.DiscoveryClient eventsV1alpha1 *eventsv1alpha1.EventsV1alpha1Client messagingV1alpha1 *messagingv1alpha1.MessagingV1alpha1Client + policyV1alpha1 *policyv1alpha1.PolicyV1alpha1Client pubsubV1alpha1 *pubsubv1alpha1.PubsubV1alpha1Client - securityV1alpha1 *securityv1alpha1.SecurityV1alpha1Client } // EventsV1alpha1 retrieves the EventsV1alpha1Client @@ -58,16 +58,16 @@ func (c *Clientset) MessagingV1alpha1() messagingv1alpha1.MessagingV1alpha1Inter return c.messagingV1alpha1 } +// PolicyV1alpha1 retrieves the PolicyV1alpha1Client +func (c *Clientset) PolicyV1alpha1() policyv1alpha1.PolicyV1alpha1Interface { + return c.policyV1alpha1 +} + // PubsubV1alpha1 retrieves the PubsubV1alpha1Client func (c *Clientset) PubsubV1alpha1() pubsubv1alpha1.PubsubV1alpha1Interface { return c.pubsubV1alpha1 } -// SecurityV1alpha1 retrieves the SecurityV1alpha1Client -func (c *Clientset) SecurityV1alpha1() securityv1alpha1.SecurityV1alpha1Interface { - return c.securityV1alpha1 -} - // Discovery retrieves the DiscoveryClient func (c *Clientset) Discovery() discovery.DiscoveryInterface { if c == nil { @@ -97,11 +97,11 @@ func NewForConfig(c *rest.Config) (*Clientset, error) { if err != nil { return nil, err } - cs.pubsubV1alpha1, err = pubsubv1alpha1.NewForConfig(&configShallowCopy) + cs.policyV1alpha1, err = policyv1alpha1.NewForConfig(&configShallowCopy) if err != nil { return nil, err } - cs.securityV1alpha1, err = securityv1alpha1.NewForConfig(&configShallowCopy) + cs.pubsubV1alpha1, err = pubsubv1alpha1.NewForConfig(&configShallowCopy) if err != nil { return nil, err } @@ -119,8 +119,8 @@ func NewForConfigOrDie(c *rest.Config) *Clientset { var cs Clientset cs.eventsV1alpha1 = eventsv1alpha1.NewForConfigOrDie(c) cs.messagingV1alpha1 = messagingv1alpha1.NewForConfigOrDie(c) + cs.policyV1alpha1 = policyv1alpha1.NewForConfigOrDie(c) cs.pubsubV1alpha1 = pubsubv1alpha1.NewForConfigOrDie(c) - cs.securityV1alpha1 = securityv1alpha1.NewForConfigOrDie(c) cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c) return &cs @@ -131,8 +131,8 @@ func New(c rest.Interface) *Clientset { var cs Clientset cs.eventsV1alpha1 = eventsv1alpha1.New(c) cs.messagingV1alpha1 = messagingv1alpha1.New(c) + cs.policyV1alpha1 = policyv1alpha1.New(c) cs.pubsubV1alpha1 = pubsubv1alpha1.New(c) - cs.securityV1alpha1 = securityv1alpha1.New(c) cs.DiscoveryClient = discovery.NewDiscoveryClient(c) return &cs diff --git a/pkg/client/clientset/versioned/fake/clientset_generated.go b/pkg/client/clientset/versioned/fake/clientset_generated.go index 3eb950b23d..300fd93b44 100644 --- a/pkg/client/clientset/versioned/fake/clientset_generated.go +++ b/pkg/client/clientset/versioned/fake/clientset_generated.go @@ -24,10 +24,10 @@ import ( fakeeventsv1alpha1 "github.com/google/knative-gcp/pkg/client/clientset/versioned/typed/events/v1alpha1/fake" messagingv1alpha1 "github.com/google/knative-gcp/pkg/client/clientset/versioned/typed/messaging/v1alpha1" fakemessagingv1alpha1 "github.com/google/knative-gcp/pkg/client/clientset/versioned/typed/messaging/v1alpha1/fake" + policyv1alpha1 "github.com/google/knative-gcp/pkg/client/clientset/versioned/typed/policy/v1alpha1" + fakepolicyv1alpha1 "github.com/google/knative-gcp/pkg/client/clientset/versioned/typed/policy/v1alpha1/fake" pubsubv1alpha1 "github.com/google/knative-gcp/pkg/client/clientset/versioned/typed/pubsub/v1alpha1" fakepubsubv1alpha1 "github.com/google/knative-gcp/pkg/client/clientset/versioned/typed/pubsub/v1alpha1/fake" - securityv1alpha1 "github.com/google/knative-gcp/pkg/client/clientset/versioned/typed/security/v1alpha1" - fakesecurityv1alpha1 "github.com/google/knative-gcp/pkg/client/clientset/versioned/typed/security/v1alpha1/fake" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/watch" "k8s.io/client-go/discovery" @@ -92,12 +92,12 @@ func (c *Clientset) MessagingV1alpha1() messagingv1alpha1.MessagingV1alpha1Inter return &fakemessagingv1alpha1.FakeMessagingV1alpha1{Fake: &c.Fake} } +// PolicyV1alpha1 retrieves the PolicyV1alpha1Client +func (c *Clientset) PolicyV1alpha1() policyv1alpha1.PolicyV1alpha1Interface { + return &fakepolicyv1alpha1.FakePolicyV1alpha1{Fake: &c.Fake} +} + // PubsubV1alpha1 retrieves the PubsubV1alpha1Client func (c *Clientset) PubsubV1alpha1() pubsubv1alpha1.PubsubV1alpha1Interface { return &fakepubsubv1alpha1.FakePubsubV1alpha1{Fake: &c.Fake} } - -// SecurityV1alpha1 retrieves the SecurityV1alpha1Client -func (c *Clientset) SecurityV1alpha1() securityv1alpha1.SecurityV1alpha1Interface { - return &fakesecurityv1alpha1.FakeSecurityV1alpha1{Fake: &c.Fake} -} diff --git a/pkg/client/clientset/versioned/fake/register.go b/pkg/client/clientset/versioned/fake/register.go index 926a451ed1..8125372540 100644 --- a/pkg/client/clientset/versioned/fake/register.go +++ b/pkg/client/clientset/versioned/fake/register.go @@ -21,8 +21,8 @@ package fake import ( eventsv1alpha1 "github.com/google/knative-gcp/pkg/apis/events/v1alpha1" messagingv1alpha1 "github.com/google/knative-gcp/pkg/apis/messaging/v1alpha1" + policyv1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" pubsubv1alpha1 "github.com/google/knative-gcp/pkg/apis/pubsub/v1alpha1" - securityv1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" schema "k8s.io/apimachinery/pkg/runtime/schema" @@ -36,8 +36,8 @@ var parameterCodec = runtime.NewParameterCodec(scheme) var localSchemeBuilder = runtime.SchemeBuilder{ eventsv1alpha1.AddToScheme, messagingv1alpha1.AddToScheme, + policyv1alpha1.AddToScheme, pubsubv1alpha1.AddToScheme, - securityv1alpha1.AddToScheme, } // AddToScheme adds all types of this clientset into the given scheme. This allows composition diff --git a/pkg/client/clientset/versioned/scheme/register.go b/pkg/client/clientset/versioned/scheme/register.go index a1e1efa2f3..d599d00b0e 100644 --- a/pkg/client/clientset/versioned/scheme/register.go +++ b/pkg/client/clientset/versioned/scheme/register.go @@ -21,8 +21,8 @@ package scheme import ( eventsv1alpha1 "github.com/google/knative-gcp/pkg/apis/events/v1alpha1" messagingv1alpha1 "github.com/google/knative-gcp/pkg/apis/messaging/v1alpha1" + policyv1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" pubsubv1alpha1 "github.com/google/knative-gcp/pkg/apis/pubsub/v1alpha1" - securityv1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" schema "k8s.io/apimachinery/pkg/runtime/schema" @@ -36,8 +36,8 @@ var ParameterCodec = runtime.NewParameterCodec(Scheme) var localSchemeBuilder = runtime.SchemeBuilder{ eventsv1alpha1.AddToScheme, messagingv1alpha1.AddToScheme, + policyv1alpha1.AddToScheme, pubsubv1alpha1.AddToScheme, - securityv1alpha1.AddToScheme, } // AddToScheme adds all types of this clientset into the given scheme. This allows composition diff --git a/pkg/client/clientset/versioned/typed/security/v1alpha1/doc.go b/pkg/client/clientset/versioned/typed/policy/v1alpha1/doc.go similarity index 100% rename from pkg/client/clientset/versioned/typed/security/v1alpha1/doc.go rename to pkg/client/clientset/versioned/typed/policy/v1alpha1/doc.go diff --git a/pkg/client/clientset/versioned/typed/security/v1alpha1/eventpolicy.go b/pkg/client/clientset/versioned/typed/policy/v1alpha1/eventpolicy.go similarity index 97% rename from pkg/client/clientset/versioned/typed/security/v1alpha1/eventpolicy.go rename to pkg/client/clientset/versioned/typed/policy/v1alpha1/eventpolicy.go index 4bcd034bcd..419724d020 100644 --- a/pkg/client/clientset/versioned/typed/security/v1alpha1/eventpolicy.go +++ b/pkg/client/clientset/versioned/typed/policy/v1alpha1/eventpolicy.go @@ -21,7 +21,7 @@ package v1alpha1 import ( "time" - v1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + v1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" scheme "github.com/google/knative-gcp/pkg/client/clientset/versioned/scheme" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" @@ -55,7 +55,7 @@ type eventPolicies struct { } // newEventPolicies returns a EventPolicies -func newEventPolicies(c *SecurityV1alpha1Client, namespace string) *eventPolicies { +func newEventPolicies(c *PolicyV1alpha1Client, namespace string) *eventPolicies { return &eventPolicies{ client: c.RESTClient(), ns: namespace, diff --git a/pkg/client/clientset/versioned/typed/security/v1alpha1/eventpolicybinding.go b/pkg/client/clientset/versioned/typed/policy/v1alpha1/eventpolicybinding.go similarity index 97% rename from pkg/client/clientset/versioned/typed/security/v1alpha1/eventpolicybinding.go rename to pkg/client/clientset/versioned/typed/policy/v1alpha1/eventpolicybinding.go index 0040326cd2..5c40db7ada 100644 --- a/pkg/client/clientset/versioned/typed/security/v1alpha1/eventpolicybinding.go +++ b/pkg/client/clientset/versioned/typed/policy/v1alpha1/eventpolicybinding.go @@ -21,7 +21,7 @@ package v1alpha1 import ( "time" - v1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + v1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" scheme "github.com/google/knative-gcp/pkg/client/clientset/versioned/scheme" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" @@ -56,7 +56,7 @@ type eventPolicyBindings struct { } // newEventPolicyBindings returns a EventPolicyBindings -func newEventPolicyBindings(c *SecurityV1alpha1Client, namespace string) *eventPolicyBindings { +func newEventPolicyBindings(c *PolicyV1alpha1Client, namespace string) *eventPolicyBindings { return &eventPolicyBindings{ client: c.RESTClient(), ns: namespace, diff --git a/pkg/client/clientset/versioned/typed/security/v1alpha1/fake/doc.go b/pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/doc.go similarity index 100% rename from pkg/client/clientset/versioned/typed/security/v1alpha1/fake/doc.go rename to pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/doc.go diff --git a/pkg/client/clientset/versioned/typed/security/v1alpha1/fake/fake_eventpolicy.go b/pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_eventpolicy.go similarity index 93% rename from pkg/client/clientset/versioned/typed/security/v1alpha1/fake/fake_eventpolicy.go rename to pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_eventpolicy.go index 9f60b04349..b9205f8fbc 100644 --- a/pkg/client/clientset/versioned/typed/security/v1alpha1/fake/fake_eventpolicy.go +++ b/pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_eventpolicy.go @@ -19,7 +19,7 @@ limitations under the License. package fake import ( - v1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + v1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" schema "k8s.io/apimachinery/pkg/runtime/schema" @@ -30,13 +30,13 @@ import ( // FakeEventPolicies implements EventPolicyInterface type FakeEventPolicies struct { - Fake *FakeSecurityV1alpha1 + Fake *FakePolicyV1alpha1 ns string } -var eventpoliciesResource = schema.GroupVersionResource{Group: "security.knative.dev", Version: "v1alpha1", Resource: "eventpolicies"} +var eventpoliciesResource = schema.GroupVersionResource{Group: "policy.run.cloud.google.com", Version: "v1alpha1", Resource: "eventpolicies"} -var eventpoliciesKind = schema.GroupVersionKind{Group: "security.knative.dev", Version: "v1alpha1", Kind: "EventPolicy"} +var eventpoliciesKind = schema.GroupVersionKind{Group: "policy.run.cloud.google.com", Version: "v1alpha1", Kind: "EventPolicy"} // Get takes name of the eventPolicy, and returns the corresponding eventPolicy object, and an error if there is any. func (c *FakeEventPolicies) Get(name string, options v1.GetOptions) (result *v1alpha1.EventPolicy, err error) { diff --git a/pkg/client/clientset/versioned/typed/security/v1alpha1/fake/fake_eventpolicybinding.go b/pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_eventpolicybinding.go similarity index 94% rename from pkg/client/clientset/versioned/typed/security/v1alpha1/fake/fake_eventpolicybinding.go rename to pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_eventpolicybinding.go index c3ccfbaa72..e97bc6dcfb 100644 --- a/pkg/client/clientset/versioned/typed/security/v1alpha1/fake/fake_eventpolicybinding.go +++ b/pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_eventpolicybinding.go @@ -19,7 +19,7 @@ limitations under the License. package fake import ( - v1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + v1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" schema "k8s.io/apimachinery/pkg/runtime/schema" @@ -30,13 +30,13 @@ import ( // FakeEventPolicyBindings implements EventPolicyBindingInterface type FakeEventPolicyBindings struct { - Fake *FakeSecurityV1alpha1 + Fake *FakePolicyV1alpha1 ns string } -var eventpolicybindingsResource = schema.GroupVersionResource{Group: "security.knative.dev", Version: "v1alpha1", Resource: "eventpolicybindings"} +var eventpolicybindingsResource = schema.GroupVersionResource{Group: "policy.run.cloud.google.com", Version: "v1alpha1", Resource: "eventpolicybindings"} -var eventpolicybindingsKind = schema.GroupVersionKind{Group: "security.knative.dev", Version: "v1alpha1", Kind: "EventPolicyBinding"} +var eventpolicybindingsKind = schema.GroupVersionKind{Group: "policy.run.cloud.google.com", Version: "v1alpha1", Kind: "EventPolicyBinding"} // Get takes name of the eventPolicyBinding, and returns the corresponding eventPolicyBinding object, and an error if there is any. func (c *FakeEventPolicyBindings) Get(name string, options v1.GetOptions) (result *v1alpha1.EventPolicyBinding, err error) { diff --git a/pkg/client/clientset/versioned/typed/security/v1alpha1/fake/fake_httppolicy.go b/pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_httppolicy.go similarity index 92% rename from pkg/client/clientset/versioned/typed/security/v1alpha1/fake/fake_httppolicy.go rename to pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_httppolicy.go index 457dad81d2..a199a6f6df 100644 --- a/pkg/client/clientset/versioned/typed/security/v1alpha1/fake/fake_httppolicy.go +++ b/pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_httppolicy.go @@ -19,7 +19,7 @@ limitations under the License. package fake import ( - v1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + v1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" schema "k8s.io/apimachinery/pkg/runtime/schema" @@ -30,13 +30,13 @@ import ( // FakeHTTPPolicies implements HTTPPolicyInterface type FakeHTTPPolicies struct { - Fake *FakeSecurityV1alpha1 + Fake *FakePolicyV1alpha1 ns string } -var httppoliciesResource = schema.GroupVersionResource{Group: "security.knative.dev", Version: "v1alpha1", Resource: "httppolicies"} +var httppoliciesResource = schema.GroupVersionResource{Group: "policy.run.cloud.google.com", Version: "v1alpha1", Resource: "httppolicies"} -var httppoliciesKind = schema.GroupVersionKind{Group: "security.knative.dev", Version: "v1alpha1", Kind: "HTTPPolicy"} +var httppoliciesKind = schema.GroupVersionKind{Group: "policy.run.cloud.google.com", Version: "v1alpha1", Kind: "HTTPPolicy"} // Get takes name of the hTTPPolicy, and returns the corresponding hTTPPolicy object, and an error if there is any. func (c *FakeHTTPPolicies) Get(name string, options v1.GetOptions) (result *v1alpha1.HTTPPolicy, err error) { diff --git a/pkg/client/clientset/versioned/typed/security/v1alpha1/fake/fake_httppolicybinding.go b/pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_httppolicybinding.go similarity index 94% rename from pkg/client/clientset/versioned/typed/security/v1alpha1/fake/fake_httppolicybinding.go rename to pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_httppolicybinding.go index ac2d3b171a..69b7dee274 100644 --- a/pkg/client/clientset/versioned/typed/security/v1alpha1/fake/fake_httppolicybinding.go +++ b/pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_httppolicybinding.go @@ -19,7 +19,7 @@ limitations under the License. package fake import ( - v1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + v1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" schema "k8s.io/apimachinery/pkg/runtime/schema" @@ -30,13 +30,13 @@ import ( // FakeHTTPPolicyBindings implements HTTPPolicyBindingInterface type FakeHTTPPolicyBindings struct { - Fake *FakeSecurityV1alpha1 + Fake *FakePolicyV1alpha1 ns string } -var httppolicybindingsResource = schema.GroupVersionResource{Group: "security.knative.dev", Version: "v1alpha1", Resource: "httppolicybindings"} +var httppolicybindingsResource = schema.GroupVersionResource{Group: "policy.run.cloud.google.com", Version: "v1alpha1", Resource: "httppolicybindings"} -var httppolicybindingsKind = schema.GroupVersionKind{Group: "security.knative.dev", Version: "v1alpha1", Kind: "HTTPPolicyBinding"} +var httppolicybindingsKind = schema.GroupVersionKind{Group: "policy.run.cloud.google.com", Version: "v1alpha1", Kind: "HTTPPolicyBinding"} // Get takes name of the hTTPPolicyBinding, and returns the corresponding hTTPPolicyBinding object, and an error if there is any. func (c *FakeHTTPPolicyBindings) Get(name string, options v1.GetOptions) (result *v1alpha1.HTTPPolicyBinding, err error) { diff --git a/pkg/client/clientset/versioned/typed/security/v1alpha1/fake/fake_security_client.go b/pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_policy_client.go similarity index 67% rename from pkg/client/clientset/versioned/typed/security/v1alpha1/fake/fake_security_client.go rename to pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_policy_client.go index fa2b74a161..412950a50d 100644 --- a/pkg/client/clientset/versioned/typed/security/v1alpha1/fake/fake_security_client.go +++ b/pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_policy_client.go @@ -19,34 +19,34 @@ limitations under the License. package fake import ( - v1alpha1 "github.com/google/knative-gcp/pkg/client/clientset/versioned/typed/security/v1alpha1" + v1alpha1 "github.com/google/knative-gcp/pkg/client/clientset/versioned/typed/policy/v1alpha1" rest "k8s.io/client-go/rest" testing "k8s.io/client-go/testing" ) -type FakeSecurityV1alpha1 struct { +type FakePolicyV1alpha1 struct { *testing.Fake } -func (c *FakeSecurityV1alpha1) EventPolicies(namespace string) v1alpha1.EventPolicyInterface { +func (c *FakePolicyV1alpha1) EventPolicies(namespace string) v1alpha1.EventPolicyInterface { return &FakeEventPolicies{c, namespace} } -func (c *FakeSecurityV1alpha1) EventPolicyBindings(namespace string) v1alpha1.EventPolicyBindingInterface { +func (c *FakePolicyV1alpha1) EventPolicyBindings(namespace string) v1alpha1.EventPolicyBindingInterface { return &FakeEventPolicyBindings{c, namespace} } -func (c *FakeSecurityV1alpha1) HTTPPolicies(namespace string) v1alpha1.HTTPPolicyInterface { +func (c *FakePolicyV1alpha1) HTTPPolicies(namespace string) v1alpha1.HTTPPolicyInterface { return &FakeHTTPPolicies{c, namespace} } -func (c *FakeSecurityV1alpha1) HTTPPolicyBindings(namespace string) v1alpha1.HTTPPolicyBindingInterface { +func (c *FakePolicyV1alpha1) HTTPPolicyBindings(namespace string) v1alpha1.HTTPPolicyBindingInterface { return &FakeHTTPPolicyBindings{c, namespace} } // RESTClient returns a RESTClient that is used to communicate // with API server by this client implementation. -func (c *FakeSecurityV1alpha1) RESTClient() rest.Interface { +func (c *FakePolicyV1alpha1) RESTClient() rest.Interface { var ret *rest.RESTClient return ret } diff --git a/pkg/client/clientset/versioned/typed/security/v1alpha1/generated_expansion.go b/pkg/client/clientset/versioned/typed/policy/v1alpha1/generated_expansion.go similarity index 100% rename from pkg/client/clientset/versioned/typed/security/v1alpha1/generated_expansion.go rename to pkg/client/clientset/versioned/typed/policy/v1alpha1/generated_expansion.go diff --git a/pkg/client/clientset/versioned/typed/security/v1alpha1/httppolicy.go b/pkg/client/clientset/versioned/typed/policy/v1alpha1/httppolicy.go similarity index 97% rename from pkg/client/clientset/versioned/typed/security/v1alpha1/httppolicy.go rename to pkg/client/clientset/versioned/typed/policy/v1alpha1/httppolicy.go index 7aa5e42eb5..178b7de840 100644 --- a/pkg/client/clientset/versioned/typed/security/v1alpha1/httppolicy.go +++ b/pkg/client/clientset/versioned/typed/policy/v1alpha1/httppolicy.go @@ -21,7 +21,7 @@ package v1alpha1 import ( "time" - v1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + v1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" scheme "github.com/google/knative-gcp/pkg/client/clientset/versioned/scheme" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" @@ -55,7 +55,7 @@ type hTTPPolicies struct { } // newHTTPPolicies returns a HTTPPolicies -func newHTTPPolicies(c *SecurityV1alpha1Client, namespace string) *hTTPPolicies { +func newHTTPPolicies(c *PolicyV1alpha1Client, namespace string) *hTTPPolicies { return &hTTPPolicies{ client: c.RESTClient(), ns: namespace, diff --git a/pkg/client/clientset/versioned/typed/security/v1alpha1/httppolicybinding.go b/pkg/client/clientset/versioned/typed/policy/v1alpha1/httppolicybinding.go similarity index 97% rename from pkg/client/clientset/versioned/typed/security/v1alpha1/httppolicybinding.go rename to pkg/client/clientset/versioned/typed/policy/v1alpha1/httppolicybinding.go index 5969a2399c..3131373cfd 100644 --- a/pkg/client/clientset/versioned/typed/security/v1alpha1/httppolicybinding.go +++ b/pkg/client/clientset/versioned/typed/policy/v1alpha1/httppolicybinding.go @@ -21,7 +21,7 @@ package v1alpha1 import ( "time" - v1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + v1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" scheme "github.com/google/knative-gcp/pkg/client/clientset/versioned/scheme" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" @@ -56,7 +56,7 @@ type hTTPPolicyBindings struct { } // newHTTPPolicyBindings returns a HTTPPolicyBindings -func newHTTPPolicyBindings(c *SecurityV1alpha1Client, namespace string) *hTTPPolicyBindings { +func newHTTPPolicyBindings(c *PolicyV1alpha1Client, namespace string) *hTTPPolicyBindings { return &hTTPPolicyBindings{ client: c.RESTClient(), ns: namespace, diff --git a/pkg/client/clientset/versioned/typed/security/v1alpha1/security_client.go b/pkg/client/clientset/versioned/typed/policy/v1alpha1/policy_client.go similarity index 60% rename from pkg/client/clientset/versioned/typed/security/v1alpha1/security_client.go rename to pkg/client/clientset/versioned/typed/policy/v1alpha1/policy_client.go index a2d8b245a6..7838b39dc7 100644 --- a/pkg/client/clientset/versioned/typed/security/v1alpha1/security_client.go +++ b/pkg/client/clientset/versioned/typed/policy/v1alpha1/policy_client.go @@ -19,12 +19,12 @@ limitations under the License. package v1alpha1 import ( - v1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + v1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" "github.com/google/knative-gcp/pkg/client/clientset/versioned/scheme" rest "k8s.io/client-go/rest" ) -type SecurityV1alpha1Interface interface { +type PolicyV1alpha1Interface interface { RESTClient() rest.Interface EventPoliciesGetter EventPolicyBindingsGetter @@ -32,29 +32,29 @@ type SecurityV1alpha1Interface interface { HTTPPolicyBindingsGetter } -// SecurityV1alpha1Client is used to interact with features provided by the security.knative.dev group. -type SecurityV1alpha1Client struct { +// PolicyV1alpha1Client is used to interact with features provided by the policy.run.cloud.google.com group. +type PolicyV1alpha1Client struct { restClient rest.Interface } -func (c *SecurityV1alpha1Client) EventPolicies(namespace string) EventPolicyInterface { +func (c *PolicyV1alpha1Client) EventPolicies(namespace string) EventPolicyInterface { return newEventPolicies(c, namespace) } -func (c *SecurityV1alpha1Client) EventPolicyBindings(namespace string) EventPolicyBindingInterface { +func (c *PolicyV1alpha1Client) EventPolicyBindings(namespace string) EventPolicyBindingInterface { return newEventPolicyBindings(c, namespace) } -func (c *SecurityV1alpha1Client) HTTPPolicies(namespace string) HTTPPolicyInterface { +func (c *PolicyV1alpha1Client) HTTPPolicies(namespace string) HTTPPolicyInterface { return newHTTPPolicies(c, namespace) } -func (c *SecurityV1alpha1Client) HTTPPolicyBindings(namespace string) HTTPPolicyBindingInterface { +func (c *PolicyV1alpha1Client) HTTPPolicyBindings(namespace string) HTTPPolicyBindingInterface { return newHTTPPolicyBindings(c, namespace) } -// NewForConfig creates a new SecurityV1alpha1Client for the given config. -func NewForConfig(c *rest.Config) (*SecurityV1alpha1Client, error) { +// NewForConfig creates a new PolicyV1alpha1Client for the given config. +func NewForConfig(c *rest.Config) (*PolicyV1alpha1Client, error) { config := *c if err := setConfigDefaults(&config); err != nil { return nil, err @@ -63,12 +63,12 @@ func NewForConfig(c *rest.Config) (*SecurityV1alpha1Client, error) { if err != nil { return nil, err } - return &SecurityV1alpha1Client{client}, nil + return &PolicyV1alpha1Client{client}, nil } -// NewForConfigOrDie creates a new SecurityV1alpha1Client for the given config and +// NewForConfigOrDie creates a new PolicyV1alpha1Client for the given config and // panics if there is an error in the config. -func NewForConfigOrDie(c *rest.Config) *SecurityV1alpha1Client { +func NewForConfigOrDie(c *rest.Config) *PolicyV1alpha1Client { client, err := NewForConfig(c) if err != nil { panic(err) @@ -76,9 +76,9 @@ func NewForConfigOrDie(c *rest.Config) *SecurityV1alpha1Client { return client } -// New creates a new SecurityV1alpha1Client for the given RESTClient. -func New(c rest.Interface) *SecurityV1alpha1Client { - return &SecurityV1alpha1Client{c} +// New creates a new PolicyV1alpha1Client for the given RESTClient. +func New(c rest.Interface) *PolicyV1alpha1Client { + return &PolicyV1alpha1Client{c} } func setConfigDefaults(config *rest.Config) error { @@ -96,7 +96,7 @@ func setConfigDefaults(config *rest.Config) error { // RESTClient returns a RESTClient that is used to communicate // with API server by this client implementation. -func (c *SecurityV1alpha1Client) RESTClient() rest.Interface { +func (c *PolicyV1alpha1Client) RESTClient() rest.Interface { if c == nil { return nil } diff --git a/pkg/client/informers/externalversions/factory.go b/pkg/client/informers/externalversions/factory.go index 0efae44e6b..1bb1e6c1d1 100644 --- a/pkg/client/informers/externalversions/factory.go +++ b/pkg/client/informers/externalversions/factory.go @@ -27,8 +27,8 @@ import ( events "github.com/google/knative-gcp/pkg/client/informers/externalversions/events" internalinterfaces "github.com/google/knative-gcp/pkg/client/informers/externalversions/internalinterfaces" messaging "github.com/google/knative-gcp/pkg/client/informers/externalversions/messaging" + policy "github.com/google/knative-gcp/pkg/client/informers/externalversions/policy" pubsub "github.com/google/knative-gcp/pkg/client/informers/externalversions/pubsub" - security "github.com/google/knative-gcp/pkg/client/informers/externalversions/security" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" schema "k8s.io/apimachinery/pkg/runtime/schema" @@ -177,8 +177,8 @@ type SharedInformerFactory interface { Events() events.Interface Messaging() messaging.Interface + Policy() policy.Interface Pubsub() pubsub.Interface - Security() security.Interface } func (f *sharedInformerFactory) Events() events.Interface { @@ -189,10 +189,10 @@ func (f *sharedInformerFactory) Messaging() messaging.Interface { return messaging.New(f, f.namespace, f.tweakListOptions) } -func (f *sharedInformerFactory) Pubsub() pubsub.Interface { - return pubsub.New(f, f.namespace, f.tweakListOptions) +func (f *sharedInformerFactory) Policy() policy.Interface { + return policy.New(f, f.namespace, f.tweakListOptions) } -func (f *sharedInformerFactory) Security() security.Interface { - return security.New(f, f.namespace, f.tweakListOptions) +func (f *sharedInformerFactory) Pubsub() pubsub.Interface { + return pubsub.New(f, f.namespace, f.tweakListOptions) } diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go index 2e9a586f8a..64f9f469fe 100644 --- a/pkg/client/informers/externalversions/generic.go +++ b/pkg/client/informers/externalversions/generic.go @@ -23,8 +23,8 @@ import ( v1alpha1 "github.com/google/knative-gcp/pkg/apis/events/v1alpha1" messagingv1alpha1 "github.com/google/knative-gcp/pkg/apis/messaging/v1alpha1" + policyv1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" pubsubv1alpha1 "github.com/google/knative-gcp/pkg/apis/pubsub/v1alpha1" - securityv1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" schema "k8s.io/apimachinery/pkg/runtime/schema" cache "k8s.io/client-go/tools/cache" ) @@ -69,22 +69,22 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource case messagingv1alpha1.SchemeGroupVersion.WithResource("channels"): return &genericInformer{resource: resource.GroupResource(), informer: f.Messaging().V1alpha1().Channels().Informer()}, nil + // Group=policy.run.cloud.google.com, Version=v1alpha1 + case policyv1alpha1.SchemeGroupVersion.WithResource("eventpolicies"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Policy().V1alpha1().EventPolicies().Informer()}, nil + case policyv1alpha1.SchemeGroupVersion.WithResource("eventpolicybindings"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Policy().V1alpha1().EventPolicyBindings().Informer()}, nil + case policyv1alpha1.SchemeGroupVersion.WithResource("httppolicies"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Policy().V1alpha1().HTTPPolicies().Informer()}, nil + case policyv1alpha1.SchemeGroupVersion.WithResource("httppolicybindings"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Policy().V1alpha1().HTTPPolicyBindings().Informer()}, nil + // Group=pubsub.cloud.google.com, Version=v1alpha1 case pubsubv1alpha1.SchemeGroupVersion.WithResource("pullsubscriptions"): return &genericInformer{resource: resource.GroupResource(), informer: f.Pubsub().V1alpha1().PullSubscriptions().Informer()}, nil case pubsubv1alpha1.SchemeGroupVersion.WithResource("topics"): return &genericInformer{resource: resource.GroupResource(), informer: f.Pubsub().V1alpha1().Topics().Informer()}, nil - // Group=security.knative.dev, Version=v1alpha1 - case securityv1alpha1.SchemeGroupVersion.WithResource("eventpolicies"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Security().V1alpha1().EventPolicies().Informer()}, nil - case securityv1alpha1.SchemeGroupVersion.WithResource("eventpolicybindings"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Security().V1alpha1().EventPolicyBindings().Informer()}, nil - case securityv1alpha1.SchemeGroupVersion.WithResource("httppolicies"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Security().V1alpha1().HTTPPolicies().Informer()}, nil - case securityv1alpha1.SchemeGroupVersion.WithResource("httppolicybindings"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Security().V1alpha1().HTTPPolicyBindings().Informer()}, nil - } return nil, fmt.Errorf("no informer found for %v", resource) diff --git a/pkg/client/informers/externalversions/security/interface.go b/pkg/client/informers/externalversions/policy/interface.go similarity index 96% rename from pkg/client/informers/externalversions/security/interface.go rename to pkg/client/informers/externalversions/policy/interface.go index cc6cfaee2a..087994b6a5 100644 --- a/pkg/client/informers/externalversions/security/interface.go +++ b/pkg/client/informers/externalversions/policy/interface.go @@ -16,11 +16,11 @@ limitations under the License. // Code generated by informer-gen. DO NOT EDIT. -package security +package policy import ( internalinterfaces "github.com/google/knative-gcp/pkg/client/informers/externalversions/internalinterfaces" - v1alpha1 "github.com/google/knative-gcp/pkg/client/informers/externalversions/security/v1alpha1" + v1alpha1 "github.com/google/knative-gcp/pkg/client/informers/externalversions/policy/v1alpha1" ) // Interface provides access to each of this group's versions. diff --git a/pkg/client/informers/externalversions/security/v1alpha1/eventpolicy.go b/pkg/client/informers/externalversions/policy/v1alpha1/eventpolicy.go similarity index 88% rename from pkg/client/informers/externalversions/security/v1alpha1/eventpolicy.go rename to pkg/client/informers/externalversions/policy/v1alpha1/eventpolicy.go index 871fdaed4e..8bfaebbe31 100644 --- a/pkg/client/informers/externalversions/security/v1alpha1/eventpolicy.go +++ b/pkg/client/informers/externalversions/policy/v1alpha1/eventpolicy.go @@ -21,10 +21,10 @@ package v1alpha1 import ( time "time" - securityv1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + policyv1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" versioned "github.com/google/knative-gcp/pkg/client/clientset/versioned" internalinterfaces "github.com/google/knative-gcp/pkg/client/informers/externalversions/internalinterfaces" - v1alpha1 "github.com/google/knative-gcp/pkg/client/listers/security/v1alpha1" + v1alpha1 "github.com/google/knative-gcp/pkg/client/listers/policy/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" watch "k8s.io/apimachinery/pkg/watch" @@ -61,16 +61,16 @@ func NewFilteredEventPolicyInformer(client versioned.Interface, namespace string if tweakListOptions != nil { tweakListOptions(&options) } - return client.SecurityV1alpha1().EventPolicies(namespace).List(options) + return client.PolicyV1alpha1().EventPolicies(namespace).List(options) }, WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.SecurityV1alpha1().EventPolicies(namespace).Watch(options) + return client.PolicyV1alpha1().EventPolicies(namespace).Watch(options) }, }, - &securityv1alpha1.EventPolicy{}, + &policyv1alpha1.EventPolicy{}, resyncPeriod, indexers, ) @@ -81,7 +81,7 @@ func (f *eventPolicyInformer) defaultInformer(client versioned.Interface, resync } func (f *eventPolicyInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&securityv1alpha1.EventPolicy{}, f.defaultInformer) + return f.factory.InformerFor(&policyv1alpha1.EventPolicy{}, f.defaultInformer) } func (f *eventPolicyInformer) Lister() v1alpha1.EventPolicyLister { diff --git a/pkg/client/informers/externalversions/security/v1alpha1/eventpolicybinding.go b/pkg/client/informers/externalversions/policy/v1alpha1/eventpolicybinding.go similarity index 88% rename from pkg/client/informers/externalversions/security/v1alpha1/eventpolicybinding.go rename to pkg/client/informers/externalversions/policy/v1alpha1/eventpolicybinding.go index b3a76c0ea8..32d757ab98 100644 --- a/pkg/client/informers/externalversions/security/v1alpha1/eventpolicybinding.go +++ b/pkg/client/informers/externalversions/policy/v1alpha1/eventpolicybinding.go @@ -21,10 +21,10 @@ package v1alpha1 import ( time "time" - securityv1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + policyv1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" versioned "github.com/google/knative-gcp/pkg/client/clientset/versioned" internalinterfaces "github.com/google/knative-gcp/pkg/client/informers/externalversions/internalinterfaces" - v1alpha1 "github.com/google/knative-gcp/pkg/client/listers/security/v1alpha1" + v1alpha1 "github.com/google/knative-gcp/pkg/client/listers/policy/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" watch "k8s.io/apimachinery/pkg/watch" @@ -61,16 +61,16 @@ func NewFilteredEventPolicyBindingInformer(client versioned.Interface, namespace if tweakListOptions != nil { tweakListOptions(&options) } - return client.SecurityV1alpha1().EventPolicyBindings(namespace).List(options) + return client.PolicyV1alpha1().EventPolicyBindings(namespace).List(options) }, WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.SecurityV1alpha1().EventPolicyBindings(namespace).Watch(options) + return client.PolicyV1alpha1().EventPolicyBindings(namespace).Watch(options) }, }, - &securityv1alpha1.EventPolicyBinding{}, + &policyv1alpha1.EventPolicyBinding{}, resyncPeriod, indexers, ) @@ -81,7 +81,7 @@ func (f *eventPolicyBindingInformer) defaultInformer(client versioned.Interface, } func (f *eventPolicyBindingInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&securityv1alpha1.EventPolicyBinding{}, f.defaultInformer) + return f.factory.InformerFor(&policyv1alpha1.EventPolicyBinding{}, f.defaultInformer) } func (f *eventPolicyBindingInformer) Lister() v1alpha1.EventPolicyBindingLister { diff --git a/pkg/client/informers/externalversions/security/v1alpha1/httppolicy.go b/pkg/client/informers/externalversions/policy/v1alpha1/httppolicy.go similarity index 88% rename from pkg/client/informers/externalversions/security/v1alpha1/httppolicy.go rename to pkg/client/informers/externalversions/policy/v1alpha1/httppolicy.go index 856278b41e..5a0a127a6f 100644 --- a/pkg/client/informers/externalversions/security/v1alpha1/httppolicy.go +++ b/pkg/client/informers/externalversions/policy/v1alpha1/httppolicy.go @@ -21,10 +21,10 @@ package v1alpha1 import ( time "time" - securityv1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + policyv1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" versioned "github.com/google/knative-gcp/pkg/client/clientset/versioned" internalinterfaces "github.com/google/knative-gcp/pkg/client/informers/externalversions/internalinterfaces" - v1alpha1 "github.com/google/knative-gcp/pkg/client/listers/security/v1alpha1" + v1alpha1 "github.com/google/knative-gcp/pkg/client/listers/policy/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" watch "k8s.io/apimachinery/pkg/watch" @@ -61,16 +61,16 @@ func NewFilteredHTTPPolicyInformer(client versioned.Interface, namespace string, if tweakListOptions != nil { tweakListOptions(&options) } - return client.SecurityV1alpha1().HTTPPolicies(namespace).List(options) + return client.PolicyV1alpha1().HTTPPolicies(namespace).List(options) }, WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.SecurityV1alpha1().HTTPPolicies(namespace).Watch(options) + return client.PolicyV1alpha1().HTTPPolicies(namespace).Watch(options) }, }, - &securityv1alpha1.HTTPPolicy{}, + &policyv1alpha1.HTTPPolicy{}, resyncPeriod, indexers, ) @@ -81,7 +81,7 @@ func (f *hTTPPolicyInformer) defaultInformer(client versioned.Interface, resyncP } func (f *hTTPPolicyInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&securityv1alpha1.HTTPPolicy{}, f.defaultInformer) + return f.factory.InformerFor(&policyv1alpha1.HTTPPolicy{}, f.defaultInformer) } func (f *hTTPPolicyInformer) Lister() v1alpha1.HTTPPolicyLister { diff --git a/pkg/client/informers/externalversions/security/v1alpha1/httppolicybinding.go b/pkg/client/informers/externalversions/policy/v1alpha1/httppolicybinding.go similarity index 88% rename from pkg/client/informers/externalversions/security/v1alpha1/httppolicybinding.go rename to pkg/client/informers/externalversions/policy/v1alpha1/httppolicybinding.go index 3177196c3e..a0d805ef16 100644 --- a/pkg/client/informers/externalversions/security/v1alpha1/httppolicybinding.go +++ b/pkg/client/informers/externalversions/policy/v1alpha1/httppolicybinding.go @@ -21,10 +21,10 @@ package v1alpha1 import ( time "time" - securityv1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + policyv1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" versioned "github.com/google/knative-gcp/pkg/client/clientset/versioned" internalinterfaces "github.com/google/knative-gcp/pkg/client/informers/externalversions/internalinterfaces" - v1alpha1 "github.com/google/knative-gcp/pkg/client/listers/security/v1alpha1" + v1alpha1 "github.com/google/knative-gcp/pkg/client/listers/policy/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" watch "k8s.io/apimachinery/pkg/watch" @@ -61,16 +61,16 @@ func NewFilteredHTTPPolicyBindingInformer(client versioned.Interface, namespace if tweakListOptions != nil { tweakListOptions(&options) } - return client.SecurityV1alpha1().HTTPPolicyBindings(namespace).List(options) + return client.PolicyV1alpha1().HTTPPolicyBindings(namespace).List(options) }, WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.SecurityV1alpha1().HTTPPolicyBindings(namespace).Watch(options) + return client.PolicyV1alpha1().HTTPPolicyBindings(namespace).Watch(options) }, }, - &securityv1alpha1.HTTPPolicyBinding{}, + &policyv1alpha1.HTTPPolicyBinding{}, resyncPeriod, indexers, ) @@ -81,7 +81,7 @@ func (f *hTTPPolicyBindingInformer) defaultInformer(client versioned.Interface, } func (f *hTTPPolicyBindingInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&securityv1alpha1.HTTPPolicyBinding{}, f.defaultInformer) + return f.factory.InformerFor(&policyv1alpha1.HTTPPolicyBinding{}, f.defaultInformer) } func (f *hTTPPolicyBindingInformer) Lister() v1alpha1.HTTPPolicyBindingLister { diff --git a/pkg/client/informers/externalversions/security/v1alpha1/interface.go b/pkg/client/informers/externalversions/policy/v1alpha1/interface.go similarity index 100% rename from pkg/client/informers/externalversions/security/v1alpha1/interface.go rename to pkg/client/informers/externalversions/policy/v1alpha1/interface.go diff --git a/pkg/client/injection/informers/security/v1alpha1/eventpolicy/eventpolicy.go b/pkg/client/injection/informers/policy/v1alpha1/eventpolicy/eventpolicy.go similarity index 90% rename from pkg/client/injection/informers/security/v1alpha1/eventpolicy/eventpolicy.go rename to pkg/client/injection/informers/policy/v1alpha1/eventpolicy/eventpolicy.go index 2a06ed3365..285a9ddb3c 100644 --- a/pkg/client/injection/informers/security/v1alpha1/eventpolicy/eventpolicy.go +++ b/pkg/client/injection/informers/policy/v1alpha1/eventpolicy/eventpolicy.go @@ -21,7 +21,7 @@ package eventpolicy import ( context "context" - v1alpha1 "github.com/google/knative-gcp/pkg/client/informers/externalversions/security/v1alpha1" + v1alpha1 "github.com/google/knative-gcp/pkg/client/informers/externalversions/policy/v1alpha1" factory "github.com/google/knative-gcp/pkg/client/injection/informers/factory" controller "knative.dev/pkg/controller" injection "knative.dev/pkg/injection" @@ -37,7 +37,7 @@ type Key struct{} func withInformer(ctx context.Context) (context.Context, controller.Informer) { f := factory.Get(ctx) - inf := f.Security().V1alpha1().EventPolicies() + inf := f.Policy().V1alpha1().EventPolicies() return context.WithValue(ctx, Key{}, inf), inf.Informer() } @@ -46,7 +46,7 @@ func Get(ctx context.Context) v1alpha1.EventPolicyInformer { untyped := ctx.Value(Key{}) if untyped == nil { logging.FromContext(ctx).Panic( - "Unable to fetch github.com/google/knative-gcp/pkg/client/informers/externalversions/security/v1alpha1.EventPolicyInformer from context.") + "Unable to fetch github.com/google/knative-gcp/pkg/client/informers/externalversions/policy/v1alpha1.EventPolicyInformer from context.") } return untyped.(v1alpha1.EventPolicyInformer) } diff --git a/pkg/client/injection/informers/security/v1alpha1/eventpolicy/fake/fake.go b/pkg/client/injection/informers/policy/v1alpha1/eventpolicy/fake/fake.go similarity index 92% rename from pkg/client/injection/informers/security/v1alpha1/eventpolicy/fake/fake.go rename to pkg/client/injection/informers/policy/v1alpha1/eventpolicy/fake/fake.go index 1d199a0644..9274483052 100644 --- a/pkg/client/injection/informers/security/v1alpha1/eventpolicy/fake/fake.go +++ b/pkg/client/injection/informers/policy/v1alpha1/eventpolicy/fake/fake.go @@ -22,7 +22,7 @@ import ( context "context" fake "github.com/google/knative-gcp/pkg/client/injection/informers/factory/fake" - eventpolicy "github.com/google/knative-gcp/pkg/client/injection/informers/security/v1alpha1/eventpolicy" + eventpolicy "github.com/google/knative-gcp/pkg/client/injection/informers/policy/v1alpha1/eventpolicy" controller "knative.dev/pkg/controller" injection "knative.dev/pkg/injection" ) @@ -35,6 +35,6 @@ func init() { func withInformer(ctx context.Context) (context.Context, controller.Informer) { f := fake.Get(ctx) - inf := f.Security().V1alpha1().EventPolicies() + inf := f.Policy().V1alpha1().EventPolicies() return context.WithValue(ctx, eventpolicy.Key{}, inf), inf.Informer() } diff --git a/pkg/client/injection/informers/security/v1alpha1/eventpolicybinding/eventpolicybinding.go b/pkg/client/injection/informers/policy/v1alpha1/eventpolicybinding/eventpolicybinding.go similarity index 90% rename from pkg/client/injection/informers/security/v1alpha1/eventpolicybinding/eventpolicybinding.go rename to pkg/client/injection/informers/policy/v1alpha1/eventpolicybinding/eventpolicybinding.go index 428e22ad82..7060be058b 100644 --- a/pkg/client/injection/informers/security/v1alpha1/eventpolicybinding/eventpolicybinding.go +++ b/pkg/client/injection/informers/policy/v1alpha1/eventpolicybinding/eventpolicybinding.go @@ -21,7 +21,7 @@ package eventpolicybinding import ( context "context" - v1alpha1 "github.com/google/knative-gcp/pkg/client/informers/externalversions/security/v1alpha1" + v1alpha1 "github.com/google/knative-gcp/pkg/client/informers/externalversions/policy/v1alpha1" factory "github.com/google/knative-gcp/pkg/client/injection/informers/factory" controller "knative.dev/pkg/controller" injection "knative.dev/pkg/injection" @@ -37,7 +37,7 @@ type Key struct{} func withInformer(ctx context.Context) (context.Context, controller.Informer) { f := factory.Get(ctx) - inf := f.Security().V1alpha1().EventPolicyBindings() + inf := f.Policy().V1alpha1().EventPolicyBindings() return context.WithValue(ctx, Key{}, inf), inf.Informer() } @@ -46,7 +46,7 @@ func Get(ctx context.Context) v1alpha1.EventPolicyBindingInformer { untyped := ctx.Value(Key{}) if untyped == nil { logging.FromContext(ctx).Panic( - "Unable to fetch github.com/google/knative-gcp/pkg/client/informers/externalversions/security/v1alpha1.EventPolicyBindingInformer from context.") + "Unable to fetch github.com/google/knative-gcp/pkg/client/informers/externalversions/policy/v1alpha1.EventPolicyBindingInformer from context.") } return untyped.(v1alpha1.EventPolicyBindingInformer) } diff --git a/pkg/client/injection/informers/security/v1alpha1/eventpolicybinding/fake/fake.go b/pkg/client/injection/informers/policy/v1alpha1/eventpolicybinding/fake/fake.go similarity index 91% rename from pkg/client/injection/informers/security/v1alpha1/eventpolicybinding/fake/fake.go rename to pkg/client/injection/informers/policy/v1alpha1/eventpolicybinding/fake/fake.go index 66c3eac256..a1e1a9dbd8 100644 --- a/pkg/client/injection/informers/security/v1alpha1/eventpolicybinding/fake/fake.go +++ b/pkg/client/injection/informers/policy/v1alpha1/eventpolicybinding/fake/fake.go @@ -22,7 +22,7 @@ import ( context "context" fake "github.com/google/knative-gcp/pkg/client/injection/informers/factory/fake" - eventpolicybinding "github.com/google/knative-gcp/pkg/client/injection/informers/security/v1alpha1/eventpolicybinding" + eventpolicybinding "github.com/google/knative-gcp/pkg/client/injection/informers/policy/v1alpha1/eventpolicybinding" controller "knative.dev/pkg/controller" injection "knative.dev/pkg/injection" ) @@ -35,6 +35,6 @@ func init() { func withInformer(ctx context.Context) (context.Context, controller.Informer) { f := fake.Get(ctx) - inf := f.Security().V1alpha1().EventPolicyBindings() + inf := f.Policy().V1alpha1().EventPolicyBindings() return context.WithValue(ctx, eventpolicybinding.Key{}, inf), inf.Informer() } diff --git a/pkg/client/injection/informers/security/v1alpha1/httppolicy/fake/fake.go b/pkg/client/injection/informers/policy/v1alpha1/httppolicy/fake/fake.go similarity index 92% rename from pkg/client/injection/informers/security/v1alpha1/httppolicy/fake/fake.go rename to pkg/client/injection/informers/policy/v1alpha1/httppolicy/fake/fake.go index da8d86b05a..e3e4ddf3c5 100644 --- a/pkg/client/injection/informers/security/v1alpha1/httppolicy/fake/fake.go +++ b/pkg/client/injection/informers/policy/v1alpha1/httppolicy/fake/fake.go @@ -22,7 +22,7 @@ import ( context "context" fake "github.com/google/knative-gcp/pkg/client/injection/informers/factory/fake" - httppolicy "github.com/google/knative-gcp/pkg/client/injection/informers/security/v1alpha1/httppolicy" + httppolicy "github.com/google/knative-gcp/pkg/client/injection/informers/policy/v1alpha1/httppolicy" controller "knative.dev/pkg/controller" injection "knative.dev/pkg/injection" ) @@ -35,6 +35,6 @@ func init() { func withInformer(ctx context.Context) (context.Context, controller.Informer) { f := fake.Get(ctx) - inf := f.Security().V1alpha1().HTTPPolicies() + inf := f.Policy().V1alpha1().HTTPPolicies() return context.WithValue(ctx, httppolicy.Key{}, inf), inf.Informer() } diff --git a/pkg/client/injection/informers/security/v1alpha1/httppolicy/httppolicy.go b/pkg/client/injection/informers/policy/v1alpha1/httppolicy/httppolicy.go similarity index 90% rename from pkg/client/injection/informers/security/v1alpha1/httppolicy/httppolicy.go rename to pkg/client/injection/informers/policy/v1alpha1/httppolicy/httppolicy.go index 1fd6774dc9..28d3bf7e57 100644 --- a/pkg/client/injection/informers/security/v1alpha1/httppolicy/httppolicy.go +++ b/pkg/client/injection/informers/policy/v1alpha1/httppolicy/httppolicy.go @@ -21,7 +21,7 @@ package httppolicy import ( context "context" - v1alpha1 "github.com/google/knative-gcp/pkg/client/informers/externalversions/security/v1alpha1" + v1alpha1 "github.com/google/knative-gcp/pkg/client/informers/externalversions/policy/v1alpha1" factory "github.com/google/knative-gcp/pkg/client/injection/informers/factory" controller "knative.dev/pkg/controller" injection "knative.dev/pkg/injection" @@ -37,7 +37,7 @@ type Key struct{} func withInformer(ctx context.Context) (context.Context, controller.Informer) { f := factory.Get(ctx) - inf := f.Security().V1alpha1().HTTPPolicies() + inf := f.Policy().V1alpha1().HTTPPolicies() return context.WithValue(ctx, Key{}, inf), inf.Informer() } @@ -46,7 +46,7 @@ func Get(ctx context.Context) v1alpha1.HTTPPolicyInformer { untyped := ctx.Value(Key{}) if untyped == nil { logging.FromContext(ctx).Panic( - "Unable to fetch github.com/google/knative-gcp/pkg/client/informers/externalversions/security/v1alpha1.HTTPPolicyInformer from context.") + "Unable to fetch github.com/google/knative-gcp/pkg/client/informers/externalversions/policy/v1alpha1.HTTPPolicyInformer from context.") } return untyped.(v1alpha1.HTTPPolicyInformer) } diff --git a/pkg/client/injection/informers/security/v1alpha1/httppolicybinding/fake/fake.go b/pkg/client/injection/informers/policy/v1alpha1/httppolicybinding/fake/fake.go similarity index 91% rename from pkg/client/injection/informers/security/v1alpha1/httppolicybinding/fake/fake.go rename to pkg/client/injection/informers/policy/v1alpha1/httppolicybinding/fake/fake.go index 0a50a9c79a..5367de406f 100644 --- a/pkg/client/injection/informers/security/v1alpha1/httppolicybinding/fake/fake.go +++ b/pkg/client/injection/informers/policy/v1alpha1/httppolicybinding/fake/fake.go @@ -22,7 +22,7 @@ import ( context "context" fake "github.com/google/knative-gcp/pkg/client/injection/informers/factory/fake" - httppolicybinding "github.com/google/knative-gcp/pkg/client/injection/informers/security/v1alpha1/httppolicybinding" + httppolicybinding "github.com/google/knative-gcp/pkg/client/injection/informers/policy/v1alpha1/httppolicybinding" controller "knative.dev/pkg/controller" injection "knative.dev/pkg/injection" ) @@ -35,6 +35,6 @@ func init() { func withInformer(ctx context.Context) (context.Context, controller.Informer) { f := fake.Get(ctx) - inf := f.Security().V1alpha1().HTTPPolicyBindings() + inf := f.Policy().V1alpha1().HTTPPolicyBindings() return context.WithValue(ctx, httppolicybinding.Key{}, inf), inf.Informer() } diff --git a/pkg/client/injection/informers/security/v1alpha1/httppolicybinding/httppolicybinding.go b/pkg/client/injection/informers/policy/v1alpha1/httppolicybinding/httppolicybinding.go similarity index 90% rename from pkg/client/injection/informers/security/v1alpha1/httppolicybinding/httppolicybinding.go rename to pkg/client/injection/informers/policy/v1alpha1/httppolicybinding/httppolicybinding.go index 99755db8b3..d1a0efa092 100644 --- a/pkg/client/injection/informers/security/v1alpha1/httppolicybinding/httppolicybinding.go +++ b/pkg/client/injection/informers/policy/v1alpha1/httppolicybinding/httppolicybinding.go @@ -21,7 +21,7 @@ package httppolicybinding import ( context "context" - v1alpha1 "github.com/google/knative-gcp/pkg/client/informers/externalversions/security/v1alpha1" + v1alpha1 "github.com/google/knative-gcp/pkg/client/informers/externalversions/policy/v1alpha1" factory "github.com/google/knative-gcp/pkg/client/injection/informers/factory" controller "knative.dev/pkg/controller" injection "knative.dev/pkg/injection" @@ -37,7 +37,7 @@ type Key struct{} func withInformer(ctx context.Context) (context.Context, controller.Informer) { f := factory.Get(ctx) - inf := f.Security().V1alpha1().HTTPPolicyBindings() + inf := f.Policy().V1alpha1().HTTPPolicyBindings() return context.WithValue(ctx, Key{}, inf), inf.Informer() } @@ -46,7 +46,7 @@ func Get(ctx context.Context) v1alpha1.HTTPPolicyBindingInformer { untyped := ctx.Value(Key{}) if untyped == nil { logging.FromContext(ctx).Panic( - "Unable to fetch github.com/google/knative-gcp/pkg/client/informers/externalversions/security/v1alpha1.HTTPPolicyBindingInformer from context.") + "Unable to fetch github.com/google/knative-gcp/pkg/client/informers/externalversions/policy/v1alpha1.HTTPPolicyBindingInformer from context.") } return untyped.(v1alpha1.HTTPPolicyBindingInformer) } diff --git a/pkg/client/injection/reconciler/security/v1alpha1/eventpolicybinding/controller.go b/pkg/client/injection/reconciler/policy/v1alpha1/eventpolicybinding/controller.go similarity index 95% rename from pkg/client/injection/reconciler/security/v1alpha1/eventpolicybinding/controller.go rename to pkg/client/injection/reconciler/policy/v1alpha1/eventpolicybinding/controller.go index 15bcb6075a..15f763d4ae 100644 --- a/pkg/client/injection/reconciler/security/v1alpha1/eventpolicybinding/controller.go +++ b/pkg/client/injection/reconciler/policy/v1alpha1/eventpolicybinding/controller.go @@ -23,7 +23,7 @@ import ( versionedscheme "github.com/google/knative-gcp/pkg/client/clientset/versioned/scheme" injectionclient "github.com/google/knative-gcp/pkg/client/injection/client" - eventpolicybinding "github.com/google/knative-gcp/pkg/client/injection/informers/security/v1alpha1/eventpolicybinding" + eventpolicybinding "github.com/google/knative-gcp/pkg/client/injection/informers/policy/v1alpha1/eventpolicybinding" corev1 "k8s.io/api/core/v1" watch "k8s.io/apimachinery/pkg/watch" scheme "k8s.io/client-go/kubernetes/scheme" @@ -36,7 +36,7 @@ import ( const ( defaultControllerAgentName = "eventpolicybinding-controller" - defaultFinalizerName = "eventpolicybindings.security.knative.dev" + defaultFinalizerName = "eventpolicybindings.policy.run.cloud.google.com" defaultQueueName = "eventpolicybindings" ) diff --git a/pkg/client/injection/reconciler/security/v1alpha1/eventpolicybinding/reconciler.go b/pkg/client/injection/reconciler/policy/v1alpha1/eventpolicybinding/reconciler.go similarity index 94% rename from pkg/client/injection/reconciler/security/v1alpha1/eventpolicybinding/reconciler.go rename to pkg/client/injection/reconciler/policy/v1alpha1/eventpolicybinding/reconciler.go index 7bdffe3512..e83ac17669 100644 --- a/pkg/client/injection/reconciler/security/v1alpha1/eventpolicybinding/reconciler.go +++ b/pkg/client/injection/reconciler/policy/v1alpha1/eventpolicybinding/reconciler.go @@ -23,9 +23,9 @@ import ( "encoding/json" "reflect" - v1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + v1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" versioned "github.com/google/knative-gcp/pkg/client/clientset/versioned" - securityv1alpha1 "github.com/google/knative-gcp/pkg/client/listers/security/v1alpha1" + policyv1alpha1 "github.com/google/knative-gcp/pkg/client/listers/policy/v1alpha1" zap "go.uber.org/zap" v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/equality" @@ -69,7 +69,7 @@ type reconcilerImpl struct { Client versioned.Interface // Listers index properties about resources - Lister securityv1alpha1.EventPolicyBindingLister + Lister policyv1alpha1.EventPolicyBindingLister // Recorder is an event recorder for recording Event resources to the // Kubernetes API. @@ -86,7 +86,7 @@ type reconcilerImpl struct { // Check that our Reconciler implements controller.Reconciler var _ controller.Reconciler = (*reconcilerImpl)(nil) -func NewReconciler(ctx context.Context, logger *zap.SugaredLogger, client versioned.Interface, lister securityv1alpha1.EventPolicyBindingLister, recorder record.EventRecorder, r Interface, options ...controller.Options) controller.Reconciler { +func NewReconciler(ctx context.Context, logger *zap.SugaredLogger, client versioned.Interface, lister policyv1alpha1.EventPolicyBindingLister, recorder record.EventRecorder, r Interface, options ...controller.Options) controller.Reconciler { // Check the options function input. It should be 0 or 1. if len(options) > 1 { logger.Fatalf("up to one options struct is supported, found %d", len(options)) @@ -207,7 +207,7 @@ func (r *reconcilerImpl) updateStatus(existing *v1alpha1.EventPolicyBinding, des // The first iteration tries to use the injectionInformer's state, subsequent attempts fetch the latest state via API. if attempts > 0 { - getter := r.Client.SecurityV1alpha1().EventPolicyBindings(desired.Namespace) + getter := r.Client.PolicyV1alpha1().EventPolicyBindings(desired.Namespace) existing, err = getter.Get(desired.Name, metav1.GetOptions{}) if err != nil { @@ -222,7 +222,7 @@ func (r *reconcilerImpl) updateStatus(existing *v1alpha1.EventPolicyBinding, des existing.Status = desired.Status - updater := r.Client.SecurityV1alpha1().EventPolicyBindings(existing.Namespace) + updater := r.Client.PolicyV1alpha1().EventPolicyBindings(existing.Namespace) _, err = updater.UpdateStatus(existing) return err @@ -280,7 +280,7 @@ func (r *reconcilerImpl) updateFinalizersFiltered(ctx context.Context, resource return resource, err } - patcher := r.Client.SecurityV1alpha1().EventPolicyBindings(resource.Namespace) + patcher := r.Client.PolicyV1alpha1().EventPolicyBindings(resource.Namespace) resource, err = patcher.Patch(resource.Name, types.MergePatchType, patch) if err != nil { diff --git a/pkg/client/injection/reconciler/security/v1alpha1/eventpolicybinding/stub/controller.go b/pkg/client/injection/reconciler/policy/v1alpha1/eventpolicybinding/stub/controller.go similarity index 92% rename from pkg/client/injection/reconciler/security/v1alpha1/eventpolicybinding/stub/controller.go rename to pkg/client/injection/reconciler/policy/v1alpha1/eventpolicybinding/stub/controller.go index d86ad5fd35..ebf1d61648 100644 --- a/pkg/client/injection/reconciler/security/v1alpha1/eventpolicybinding/stub/controller.go +++ b/pkg/client/injection/reconciler/policy/v1alpha1/eventpolicybinding/stub/controller.go @@ -21,8 +21,8 @@ package eventpolicybinding import ( context "context" - eventpolicybinding "github.com/google/knative-gcp/pkg/client/injection/informers/security/v1alpha1/eventpolicybinding" - v1alpha1eventpolicybinding "github.com/google/knative-gcp/pkg/client/injection/reconciler/security/v1alpha1/eventpolicybinding" + eventpolicybinding "github.com/google/knative-gcp/pkg/client/injection/informers/policy/v1alpha1/eventpolicybinding" + v1alpha1eventpolicybinding "github.com/google/knative-gcp/pkg/client/injection/reconciler/policy/v1alpha1/eventpolicybinding" configmap "knative.dev/pkg/configmap" controller "knative.dev/pkg/controller" logging "knative.dev/pkg/logging" diff --git a/pkg/client/injection/reconciler/security/v1alpha1/eventpolicybinding/stub/reconciler.go b/pkg/client/injection/reconciler/policy/v1alpha1/eventpolicybinding/stub/reconciler.go similarity index 94% rename from pkg/client/injection/reconciler/security/v1alpha1/eventpolicybinding/stub/reconciler.go rename to pkg/client/injection/reconciler/policy/v1alpha1/eventpolicybinding/stub/reconciler.go index 89dbf0b903..268c026bba 100644 --- a/pkg/client/injection/reconciler/security/v1alpha1/eventpolicybinding/stub/reconciler.go +++ b/pkg/client/injection/reconciler/policy/v1alpha1/eventpolicybinding/stub/reconciler.go @@ -21,8 +21,8 @@ package eventpolicybinding import ( context "context" - v1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" - eventpolicybinding "github.com/google/knative-gcp/pkg/client/injection/reconciler/security/v1alpha1/eventpolicybinding" + v1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" + eventpolicybinding "github.com/google/knative-gcp/pkg/client/injection/reconciler/policy/v1alpha1/eventpolicybinding" v1 "k8s.io/api/core/v1" reconciler "knative.dev/pkg/reconciler" ) diff --git a/pkg/client/injection/reconciler/security/v1alpha1/httppolicybinding/controller.go b/pkg/client/injection/reconciler/policy/v1alpha1/httppolicybinding/controller.go similarity index 95% rename from pkg/client/injection/reconciler/security/v1alpha1/httppolicybinding/controller.go rename to pkg/client/injection/reconciler/policy/v1alpha1/httppolicybinding/controller.go index 5a3f5d2119..10ea5e40ef 100644 --- a/pkg/client/injection/reconciler/security/v1alpha1/httppolicybinding/controller.go +++ b/pkg/client/injection/reconciler/policy/v1alpha1/httppolicybinding/controller.go @@ -23,7 +23,7 @@ import ( versionedscheme "github.com/google/knative-gcp/pkg/client/clientset/versioned/scheme" injectionclient "github.com/google/knative-gcp/pkg/client/injection/client" - httppolicybinding "github.com/google/knative-gcp/pkg/client/injection/informers/security/v1alpha1/httppolicybinding" + httppolicybinding "github.com/google/knative-gcp/pkg/client/injection/informers/policy/v1alpha1/httppolicybinding" corev1 "k8s.io/api/core/v1" watch "k8s.io/apimachinery/pkg/watch" scheme "k8s.io/client-go/kubernetes/scheme" @@ -36,7 +36,7 @@ import ( const ( defaultControllerAgentName = "httppolicybinding-controller" - defaultFinalizerName = "httppolicybindings.security.knative.dev" + defaultFinalizerName = "httppolicybindings.policy.run.cloud.google.com" defaultQueueName = "httppolicybindings" ) diff --git a/pkg/client/injection/reconciler/security/v1alpha1/httppolicybinding/reconciler.go b/pkg/client/injection/reconciler/policy/v1alpha1/httppolicybinding/reconciler.go similarity index 94% rename from pkg/client/injection/reconciler/security/v1alpha1/httppolicybinding/reconciler.go rename to pkg/client/injection/reconciler/policy/v1alpha1/httppolicybinding/reconciler.go index e5e83cbff6..6a17eaa9f9 100644 --- a/pkg/client/injection/reconciler/security/v1alpha1/httppolicybinding/reconciler.go +++ b/pkg/client/injection/reconciler/policy/v1alpha1/httppolicybinding/reconciler.go @@ -23,9 +23,9 @@ import ( "encoding/json" "reflect" - v1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + v1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" versioned "github.com/google/knative-gcp/pkg/client/clientset/versioned" - securityv1alpha1 "github.com/google/knative-gcp/pkg/client/listers/security/v1alpha1" + policyv1alpha1 "github.com/google/knative-gcp/pkg/client/listers/policy/v1alpha1" zap "go.uber.org/zap" v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/equality" @@ -69,7 +69,7 @@ type reconcilerImpl struct { Client versioned.Interface // Listers index properties about resources - Lister securityv1alpha1.HTTPPolicyBindingLister + Lister policyv1alpha1.HTTPPolicyBindingLister // Recorder is an event recorder for recording Event resources to the // Kubernetes API. @@ -86,7 +86,7 @@ type reconcilerImpl struct { // Check that our Reconciler implements controller.Reconciler var _ controller.Reconciler = (*reconcilerImpl)(nil) -func NewReconciler(ctx context.Context, logger *zap.SugaredLogger, client versioned.Interface, lister securityv1alpha1.HTTPPolicyBindingLister, recorder record.EventRecorder, r Interface, options ...controller.Options) controller.Reconciler { +func NewReconciler(ctx context.Context, logger *zap.SugaredLogger, client versioned.Interface, lister policyv1alpha1.HTTPPolicyBindingLister, recorder record.EventRecorder, r Interface, options ...controller.Options) controller.Reconciler { // Check the options function input. It should be 0 or 1. if len(options) > 1 { logger.Fatalf("up to one options struct is supported, found %d", len(options)) @@ -207,7 +207,7 @@ func (r *reconcilerImpl) updateStatus(existing *v1alpha1.HTTPPolicyBinding, desi // The first iteration tries to use the injectionInformer's state, subsequent attempts fetch the latest state via API. if attempts > 0 { - getter := r.Client.SecurityV1alpha1().HTTPPolicyBindings(desired.Namespace) + getter := r.Client.PolicyV1alpha1().HTTPPolicyBindings(desired.Namespace) existing, err = getter.Get(desired.Name, metav1.GetOptions{}) if err != nil { @@ -222,7 +222,7 @@ func (r *reconcilerImpl) updateStatus(existing *v1alpha1.HTTPPolicyBinding, desi existing.Status = desired.Status - updater := r.Client.SecurityV1alpha1().HTTPPolicyBindings(existing.Namespace) + updater := r.Client.PolicyV1alpha1().HTTPPolicyBindings(existing.Namespace) _, err = updater.UpdateStatus(existing) return err @@ -280,7 +280,7 @@ func (r *reconcilerImpl) updateFinalizersFiltered(ctx context.Context, resource return resource, err } - patcher := r.Client.SecurityV1alpha1().HTTPPolicyBindings(resource.Namespace) + patcher := r.Client.PolicyV1alpha1().HTTPPolicyBindings(resource.Namespace) resource, err = patcher.Patch(resource.Name, types.MergePatchType, patch) if err != nil { diff --git a/pkg/client/injection/reconciler/security/v1alpha1/httppolicybinding/stub/controller.go b/pkg/client/injection/reconciler/policy/v1alpha1/httppolicybinding/stub/controller.go similarity index 93% rename from pkg/client/injection/reconciler/security/v1alpha1/httppolicybinding/stub/controller.go rename to pkg/client/injection/reconciler/policy/v1alpha1/httppolicybinding/stub/controller.go index 136c53608e..79c2c0f41d 100644 --- a/pkg/client/injection/reconciler/security/v1alpha1/httppolicybinding/stub/controller.go +++ b/pkg/client/injection/reconciler/policy/v1alpha1/httppolicybinding/stub/controller.go @@ -21,8 +21,8 @@ package httppolicybinding import ( context "context" - httppolicybinding "github.com/google/knative-gcp/pkg/client/injection/informers/security/v1alpha1/httppolicybinding" - v1alpha1httppolicybinding "github.com/google/knative-gcp/pkg/client/injection/reconciler/security/v1alpha1/httppolicybinding" + httppolicybinding "github.com/google/knative-gcp/pkg/client/injection/informers/policy/v1alpha1/httppolicybinding" + v1alpha1httppolicybinding "github.com/google/knative-gcp/pkg/client/injection/reconciler/policy/v1alpha1/httppolicybinding" configmap "knative.dev/pkg/configmap" controller "knative.dev/pkg/controller" logging "knative.dev/pkg/logging" diff --git a/pkg/client/injection/reconciler/security/v1alpha1/httppolicybinding/stub/reconciler.go b/pkg/client/injection/reconciler/policy/v1alpha1/httppolicybinding/stub/reconciler.go similarity index 94% rename from pkg/client/injection/reconciler/security/v1alpha1/httppolicybinding/stub/reconciler.go rename to pkg/client/injection/reconciler/policy/v1alpha1/httppolicybinding/stub/reconciler.go index 15a470ce8d..2d3fbfc69a 100644 --- a/pkg/client/injection/reconciler/security/v1alpha1/httppolicybinding/stub/reconciler.go +++ b/pkg/client/injection/reconciler/policy/v1alpha1/httppolicybinding/stub/reconciler.go @@ -21,8 +21,8 @@ package httppolicybinding import ( context "context" - v1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" - httppolicybinding "github.com/google/knative-gcp/pkg/client/injection/reconciler/security/v1alpha1/httppolicybinding" + v1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" + httppolicybinding "github.com/google/knative-gcp/pkg/client/injection/reconciler/policy/v1alpha1/httppolicybinding" v1 "k8s.io/api/core/v1" reconciler "knative.dev/pkg/reconciler" ) diff --git a/pkg/client/listers/security/v1alpha1/eventpolicy.go b/pkg/client/listers/policy/v1alpha1/eventpolicy.go similarity index 97% rename from pkg/client/listers/security/v1alpha1/eventpolicy.go rename to pkg/client/listers/policy/v1alpha1/eventpolicy.go index 1ef5c51f93..cc4efe283d 100644 --- a/pkg/client/listers/security/v1alpha1/eventpolicy.go +++ b/pkg/client/listers/policy/v1alpha1/eventpolicy.go @@ -19,7 +19,7 @@ limitations under the License. package v1alpha1 import ( - v1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + v1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" "k8s.io/client-go/tools/cache" diff --git a/pkg/client/listers/security/v1alpha1/eventpolicybinding.go b/pkg/client/listers/policy/v1alpha1/eventpolicybinding.go similarity index 98% rename from pkg/client/listers/security/v1alpha1/eventpolicybinding.go rename to pkg/client/listers/policy/v1alpha1/eventpolicybinding.go index 8b8aea61b4..dbdfe19326 100644 --- a/pkg/client/listers/security/v1alpha1/eventpolicybinding.go +++ b/pkg/client/listers/policy/v1alpha1/eventpolicybinding.go @@ -19,7 +19,7 @@ limitations under the License. package v1alpha1 import ( - v1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + v1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" "k8s.io/client-go/tools/cache" diff --git a/pkg/client/listers/security/v1alpha1/expansion_generated.go b/pkg/client/listers/policy/v1alpha1/expansion_generated.go similarity index 100% rename from pkg/client/listers/security/v1alpha1/expansion_generated.go rename to pkg/client/listers/policy/v1alpha1/expansion_generated.go diff --git a/pkg/client/listers/security/v1alpha1/httppolicy.go b/pkg/client/listers/policy/v1alpha1/httppolicy.go similarity index 97% rename from pkg/client/listers/security/v1alpha1/httppolicy.go rename to pkg/client/listers/policy/v1alpha1/httppolicy.go index 6343dc0dcb..c07ac24bba 100644 --- a/pkg/client/listers/security/v1alpha1/httppolicy.go +++ b/pkg/client/listers/policy/v1alpha1/httppolicy.go @@ -19,7 +19,7 @@ limitations under the License. package v1alpha1 import ( - v1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + v1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" "k8s.io/client-go/tools/cache" diff --git a/pkg/client/listers/security/v1alpha1/httppolicybinding.go b/pkg/client/listers/policy/v1alpha1/httppolicybinding.go similarity index 98% rename from pkg/client/listers/security/v1alpha1/httppolicybinding.go rename to pkg/client/listers/policy/v1alpha1/httppolicybinding.go index 32a74191b2..3b2952f558 100644 --- a/pkg/client/listers/security/v1alpha1/httppolicybinding.go +++ b/pkg/client/listers/policy/v1alpha1/httppolicybinding.go @@ -19,7 +19,7 @@ limitations under the License. package v1alpha1 import ( - v1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + v1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" "k8s.io/client-go/tools/cache" diff --git a/pkg/reconciler/security/istio/eventpolicybinding/controller.go b/pkg/reconciler/policy/istio/eventpolicybinding/controller.go similarity index 77% rename from pkg/reconciler/security/istio/eventpolicybinding/controller.go rename to pkg/reconciler/policy/istio/eventpolicybinding/controller.go index 454afebdaa..4f03e39208 100644 --- a/pkg/reconciler/security/istio/eventpolicybinding/controller.go +++ b/pkg/reconciler/policy/istio/eventpolicybinding/controller.go @@ -25,13 +25,13 @@ import ( pkgreconciler "knative.dev/pkg/reconciler" "knative.dev/pkg/tracker" - securityapi "github.com/google/knative-gcp/pkg/apis/security" - securityv1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" - eventpolicyinformer "github.com/google/knative-gcp/pkg/client/injection/informers/security/v1alpha1/eventpolicy" - eventpolicybindinginformer "github.com/google/knative-gcp/pkg/client/injection/informers/security/v1alpha1/eventpolicybinding" - httppolicyinformer "github.com/google/knative-gcp/pkg/client/injection/informers/security/v1alpha1/httppolicy" - httppolicybindinginformer "github.com/google/knative-gcp/pkg/client/injection/informers/security/v1alpha1/httppolicybinding" - bindingreconciler "github.com/google/knative-gcp/pkg/client/injection/reconciler/security/v1alpha1/eventpolicybinding" + policyapi "github.com/google/knative-gcp/pkg/apis/policy" + policyv1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" + eventpolicyinformer "github.com/google/knative-gcp/pkg/client/injection/informers/policy/v1alpha1/eventpolicy" + eventpolicybindinginformer "github.com/google/knative-gcp/pkg/client/injection/informers/policy/v1alpha1/eventpolicybinding" + httppolicyinformer "github.com/google/knative-gcp/pkg/client/injection/informers/policy/v1alpha1/httppolicy" + httppolicybindinginformer "github.com/google/knative-gcp/pkg/client/injection/informers/policy/v1alpha1/httppolicybinding" + bindingreconciler "github.com/google/knative-gcp/pkg/client/injection/reconciler/policy/v1alpha1/eventpolicybinding" "github.com/google/knative-gcp/pkg/reconciler" ) @@ -41,7 +41,7 @@ const ( controllerAgentName = "istio-eventpolicybinding-controller" ) -var eventPolicyGVK = securityv1alpha1.SchemeGroupVersion.WithKind("EventPolicy") +var eventPolicyGVK = policyv1alpha1.SchemeGroupVersion.WithKind("EventPolicy") // NewController initializes the controller and is called by the generated code // Registers event handlers to enqueue events @@ -67,17 +67,17 @@ func NewController( r.Logger.Info("Setting up event handlers") eventPolicyBindingInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ - FilterFunc: pkgreconciler.AnnotationFilterFunc(securityapi.PolicyBindingClassAnnotationKey, securityapi.IstioPolicyBindingClassValue, false), + FilterFunc: pkgreconciler.AnnotationFilterFunc(policyapi.PolicyBindingClassAnnotationKey, policyapi.IstioPolicyBindingClassValue, false), Handler: controller.HandleAll(impl.Enqueue), }) httpPolicyBindingInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ - FilterFunc: controller.FilterGroupKind(securityv1alpha1.Kind("EventPolicyBinding")), + FilterFunc: controller.FilterGroupKind(policyv1alpha1.Kind("EventPolicyBinding")), Handler: controller.HandleAll(impl.EnqueueControllerOf), }) httpPolicyInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ - FilterFunc: controller.FilterGroupKind(securityv1alpha1.Kind("EventPolicyBinding")), + FilterFunc: controller.FilterGroupKind(policyv1alpha1.Kind("EventPolicyBinding")), Handler: controller.HandleAll(impl.EnqueueControllerOf), }) diff --git a/pkg/reconciler/security/istio/eventpolicybinding/controller_test.go b/pkg/reconciler/policy/istio/eventpolicybinding/controller_test.go similarity index 90% rename from pkg/reconciler/security/istio/eventpolicybinding/controller_test.go rename to pkg/reconciler/policy/istio/eventpolicybinding/controller_test.go index 49dc193ed6..690daf1ad1 100644 --- a/pkg/reconciler/security/istio/eventpolicybinding/controller_test.go +++ b/pkg/reconciler/policy/istio/eventpolicybinding/controller_test.go @@ -26,10 +26,10 @@ import ( // Fake injection informers _ "github.com/google/knative-gcp/pkg/client/injection/client/fake" _ "github.com/google/knative-gcp/pkg/client/injection/ducks/duck/v1alpha1/resource/fake" - _ "github.com/google/knative-gcp/pkg/client/injection/informers/security/v1alpha1/eventpolicy/fake" - _ "github.com/google/knative-gcp/pkg/client/injection/informers/security/v1alpha1/eventpolicybinding/fake" - _ "github.com/google/knative-gcp/pkg/client/injection/informers/security/v1alpha1/httppolicy/fake" - _ "github.com/google/knative-gcp/pkg/client/injection/informers/security/v1alpha1/httppolicybinding/fake" + _ "github.com/google/knative-gcp/pkg/client/injection/informers/policy/v1alpha1/eventpolicy/fake" + _ "github.com/google/knative-gcp/pkg/client/injection/informers/policy/v1alpha1/eventpolicybinding/fake" + _ "github.com/google/knative-gcp/pkg/client/injection/informers/policy/v1alpha1/httppolicy/fake" + _ "github.com/google/knative-gcp/pkg/client/injection/informers/policy/v1alpha1/httppolicybinding/fake" _ "github.com/google/knative-gcp/pkg/reconciler/testing" ) diff --git a/pkg/reconciler/security/istio/eventpolicybinding/eventpolicybinding.go b/pkg/reconciler/policy/istio/eventpolicybinding/eventpolicybinding.go similarity index 84% rename from pkg/reconciler/security/istio/eventpolicybinding/eventpolicybinding.go rename to pkg/reconciler/policy/istio/eventpolicybinding/eventpolicybinding.go index c3222631b9..9261350912 100644 --- a/pkg/reconciler/security/istio/eventpolicybinding/eventpolicybinding.go +++ b/pkg/reconciler/policy/istio/eventpolicybinding/eventpolicybinding.go @@ -28,20 +28,20 @@ import ( pkgreconciler "knative.dev/pkg/reconciler" "knative.dev/pkg/tracker" - "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" - bindingreconciler "github.com/google/knative-gcp/pkg/client/injection/reconciler/security/v1alpha1/eventpolicybinding" - securitylisters "github.com/google/knative-gcp/pkg/client/listers/security/v1alpha1" + "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" + bindingreconciler "github.com/google/knative-gcp/pkg/client/injection/reconciler/policy/v1alpha1/eventpolicybinding" + policylisters "github.com/google/knative-gcp/pkg/client/listers/policy/v1alpha1" "github.com/google/knative-gcp/pkg/reconciler" - "github.com/google/knative-gcp/pkg/reconciler/security/istio/eventpolicybinding/resources" + "github.com/google/knative-gcp/pkg/reconciler/policy/istio/eventpolicybinding/resources" ) // Reconciler reconciles the EventPolicyBinding. type Reconciler struct { *reconciler.Base - eventPolicyLister securitylisters.EventPolicyLister - httpPolicyLister securitylisters.HTTPPolicyLister - httpPolicyBindingLister securitylisters.HTTPPolicyBindingLister + eventPolicyLister policylisters.EventPolicyLister + httpPolicyLister policylisters.HTTPPolicyLister + httpPolicyBindingLister policylisters.HTTPPolicyBindingLister policyTracker tracker.Interface } @@ -98,7 +98,7 @@ func (r *Reconciler) reconcileHTTPPolicyBinding( desired := resources.MakeHTTPPolicyBinding(b, p) existing, err := r.httpPolicyBindingLister.HTTPPolicyBindings(desired.Namespace).Get(desired.Name) if apierrs.IsNotFound(err) { - existing, err = r.RunClientSet.SecurityV1alpha1().HTTPPolicyBindings(desired.Namespace).Create(desired) + existing, err = r.RunClientSet.PolicyV1alpha1().HTTPPolicyBindings(desired.Namespace).Create(desired) if err != nil { return nil, fmt.Errorf("failed to create HTTPPolicyBinding: %w", err) } @@ -110,7 +110,7 @@ func (r *Reconciler) reconcileHTTPPolicyBinding( // Don't modify the informers copy. cp := existing.DeepCopy() cp.Spec = desired.Spec - existing, err = r.RunClientSet.SecurityV1alpha1().HTTPPolicyBindings(cp.Namespace).Update(cp) + existing, err = r.RunClientSet.PolicyV1alpha1().HTTPPolicyBindings(cp.Namespace).Update(cp) if err != nil { return nil, fmt.Errorf("failed to update HTTPPolicyBinding: %w", err) } @@ -127,7 +127,7 @@ func (r *Reconciler) reconcileHTTPPolicy( desired := resources.MakeHTTPPolicy(b, p) existing, err := r.httpPolicyLister.HTTPPolicies(desired.Namespace).Get(desired.Name) if apierrs.IsNotFound(err) { - existing, err = r.RunClientSet.SecurityV1alpha1().HTTPPolicies(desired.Namespace).Create(desired) + existing, err = r.RunClientSet.PolicyV1alpha1().HTTPPolicies(desired.Namespace).Create(desired) if err != nil { return nil, fmt.Errorf("failed to create HTTPPolicy: %w", err) } @@ -139,7 +139,7 @@ func (r *Reconciler) reconcileHTTPPolicy( // Don't modify the informers copy. cp := existing.DeepCopy() cp.Spec = desired.Spec - existing, err = r.RunClientSet.SecurityV1alpha1().HTTPPolicies(cp.Namespace).Update(cp) + existing, err = r.RunClientSet.PolicyV1alpha1().HTTPPolicies(cp.Namespace).Update(cp) if err != nil { return nil, fmt.Errorf("failed to update HTTPPolicy: %w", err) } diff --git a/pkg/reconciler/security/istio/eventpolicybinding/eventpolicybinding_test.go b/pkg/reconciler/policy/istio/eventpolicybinding/eventpolicybinding_test.go similarity index 91% rename from pkg/reconciler/security/istio/eventpolicybinding/eventpolicybinding_test.go rename to pkg/reconciler/policy/istio/eventpolicybinding/eventpolicybinding_test.go index daecbf1ee1..6430677d3a 100644 --- a/pkg/reconciler/security/istio/eventpolicybinding/eventpolicybinding_test.go +++ b/pkg/reconciler/policy/istio/eventpolicybinding/eventpolicybinding_test.go @@ -32,10 +32,10 @@ import ( logtesting "knative.dev/pkg/logging/testing" "knative.dev/pkg/tracker" - "github.com/google/knative-gcp/pkg/apis/security" - "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + "github.com/google/knative-gcp/pkg/apis/policy" + "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" "github.com/google/knative-gcp/pkg/client/injection/ducks/duck/v1alpha1/resource" - bindingreconciler "github.com/google/knative-gcp/pkg/client/injection/reconciler/security/v1alpha1/eventpolicybinding" + bindingreconciler "github.com/google/knative-gcp/pkg/client/injection/reconciler/policy/v1alpha1/eventpolicybinding" "github.com/google/knative-gcp/pkg/reconciler" . "github.com/google/knative-gcp/pkg/reconciler/testing" @@ -70,7 +70,7 @@ func TestAllCases(t *testing.T) { WithPolicyBindingPolicy(testPolicyName), ).AsEventPolicyBinding(), newSubject("subject", testNamespace, - WithUnstructuredAnnotations(map[string]interface{}{"security.knative.dev/authorizableOn": `{"matchLabels":{"app":"test"}}`}), + WithUnstructuredAnnotations(map[string]interface{}{"policy.run.cloud.google.com/authorizableOn": `{"matchLabels":{"app":"test"}}`}), ), }, Key: testNamespace + "/" + testBindingName, @@ -79,11 +79,11 @@ func TestAllCases(t *testing.T) { WithPolicyBindingSubject(testSubjectGVK, "subject"), WithPolicyBindingPolicy(testPolicyName), WithPolicyBindingStatusInit(), - WithPolicyBindingStatusFailure("GetPolicyFailure", `eventpolicy.security.knative.dev "testpolicy" not found`), + WithPolicyBindingStatusFailure("GetPolicyFailure", `eventpolicy.policy.run.cloud.google.com "testpolicy" not found`), ).AsEventPolicyBinding(), }}, WantEvents: []string{ - Eventf(corev1.EventTypeWarning, "InternalError", `failed to get EventPolicy: eventpolicy.security.knative.dev "testpolicy" not found`), + Eventf(corev1.EventTypeWarning, "InternalError", `failed to get EventPolicy: eventpolicy.policy.run.cloud.google.com "testpolicy" not found`), }, WantErr: true, }, { @@ -95,7 +95,7 @@ func TestAllCases(t *testing.T) { WithPolicyBindingPolicy(testPolicyName), ).AsEventPolicyBinding(), newSubject("subject", testNamespace, - WithUnstructuredAnnotations(map[string]interface{}{"security.knative.dev/authorizableOn": `{"matchLabels":{"app":"test"}}`}), + WithUnstructuredAnnotations(map[string]interface{}{"policy.run.cloud.google.com/authorizableOn": `{"matchLabels":{"app":"test"}}`}), ), newTestEventPolicy(testPolicyName, testNamespace), }, @@ -127,7 +127,7 @@ func TestAllCases(t *testing.T) { WithPolicyBindingPolicy(testPolicyName), ).AsEventPolicyBinding(), newSubject("subject", testNamespace, - WithUnstructuredAnnotations(map[string]interface{}{"security.knative.dev/authorizableOn": `{"matchLabels":{"app":"test"}}`}), + WithUnstructuredAnnotations(map[string]interface{}{"policy.run.cloud.google.com/authorizableOn": `{"matchLabels":{"app":"test"}}`}), ), newTestEventPolicy(testPolicyName, testNamespace), newEmptyHTTPPolicy(testPolicyName, testNamespace, testBindingName), @@ -160,7 +160,7 @@ func TestAllCases(t *testing.T) { WithPolicyBindingPolicy(testPolicyName), ).AsEventPolicyBinding(), newSubject("subject", testNamespace, - WithUnstructuredAnnotations(map[string]interface{}{"security.knative.dev/authorizableOn": `{"matchLabels":{"app":"test"}}`}), + WithUnstructuredAnnotations(map[string]interface{}{"policy.run.cloud.google.com/authorizableOn": `{"matchLabels":{"app":"test"}}`}), ), newTestEventPolicy(testPolicyName, testNamespace), newTestHTTPPolicy(testPolicyName, testNamespace, testBindingName), @@ -198,7 +198,7 @@ func TestAllCases(t *testing.T) { WithPolicyBindingPolicy(testPolicyName), ).AsEventPolicyBinding(), newSubject("subject", testNamespace, - WithUnstructuredAnnotations(map[string]interface{}{"security.knative.dev/authorizableOn": `{"matchLabels":{"app":"test"}}`}), + WithUnstructuredAnnotations(map[string]interface{}{"policy.run.cloud.google.com/authorizableOn": `{"matchLabels":{"app":"test"}}`}), ), newTestEventPolicy(testPolicyName, testNamespace), newTestHTTPPolicy(testPolicyName, testNamespace, testBindingName), @@ -240,7 +240,7 @@ func TestAllCases(t *testing.T) { WithPolicyBindingPolicy(testPolicyName), ).AsEventPolicyBinding(), newSubject("subject", testNamespace, - WithUnstructuredAnnotations(map[string]interface{}{"security.knative.dev/authorizableOn": `{"matchLabels":{"app":"test"}}`}), + WithUnstructuredAnnotations(map[string]interface{}{"policy.run.cloud.google.com/authorizableOn": `{"matchLabels":{"app":"test"}}`}), ), newTestEventPolicy(testPolicyName, testNamespace), }, @@ -273,7 +273,7 @@ func TestAllCases(t *testing.T) { WithPolicyBindingPolicy(testPolicyName), ).AsEventPolicyBinding(), newSubject("subject", testNamespace, - WithUnstructuredAnnotations(map[string]interface{}{"security.knative.dev/authorizableOn": `{"matchLabels":{"app":"test"}}`}), + WithUnstructuredAnnotations(map[string]interface{}{"policy.run.cloud.google.com/authorizableOn": `{"matchLabels":{"app":"test"}}`}), ), newTestEventPolicy(testPolicyName, testNamespace), newTestHTTPPolicy(testPolicyName, testNamespace, testBindingName), @@ -305,7 +305,7 @@ func TestAllCases(t *testing.T) { WithPolicyBindingPolicy(testPolicyName), ).AsEventPolicyBinding(), newSubject("subject", testNamespace, - WithUnstructuredAnnotations(map[string]interface{}{"security.knative.dev/authorizableOn": `{"matchLabels":{"app":"test"}}`}), + WithUnstructuredAnnotations(map[string]interface{}{"policy.run.cloud.google.com/authorizableOn": `{"matchLabels":{"app":"test"}}`}), ), newTestEventPolicy(testPolicyName, testNamespace), newTestHTTPPolicy(testPolicyName, testNamespace, testBindingName), @@ -394,7 +394,7 @@ func newEmptyHTTPPolicy(parent, namespace, owner string) *v1alpha1.HTTPPolicy { Name: kmeta.ChildName(parent, "-http"), Namespace: namespace, OwnerReferences: []metav1.OwnerReference{{ - APIVersion: "security.knative.dev/v1alpha1", + APIVersion: "policy.run.cloud.google.com/v1alpha1", Kind: "EventPolicyBinding", Name: owner, UID: "test-uid", @@ -412,7 +412,7 @@ func newTestHTTPPolicy(parent, namespace, owner string) *v1alpha1.HTTPPolicy { Name: kmeta.ChildName(parent, "-http"), Namespace: namespace, OwnerReferences: []metav1.OwnerReference{{ - APIVersion: "security.knative.dev/v1alpha1", + APIVersion: "policy.run.cloud.google.com/v1alpha1", Kind: "EventPolicyBinding", Name: owner, UID: "test-uid", @@ -478,10 +478,10 @@ func withPolicyBindingOwner(owner string) BindingOption { return func(cb *CommonBinding) { cb.ObjectMeta.UID = "" cb.ObjectMeta.Annotations = map[string]string{ - security.PolicyBindingClassAnnotationKey: security.IstioPolicyBindingClassValue, + policy.PolicyBindingClassAnnotationKey: policy.IstioPolicyBindingClassValue, } cb.ObjectMeta.OwnerReferences = []metav1.OwnerReference{{ - APIVersion: "security.knative.dev/v1alpha1", + APIVersion: "policy.run.cloud.google.com/v1alpha1", Kind: "EventPolicyBinding", Name: owner, UID: "test-uid", diff --git a/pkg/reconciler/security/istio/eventpolicybinding/resources/httppolicy.go b/pkg/reconciler/policy/istio/eventpolicybinding/resources/httppolicy.go similarity index 97% rename from pkg/reconciler/security/istio/eventpolicybinding/resources/httppolicy.go rename to pkg/reconciler/policy/istio/eventpolicybinding/resources/httppolicy.go index 8cf906de27..a0569fa1b8 100644 --- a/pkg/reconciler/security/istio/eventpolicybinding/resources/httppolicy.go +++ b/pkg/reconciler/policy/istio/eventpolicybinding/resources/httppolicy.go @@ -18,7 +18,7 @@ package resources import ( cehttp "github.com/cloudevents/sdk-go/v2/protocol/http" - "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "knative.dev/pkg/kmeta" ) diff --git a/pkg/reconciler/security/istio/eventpolicybinding/resources/httppolicy_test.go b/pkg/reconciler/policy/istio/eventpolicybinding/resources/httppolicy_test.go similarity index 98% rename from pkg/reconciler/security/istio/eventpolicybinding/resources/httppolicy_test.go rename to pkg/reconciler/policy/istio/eventpolicybinding/resources/httppolicy_test.go index 8dad771e3d..27e1224aec 100644 --- a/pkg/reconciler/security/istio/eventpolicybinding/resources/httppolicy_test.go +++ b/pkg/reconciler/policy/istio/eventpolicybinding/resources/httppolicy_test.go @@ -26,7 +26,7 @@ import ( "knative.dev/pkg/tracker" "github.com/google/go-cmp/cmp" - "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" ) func TestMakeHTTPPolicy(t *testing.T) { diff --git a/pkg/reconciler/security/istio/eventpolicybinding/resources/httppolicybinding.go b/pkg/reconciler/policy/istio/eventpolicybinding/resources/httppolicybinding.go similarity index 87% rename from pkg/reconciler/security/istio/eventpolicybinding/resources/httppolicybinding.go rename to pkg/reconciler/policy/istio/eventpolicybinding/resources/httppolicybinding.go index bbfb9c697b..0d4b840802 100644 --- a/pkg/reconciler/security/istio/eventpolicybinding/resources/httppolicybinding.go +++ b/pkg/reconciler/policy/istio/eventpolicybinding/resources/httppolicybinding.go @@ -21,8 +21,8 @@ import ( duckv1 "knative.dev/pkg/apis/duck/v1" "knative.dev/pkg/kmeta" - "github.com/google/knative-gcp/pkg/apis/security" - "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + "github.com/google/knative-gcp/pkg/apis/policy" + "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" ) // MakeHTTPPolicyBinding generates a HTTPPolicyBinding based on the given EventPolicyBinding. @@ -33,7 +33,7 @@ func MakeHTTPPolicyBinding(b *v1alpha1.EventPolicyBinding, hp *v1alpha1.HTTPPoli Namespace: b.Namespace, OwnerReferences: []metav1.OwnerReference{*kmeta.NewControllerRef(b)}, Annotations: map[string]string{ - security.PolicyBindingClassAnnotationKey: security.IstioPolicyBindingClassValue, + policy.PolicyBindingClassAnnotationKey: policy.IstioPolicyBindingClassValue, }, }, Spec: v1alpha1.PolicyBindingSpec{ diff --git a/pkg/reconciler/security/istio/eventpolicybinding/resources/httppolicybinding_test.go b/pkg/reconciler/policy/istio/eventpolicybinding/resources/httppolicybinding_test.go similarity index 92% rename from pkg/reconciler/security/istio/eventpolicybinding/resources/httppolicybinding_test.go rename to pkg/reconciler/policy/istio/eventpolicybinding/resources/httppolicybinding_test.go index dc632aa20b..0c01d58dd4 100644 --- a/pkg/reconciler/security/istio/eventpolicybinding/resources/httppolicybinding_test.go +++ b/pkg/reconciler/policy/istio/eventpolicybinding/resources/httppolicybinding_test.go @@ -26,8 +26,8 @@ import ( "knative.dev/pkg/tracker" "github.com/google/go-cmp/cmp" - "github.com/google/knative-gcp/pkg/apis/security" - "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + "github.com/google/knative-gcp/pkg/apis/policy" + "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" ) func TestMakeHTTPPolicyBinding(t *testing.T) { @@ -65,7 +65,7 @@ func TestMakeHTTPPolicyBinding(t *testing.T) { Namespace: "testnamespace", OwnerReferences: []metav1.OwnerReference{*kmeta.NewControllerRef(eb)}, Annotations: map[string]string{ - security.PolicyBindingClassAnnotationKey: security.IstioPolicyBindingClassValue, + policy.PolicyBindingClassAnnotationKey: policy.IstioPolicyBindingClassValue, }, }, Spec: v1alpha1.PolicyBindingSpec{ diff --git a/pkg/reconciler/security/istio/httppolicybinding/controller.go b/pkg/reconciler/policy/istio/httppolicybinding/controller.go similarity index 78% rename from pkg/reconciler/security/istio/httppolicybinding/controller.go rename to pkg/reconciler/policy/istio/httppolicybinding/controller.go index f8573b3be2..6e6790a1e5 100644 --- a/pkg/reconciler/security/istio/httppolicybinding/controller.go +++ b/pkg/reconciler/policy/istio/httppolicybinding/controller.go @@ -25,16 +25,16 @@ import ( pkgreconciler "knative.dev/pkg/reconciler" "knative.dev/pkg/tracker" - securityapi "github.com/google/knative-gcp/pkg/apis/security" - securityv1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" - policyinformer "github.com/google/knative-gcp/pkg/client/injection/informers/security/v1alpha1/httppolicy" - bindinginformer "github.com/google/knative-gcp/pkg/client/injection/informers/security/v1alpha1/httppolicybinding" - bindingreconciler "github.com/google/knative-gcp/pkg/client/injection/reconciler/security/v1alpha1/httppolicybinding" + policyapi "github.com/google/knative-gcp/pkg/apis/policy" + policyv1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" + policyinformer "github.com/google/knative-gcp/pkg/client/injection/informers/policy/v1alpha1/httppolicy" + bindinginformer "github.com/google/knative-gcp/pkg/client/injection/informers/policy/v1alpha1/httppolicybinding" + bindingreconciler "github.com/google/knative-gcp/pkg/client/injection/reconciler/policy/v1alpha1/httppolicybinding" istioclient "github.com/google/knative-gcp/pkg/client/istio/injection/client" authzinformer "github.com/google/knative-gcp/pkg/client/istio/injection/informers/security/v1beta1/authorizationpolicy" authninformer "github.com/google/knative-gcp/pkg/client/istio/injection/informers/security/v1beta1/requestauthentication" "github.com/google/knative-gcp/pkg/reconciler" - "github.com/google/knative-gcp/pkg/reconciler/security" + "github.com/google/knative-gcp/pkg/reconciler/policy" ) const ( @@ -43,7 +43,7 @@ const ( controllerAgentName = "istio-httppolicybinding-controller" ) -var httpPolicyGVK = securityv1alpha1.SchemeGroupVersion.WithKind("HTTPPolicy") +var httpPolicyGVK = policyv1alpha1.SchemeGroupVersion.WithKind("HTTPPolicy") // NewController initializes the controller and is called by the generated code // Registers event handlers to enqueue events @@ -70,21 +70,21 @@ func NewController( r.Logger.Info("Setting up event handlers") bindingInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ - FilterFunc: pkgreconciler.AnnotationFilterFunc(securityapi.PolicyBindingClassAnnotationKey, securityapi.IstioPolicyBindingClassValue, false), + FilterFunc: pkgreconciler.AnnotationFilterFunc(policyapi.PolicyBindingClassAnnotationKey, policyapi.IstioPolicyBindingClassValue, false), Handler: controller.HandleAll(impl.Enqueue), }) authzInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ - FilterFunc: controller.FilterGroupKind(securityv1alpha1.Kind("HTTPPolicyBinding")), + FilterFunc: controller.FilterGroupKind(policyv1alpha1.Kind("HTTPPolicyBinding")), Handler: controller.HandleAll(impl.EnqueueControllerOf), }) authnInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ - FilterFunc: controller.FilterGroupKind(securityv1alpha1.Kind("HTTPPolicyBinding")), + FilterFunc: controller.FilterGroupKind(policyv1alpha1.Kind("HTTPPolicyBinding")), Handler: controller.HandleAll(impl.EnqueueControllerOf), }) - r.subjectResolver = security.NewSubjectResolver(ctx, impl.EnqueueKey) + r.subjectResolver = policy.NewSubjectResolver(ctx, impl.EnqueueKey) r.policyTracker = tracker.New(impl.EnqueueKey, controller.GetTrackerLease(ctx)) policyInformer.Informer().AddEventHandler(controller.HandleAll( diff --git a/pkg/reconciler/security/istio/httppolicybinding/controller_test.go b/pkg/reconciler/policy/istio/httppolicybinding/controller_test.go similarity index 95% rename from pkg/reconciler/security/istio/httppolicybinding/controller_test.go rename to pkg/reconciler/policy/istio/httppolicybinding/controller_test.go index 2bd4898bd2..cd7c6e525b 100644 --- a/pkg/reconciler/security/istio/httppolicybinding/controller_test.go +++ b/pkg/reconciler/policy/istio/httppolicybinding/controller_test.go @@ -26,9 +26,9 @@ import ( // Fake injection informers _ "github.com/google/knative-gcp/pkg/client/injection/client/fake" _ "github.com/google/knative-gcp/pkg/client/injection/ducks/duck/v1alpha1/resource/fake" + _ "github.com/google/knative-gcp/pkg/client/injection/informers/policy/v1alpha1/httppolicy/fake" + _ "github.com/google/knative-gcp/pkg/client/injection/informers/policy/v1alpha1/httppolicybinding/fake" _ "github.com/google/knative-gcp/pkg/client/injection/informers/pubsub/v1alpha1/pullsubscription/fake" - _ "github.com/google/knative-gcp/pkg/client/injection/informers/security/v1alpha1/httppolicy/fake" - _ "github.com/google/knative-gcp/pkg/client/injection/informers/security/v1alpha1/httppolicybinding/fake" _ "github.com/google/knative-gcp/pkg/client/istio/injection/client/fake" _ "github.com/google/knative-gcp/pkg/client/istio/injection/informers/security/v1beta1/authorizationpolicy/fake" _ "github.com/google/knative-gcp/pkg/client/istio/injection/informers/security/v1beta1/requestauthentication/fake" diff --git a/pkg/reconciler/security/istio/httppolicybinding/httppolicybinding.go b/pkg/reconciler/policy/istio/httppolicybinding/httppolicybinding.go similarity index 93% rename from pkg/reconciler/security/istio/httppolicybinding/httppolicybinding.go rename to pkg/reconciler/policy/istio/httppolicybinding/httppolicybinding.go index abf172db9d..f0eb0bda2d 100644 --- a/pkg/reconciler/security/istio/httppolicybinding/httppolicybinding.go +++ b/pkg/reconciler/policy/istio/httppolicybinding/httppolicybinding.go @@ -30,27 +30,27 @@ import ( pkgreconciler "knative.dev/pkg/reconciler" "knative.dev/pkg/tracker" - "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" - bindingreconciler "github.com/google/knative-gcp/pkg/client/injection/reconciler/security/v1alpha1/httppolicybinding" + "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" + bindingreconciler "github.com/google/knative-gcp/pkg/client/injection/reconciler/policy/v1alpha1/httppolicybinding" istioclientset "github.com/google/knative-gcp/pkg/client/istio/clientset/versioned" istiolisters "github.com/google/knative-gcp/pkg/client/istio/listers/security/v1beta1" - securitylisters "github.com/google/knative-gcp/pkg/client/listers/security/v1alpha1" + policylisters "github.com/google/knative-gcp/pkg/client/listers/policy/v1alpha1" "github.com/google/knative-gcp/pkg/reconciler" - "github.com/google/knative-gcp/pkg/reconciler/security" - "github.com/google/knative-gcp/pkg/reconciler/security/istio/httppolicybinding/resources" + "github.com/google/knative-gcp/pkg/reconciler/policy" + "github.com/google/knative-gcp/pkg/reconciler/policy/istio/httppolicybinding/resources" ) // Reconciler reconciles the HTTPPolicyBinding. type Reconciler struct { *reconciler.Base - policyLister securitylisters.HTTPPolicyLister + policyLister policylisters.HTTPPolicyLister authzLister istiolisters.AuthorizationPolicyLister authnLister istiolisters.RequestAuthenticationLister istioClient istioclientset.Interface - subjectResolver *security.SubjectResolver + subjectResolver *policy.SubjectResolver policyTracker tracker.Interface } diff --git a/pkg/reconciler/security/istio/httppolicybinding/httppolicybinding_test.go b/pkg/reconciler/policy/istio/httppolicybinding/httppolicybinding_test.go similarity index 86% rename from pkg/reconciler/security/istio/httppolicybinding/httppolicybinding_test.go rename to pkg/reconciler/policy/istio/httppolicybinding/httppolicybinding_test.go index afd44c973e..baa1a9cebe 100644 --- a/pkg/reconciler/security/istio/httppolicybinding/httppolicybinding_test.go +++ b/pkg/reconciler/policy/istio/httppolicybinding/httppolicybinding_test.go @@ -21,9 +21,9 @@ import ( "testing" istioclient "github.com/google/knative-gcp/pkg/client/istio/injection/client" - istiosecurity "istio.io/api/security/v1beta1" + istiopolicy "istio.io/api/security/v1beta1" istiotype "istio.io/api/type/v1beta1" - istiosecurityclient "istio.io/client-go/pkg/apis/security/v1beta1" + istiopolicyclient "istio.io/client-go/pkg/apis/security/v1beta1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" @@ -36,11 +36,11 @@ import ( logtesting "knative.dev/pkg/logging/testing" "knative.dev/pkg/tracker" - "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" "github.com/google/knative-gcp/pkg/client/injection/ducks/duck/v1alpha1/resource" - bindingreconciler "github.com/google/knative-gcp/pkg/client/injection/reconciler/security/v1alpha1/httppolicybinding" + bindingreconciler "github.com/google/knative-gcp/pkg/client/injection/reconciler/policy/v1alpha1/httppolicybinding" "github.com/google/knative-gcp/pkg/reconciler" - "github.com/google/knative-gcp/pkg/reconciler/security" + "github.com/google/knative-gcp/pkg/reconciler/policy" . "github.com/google/knative-gcp/pkg/reconciler/testing" . "knative.dev/pkg/reconciler/testing" @@ -105,11 +105,11 @@ func TestAllCases(t *testing.T) { WithPolicyBindingSubject(testSubjectGVK, "subject"), WithPolicyBindingPolicy(testPolicyName), WithPolicyBindingStatusInit(), - WithPolicyBindingStatusFailure("SubjectResolvingFailure", `the reference is not an authorizable; expecting annotation "security.knative.dev/authorizableOn"`), + WithPolicyBindingStatusFailure("SubjectResolvingFailure", `the reference is not an authorizable; expecting annotation "policy.run.cloud.google.com/authorizableOn"`), ).AsHTTPPolicyBinding(), }}, WantEvents: []string{ - Eventf(corev1.EventTypeWarning, "InternalError", `failed to resolve subject from HTTPPolicyBinding: the reference is not an authorizable; expecting annotation "security.knative.dev/authorizableOn"`), + Eventf(corev1.EventTypeWarning, "InternalError", `failed to resolve subject from HTTPPolicyBinding: the reference is not an authorizable; expecting annotation "policy.run.cloud.google.com/authorizableOn"`), }, WantErr: true, }, { @@ -121,7 +121,7 @@ func TestAllCases(t *testing.T) { WithPolicyBindingPolicy(testPolicyName), ).AsHTTPPolicyBinding(), newSubject("subject", testNamespace, - WithUnstructuredAnnotations(map[string]interface{}{"security.knative.dev/authorizableOn": "self"}), + WithUnstructuredAnnotations(map[string]interface{}{"policy.run.cloud.google.com/authorizableOn": "self"}), ), newTestPolicy(testPolicyName, testNamespace), }, @@ -147,7 +147,7 @@ func TestAllCases(t *testing.T) { WithPolicyBindingPolicy(testPolicyName), ).AsHTTPPolicyBinding(), newSubject("subject", testNamespace, - WithUnstructuredAnnotations(map[string]interface{}{"security.knative.dev/authorizableOn": "random"}), + WithUnstructuredAnnotations(map[string]interface{}{"policy.run.cloud.google.com/authorizableOn": "random"}), ), newTestPolicy(testPolicyName, testNamespace), }, @@ -157,11 +157,11 @@ func TestAllCases(t *testing.T) { WithPolicyBindingSubject(testSubjectGVK, "subject"), WithPolicyBindingPolicy(testPolicyName), WithPolicyBindingStatusInit(), - WithPolicyBindingStatusFailure("SubjectResolvingFailure", `the reference doesn't have a valid subject in annotation "security.knative.dev/authorizableOn"; it must be a LabelSelector: invalid character 'r' looking for beginning of value`), + WithPolicyBindingStatusFailure("SubjectResolvingFailure", `the reference doesn't have a valid subject in annotation "policy.run.cloud.google.com/authorizableOn"; it must be a LabelSelector: invalid character 'r' looking for beginning of value`), ).AsHTTPPolicyBinding(), }}, WantEvents: []string{ - Eventf(corev1.EventTypeWarning, "InternalError", `failed to resolve subject from HTTPPolicyBinding: the reference doesn't have a valid subject in annotation "security.knative.dev/authorizableOn"; it must be a LabelSelector: invalid character 'r' looking for beginning of value`), + Eventf(corev1.EventTypeWarning, "InternalError", `failed to resolve subject from HTTPPolicyBinding: the reference doesn't have a valid subject in annotation "policy.run.cloud.google.com/authorizableOn"; it must be a LabelSelector: invalid character 'r' looking for beginning of value`), }, WantErr: true, }, { @@ -173,7 +173,7 @@ func TestAllCases(t *testing.T) { WithPolicyBindingPolicy(testPolicyName), ).AsHTTPPolicyBinding(), newSubject("subject", testNamespace, - WithUnstructuredAnnotations(map[string]interface{}{"security.knative.dev/authorizableOn": `{"matchLabels":{"app":"test"}}`}), + WithUnstructuredAnnotations(map[string]interface{}{"policy.run.cloud.google.com/authorizableOn": `{"matchLabels":{"app":"test"}}`}), ), }, Key: testNamespace + "/" + testBindingName, @@ -182,11 +182,11 @@ func TestAllCases(t *testing.T) { WithPolicyBindingSubject(testSubjectGVK, "subject"), WithPolicyBindingPolicy(testPolicyName), WithPolicyBindingStatusInit(), - WithPolicyBindingStatusFailure("GetPolicyFailure", `httppolicy.security.knative.dev "testpolicy" not found`), + WithPolicyBindingStatusFailure("GetPolicyFailure", `httppolicy.policy.run.cloud.google.com "testpolicy" not found`), ).AsHTTPPolicyBinding(), }}, WantEvents: []string{ - Eventf(corev1.EventTypeWarning, "InternalError", `failed to get HTTPPolicy: httppolicy.security.knative.dev "testpolicy" not found`), + Eventf(corev1.EventTypeWarning, "InternalError", `failed to get HTTPPolicy: httppolicy.policy.run.cloud.google.com "testpolicy" not found`), }, WantErr: true, }, { @@ -198,7 +198,7 @@ func TestAllCases(t *testing.T) { WithPolicyBindingPolicy(testPolicyName), ).AsHTTPPolicyBinding(), newSubject("subject", testNamespace, - WithUnstructuredAnnotations(map[string]interface{}{"security.knative.dev/authorizableOn": `{"matchLabels":{"app":"test"}}`}), + WithUnstructuredAnnotations(map[string]interface{}{"policy.run.cloud.google.com/authorizableOn": `{"matchLabels":{"app":"test"}}`}), ), newTestPolicy(testPolicyName, testNamespace), }, @@ -233,7 +233,7 @@ func TestAllCases(t *testing.T) { WithPolicyBindingPolicy(testPolicyName), ).AsHTTPPolicyBinding(), newSubject("subject", testNamespace, - WithUnstructuredAnnotations(map[string]interface{}{"security.knative.dev/authorizableOn": `{"matchLabels":{"app":"test"}}`}), + WithUnstructuredAnnotations(map[string]interface{}{"policy.run.cloud.google.com/authorizableOn": `{"matchLabels":{"app":"test"}}`}), ), newTestPolicy(testPolicyName, testNamespace), NewRequestAuthentication(kmeta.ChildName(testBindingName, "-req-authn"), testNamespace, @@ -271,7 +271,7 @@ func TestAllCases(t *testing.T) { WithPolicyBindingPolicy(testPolicyName), ).AsHTTPPolicyBinding(), newSubject("subject", testNamespace, - WithUnstructuredAnnotations(map[string]interface{}{"security.knative.dev/authorizableOn": `{"matchLabels":{"app":"test"}}`}), + WithUnstructuredAnnotations(map[string]interface{}{"policy.run.cloud.google.com/authorizableOn": `{"matchLabels":{"app":"test"}}`}), ), newTestPolicy(testPolicyName, testNamespace), NewRequestAuthentication(kmeta.ChildName(testBindingName, "-req-authn"), testNamespace, @@ -310,7 +310,7 @@ func TestAllCases(t *testing.T) { WithPolicyBindingPolicy(testPolicyName), ).AsHTTPPolicyBinding(), newSubject("subject", testNamespace, - WithUnstructuredAnnotations(map[string]interface{}{"security.knative.dev/authorizableOn": `{"matchLabels":{"app":"test"}}`}), + WithUnstructuredAnnotations(map[string]interface{}{"policy.run.cloud.google.com/authorizableOn": `{"matchLabels":{"app":"test"}}`}), ), newTestPolicy(testPolicyName, testNamespace), NewRequestAuthentication(kmeta.ChildName(testBindingName, "-req-authn"), testNamespace, @@ -352,7 +352,7 @@ func TestAllCases(t *testing.T) { WithPolicyBindingPolicy(testPolicyName), ).AsHTTPPolicyBinding(), newSubject("subject", testNamespace, - WithUnstructuredAnnotations(map[string]interface{}{"security.knative.dev/authorizableOn": `{"matchLabels":{"app":"test"}}`}), + WithUnstructuredAnnotations(map[string]interface{}{"policy.run.cloud.google.com/authorizableOn": `{"matchLabels":{"app":"test"}}`}), ), newTestPolicy(testPolicyName, testNamespace), }, @@ -389,7 +389,7 @@ func TestAllCases(t *testing.T) { authzLister: listers.GetAuthorizationPolicyLister(), istioClient: istioclient.Get(ctx), policyTracker: tracker.New(func(types.NamespacedName) {}, 0), - subjectResolver: security.NewSubjectResolver(ctx, func(types.NamespacedName) {}), + subjectResolver: policy.NewSubjectResolver(ctx, func(types.NamespacedName) {}), } return bindingreconciler.NewReconciler(ctx, r.Logger, r.RunClientSet, listers.GetHTTPPolicyBindingLister(), r.Recorder, r) @@ -465,18 +465,18 @@ func newSubject(name, namespace string, opts ...UnstructuredOption) *unstructure } func withRequestAuthenticationTestSpec() RequestAuthnOption { - return func(ra *istiosecurityclient.RequestAuthentication) { - ra.Spec = istiosecurity.RequestAuthentication{ + return func(ra *istiopolicyclient.RequestAuthentication) { + ra.Spec = istiopolicy.RequestAuthentication{ Selector: &istiotype.WorkloadSelector{ MatchLabels: map[string]string{ "app": "test", }, }, - JwtRules: []*istiosecurity.JWTRule{{ + JwtRules: []*istiopolicy.JWTRule{{ Issuer: "example.com", JwksUri: testJwksURI, ForwardOriginalToken: true, - FromHeaders: []*istiosecurity.JWTHeader{ + FromHeaders: []*istiopolicy.JWTHeader{ {Name: "Authorization", Prefix: "Bearer"}, {Name: "X-Custom-Token"}, }, @@ -486,10 +486,10 @@ func withRequestAuthenticationTestSpec() RequestAuthnOption { } func withRequestAuthenticationOwner(owner string) RequestAuthnOption { - return func(ra *istiosecurityclient.RequestAuthentication) { + return func(ra *istiopolicyclient.RequestAuthentication) { trueVal := true ra.ObjectMeta.OwnerReferences = []metav1.OwnerReference{{ - APIVersion: "security.knative.dev/v1alpha1", + APIVersion: "policy.run.cloud.google.com/v1alpha1", Kind: "HTTPPolicyBinding", Name: owner, UID: "test-uid", @@ -500,27 +500,27 @@ func withRequestAuthenticationOwner(owner string) RequestAuthnOption { } func withAuthorizationPolicyTestSpec() AuthzPolicyOption { - return func(ap *istiosecurityclient.AuthorizationPolicy) { - ap.Spec = istiosecurity.AuthorizationPolicy{ + return func(ap *istiopolicyclient.AuthorizationPolicy) { + ap.Spec = istiopolicy.AuthorizationPolicy{ Selector: &istiotype.WorkloadSelector{ MatchLabels: map[string]string{ "app": "test", }, }, - Action: istiosecurity.AuthorizationPolicy_ALLOW, - Rules: []*istiosecurity.Rule{ + Action: istiopolicy.AuthorizationPolicy_ALLOW, + Rules: []*istiopolicy.Rule{ { - From: []*istiosecurity.Rule_From{ - {Source: &istiosecurity.Source{RequestPrincipals: []string{"user-a@example.com"}}}, + From: []*istiopolicy.Rule_From{ + {Source: &istiopolicy.Source{RequestPrincipals: []string{"user-a@example.com"}}}, }, - To: []*istiosecurity.Rule_To{ - {Operation: &istiosecurity.Operation{ + To: []*istiopolicy.Rule_To{ + {Operation: &istiopolicy.Operation{ Hosts: []string{"*.mysvc.svc.cluster.local"}, Methods: []string{"GET", "POST"}, Paths: []string{"/operation/*", "/admin/*"}, }}, }, - When: []*istiosecurity.Condition{ + When: []*istiopolicy.Condition{ { Key: "request.auth.claims[iss]", Values: []string{"https://example.com"}, @@ -540,8 +540,8 @@ func withAuthorizationPolicyTestSpec() AuthzPolicyOption { }, }, { - To: []*istiosecurity.Rule_To{{ - Operation: &istiosecurity.Operation{ + To: []*istiopolicy.Rule_To{{ + Operation: &istiopolicy.Operation{ Hosts: []string{"*.mysvc.svc.cluster.local"}, Paths: []string{"/public/*"}, }, @@ -553,10 +553,10 @@ func withAuthorizationPolicyTestSpec() AuthzPolicyOption { } func withAuthorizationPolicyOwner(owner string) AuthzPolicyOption { - return func(ap *istiosecurityclient.AuthorizationPolicy) { + return func(ap *istiopolicyclient.AuthorizationPolicy) { trueVal := true ap.ObjectMeta.OwnerReferences = []metav1.OwnerReference{{ - APIVersion: "security.knative.dev/v1alpha1", + APIVersion: "policy.run.cloud.google.com/v1alpha1", Kind: "HTTPPolicyBinding", Name: owner, UID: "test-uid", diff --git a/pkg/reconciler/security/istio/httppolicybinding/resources/authorization_policy.go b/pkg/reconciler/policy/istio/httppolicybinding/resources/authorization_policy.go similarity index 77% rename from pkg/reconciler/security/istio/httppolicybinding/resources/authorization_policy.go rename to pkg/reconciler/policy/istio/httppolicybinding/resources/authorization_policy.go index 3c0b3f6da3..f10805912e 100644 --- a/pkg/reconciler/security/istio/httppolicybinding/resources/authorization_policy.go +++ b/pkg/reconciler/policy/istio/httppolicybinding/resources/authorization_policy.go @@ -19,43 +19,43 @@ package resources import ( "fmt" - istiosecurity "istio.io/api/security/v1beta1" + istiopolicy "istio.io/api/security/v1beta1" istiotype "istio.io/api/type/v1beta1" istioclient "istio.io/client-go/pkg/apis/security/v1beta1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "knative.dev/pkg/kmeta" - "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" ) -// See: https://istio.io/docs/reference/config/security/conditions/ +// See: https://istio.io/docs/reference/config/policy/conditions/ const ( istioClaimKeyPattern = "request.auth.claims[%s]" istioHeaderKeyPattern = "request.headers[%s]" ) // MakeAuthorizationPolicy makes an Istio AuthorizationPolicy. -// Reference: https://istio.io/docs/reference/config/security/authorization-policy/ +// Reference: https://istio.io/docs/reference/config/policy/authorization-policy/ func MakeAuthorizationPolicy( b *v1alpha1.HTTPPolicyBinding, subjectSelector *metav1.LabelSelector, rules []v1alpha1.HTTPPolicyRuleSpec) istioclient.AuthorizationPolicy { - var rs []*istiosecurity.Rule + var rs []*istiopolicy.Rule for _, r := range rules { - var rfs []*istiosecurity.Rule_From + var rfs []*istiopolicy.Rule_From if len(r.Principals) > 0 { - rfs = []*istiosecurity.Rule_From{{ - Source: &istiosecurity.Source{ + rfs = []*istiopolicy.Rule_From{{ + Source: &istiopolicy.Source{ RequestPrincipals: r.Principals, }, }} } - var rts []*istiosecurity.Rule_To + var rts []*istiopolicy.Rule_To for _, op := range r.Operations { - rt := &istiosecurity.Rule_To{ - Operation: &istiosecurity.Operation{}, + rt := &istiopolicy.Rule_To{ + Operation: &istiopolicy.Operation{}, } for _, h := range op.Hosts { rt.Operation.Hosts = append(rt.Operation.Hosts, h.ToExpression()) @@ -69,9 +69,9 @@ func MakeAuthorizationPolicy( rts = append(rts, rt) } - var rcs []*istiosecurity.Condition + var rcs []*istiopolicy.Condition for _, cl := range r.Claims { - rc := &istiosecurity.Condition{ + rc := &istiopolicy.Condition{ Key: istioClaimKey(cl.Key), } for _, v := range cl.Values { @@ -80,7 +80,7 @@ func MakeAuthorizationPolicy( rcs = append(rcs, rc) } for _, h := range r.Headers { - rc := &istiosecurity.Condition{ + rc := &istiopolicy.Condition{ Key: istioHeaderKey(h.Key), } for _, v := range h.Values { @@ -89,7 +89,7 @@ func MakeAuthorizationPolicy( rcs = append(rcs, rc) } - rs = append(rs, &istiosecurity.Rule{ + rs = append(rs, &istiopolicy.Rule{ From: rfs, To: rts, When: rcs, @@ -102,11 +102,11 @@ func MakeAuthorizationPolicy( Namespace: b.Namespace, OwnerReferences: []metav1.OwnerReference{*kmeta.NewControllerRef(b)}, }, - Spec: istiosecurity.AuthorizationPolicy{ + Spec: istiopolicy.AuthorizationPolicy{ Selector: &istiotype.WorkloadSelector{ MatchLabels: subjectSelector.MatchLabels, }, - Action: istiosecurity.AuthorizationPolicy_ALLOW, + Action: istiopolicy.AuthorizationPolicy_ALLOW, Rules: rs, }, } diff --git a/pkg/reconciler/security/istio/httppolicybinding/resources/authorization_policy_test.go b/pkg/reconciler/policy/istio/httppolicybinding/resources/authorization_policy_test.go similarity index 85% rename from pkg/reconciler/security/istio/httppolicybinding/resources/authorization_policy_test.go rename to pkg/reconciler/policy/istio/httppolicybinding/resources/authorization_policy_test.go index ebbc0b5c7e..95bd3f5c67 100644 --- a/pkg/reconciler/security/istio/httppolicybinding/resources/authorization_policy_test.go +++ b/pkg/reconciler/policy/istio/httppolicybinding/resources/authorization_policy_test.go @@ -19,14 +19,14 @@ package resources import ( "testing" - istiosecurity "istio.io/api/security/v1beta1" + istiopolicy "istio.io/api/security/v1beta1" istiotype "istio.io/api/type/v1beta1" istioclient "istio.io/client-go/pkg/apis/security/v1beta1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "knative.dev/pkg/kmeta" "github.com/google/go-cmp/cmp" - "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" ) func TestMakeAuthorizationPolicy(t *testing.T) { @@ -77,26 +77,26 @@ func TestMakeAuthorizationPolicy(t *testing.T) { Namespace: testNamespace, OwnerReferences: []metav1.OwnerReference{*kmeta.NewControllerRef(b)}, }, - Spec: istiosecurity.AuthorizationPolicy{ + Spec: istiopolicy.AuthorizationPolicy{ Selector: &istiotype.WorkloadSelector{ MatchLabels: map[string]string{ "app": "test", }, }, - Action: istiosecurity.AuthorizationPolicy_ALLOW, - Rules: []*istiosecurity.Rule{ + Action: istiopolicy.AuthorizationPolicy_ALLOW, + Rules: []*istiopolicy.Rule{ { - From: []*istiosecurity.Rule_From{ - {Source: &istiosecurity.Source{RequestPrincipals: []string{"user-a@example.com"}}}, + From: []*istiopolicy.Rule_From{ + {Source: &istiopolicy.Source{RequestPrincipals: []string{"user-a@example.com"}}}, }, - To: []*istiosecurity.Rule_To{ - {Operation: &istiosecurity.Operation{ + To: []*istiopolicy.Rule_To{ + {Operation: &istiopolicy.Operation{ Hosts: []string{"*.mysvc.svc.cluster.local"}, Methods: []string{"GET", "POST"}, Paths: []string{"/operation/*", "/admin/*"}, }}, }, - When: []*istiosecurity.Condition{ + When: []*istiopolicy.Condition{ { Key: "request.auth.claims[iss]", Values: []string{"https://example.com"}, @@ -116,8 +116,8 @@ func TestMakeAuthorizationPolicy(t *testing.T) { }, }, { - To: []*istiosecurity.Rule_To{{ - Operation: &istiosecurity.Operation{ + To: []*istiopolicy.Rule_To{{ + Operation: &istiopolicy.Operation{ Hosts: []string{"*.mysvc.svc.cluster.local"}, Paths: []string{"/public/*"}, }, diff --git a/pkg/reconciler/security/istio/httppolicybinding/resources/request_authentication.go b/pkg/reconciler/policy/istio/httppolicybinding/resources/request_authentication.go similarity index 79% rename from pkg/reconciler/security/istio/httppolicybinding/resources/request_authentication.go rename to pkg/reconciler/policy/istio/httppolicybinding/resources/request_authentication.go index f4edefbd06..70246fa223 100644 --- a/pkg/reconciler/security/istio/httppolicybinding/resources/request_authentication.go +++ b/pkg/reconciler/policy/istio/httppolicybinding/resources/request_authentication.go @@ -17,25 +17,25 @@ limitations under the License. package resources import ( - istiosecurity "istio.io/api/security/v1beta1" + istiopolicy "istio.io/api/security/v1beta1" istiotype "istio.io/api/type/v1beta1" istioclient "istio.io/client-go/pkg/apis/security/v1beta1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "knative.dev/pkg/kmeta" - "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" ) // MakeRequestAuthentication makes an Istio RequestAuthentication. -// Reference: https://istio.io/docs/reference/config/security/request_authentication/ +// Reference: https://istio.io/docs/reference/config/policy/request_authentication/ func MakeRequestAuthentication( b *v1alpha1.HTTPPolicyBinding, subjectSelector *metav1.LabelSelector, jwt v1alpha1.JWTSpec) istioclient.RequestAuthentication { - var rhs []*istiosecurity.JWTHeader + var rhs []*istiopolicy.JWTHeader for _, rh := range jwt.FromHeaders { - rhs = append(rhs, &istiosecurity.JWTHeader{Name: rh.Name, Prefix: rh.Prefix}) + rhs = append(rhs, &istiopolicy.JWTHeader{Name: rh.Name, Prefix: rh.Prefix}) } return istioclient.RequestAuthentication{ @@ -44,11 +44,11 @@ func MakeRequestAuthentication( Namespace: b.Namespace, OwnerReferences: []metav1.OwnerReference{*kmeta.NewControllerRef(b)}, }, - Spec: istiosecurity.RequestAuthentication{ + Spec: istiopolicy.RequestAuthentication{ Selector: &istiotype.WorkloadSelector{ MatchLabels: subjectSelector.MatchLabels, }, - JwtRules: []*istiosecurity.JWTRule{{ + JwtRules: []*istiopolicy.JWTRule{{ Issuer: jwt.Issuer, Jwks: jwt.Jwks, JwksUri: jwt.JwksURI, diff --git a/pkg/reconciler/security/istio/httppolicybinding/resources/request_authentication_test.go b/pkg/reconciler/policy/istio/httppolicybinding/resources/request_authentication_test.go similarity index 90% rename from pkg/reconciler/security/istio/httppolicybinding/resources/request_authentication_test.go rename to pkg/reconciler/policy/istio/httppolicybinding/resources/request_authentication_test.go index 39ad73d1a7..c40646405c 100644 --- a/pkg/reconciler/security/istio/httppolicybinding/resources/request_authentication_test.go +++ b/pkg/reconciler/policy/istio/httppolicybinding/resources/request_authentication_test.go @@ -19,14 +19,14 @@ package resources import ( "testing" - istiosecurity "istio.io/api/security/v1beta1" + istiopolicy "istio.io/api/security/v1beta1" istiotype "istio.io/api/type/v1beta1" istioclient "istio.io/client-go/pkg/apis/security/v1beta1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "knative.dev/pkg/kmeta" "github.com/google/go-cmp/cmp" - "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" ) const ( @@ -61,17 +61,17 @@ func TestMakeRequestAuthentication(t *testing.T) { Namespace: testNamespace, OwnerReferences: []metav1.OwnerReference{*kmeta.NewControllerRef(b)}, }, - Spec: istiosecurity.RequestAuthentication{ + Spec: istiopolicy.RequestAuthentication{ Selector: &istiotype.WorkloadSelector{ MatchLabels: map[string]string{ "app": "test", }, }, - JwtRules: []*istiosecurity.JWTRule{{ + JwtRules: []*istiopolicy.JWTRule{{ Issuer: "example.com", JwksUri: testJwksURI, ForwardOriginalToken: true, - FromHeaders: []*istiosecurity.JWTHeader{ + FromHeaders: []*istiopolicy.JWTHeader{ {Name: "Authorization", Prefix: "Bearer"}, {Name: "X-Custom-Token"}, }, diff --git a/pkg/reconciler/security/subject_resolver.go b/pkg/reconciler/policy/subject_resolver.go similarity index 90% rename from pkg/reconciler/security/subject_resolver.go rename to pkg/reconciler/policy/subject_resolver.go index c68f7a709c..ba42541a3b 100644 --- a/pkg/reconciler/security/subject_resolver.go +++ b/pkg/reconciler/policy/subject_resolver.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package security +package policy import ( "context" @@ -30,7 +30,7 @@ import ( "knative.dev/pkg/tracker" duckv1alpha1 "github.com/google/knative-gcp/pkg/apis/duck/v1alpha1" - "github.com/google/knative-gcp/pkg/apis/security" + "github.com/google/knative-gcp/pkg/apis/policy" "github.com/google/knative-gcp/pkg/client/injection/ducks/duck/v1alpha1/resource" ) @@ -83,12 +83,12 @@ func (r *SubjectResolver) ResolveFromRef(ref tracker.Reference, parent interface } // Parse the annotation to resolve the subject to protect. - selector, ok := kr.Annotations[security.AuthorizableAnnotationKey] + selector, ok := kr.Annotations[policy.AuthorizableAnnotationKey] if !ok { - return nil, fmt.Errorf("the reference is not an authorizable; expecting annotation %q", security.AuthorizableAnnotationKey) + return nil, fmt.Errorf("the reference is not an authorizable; expecting annotation %q", policy.AuthorizableAnnotationKey) } // Handle this special case where the object itself is already the workload to bind policy. - if selector == security.SelfAuthorizableAnnotationValue { + if selector == policy.SelfAuthorizableAnnotationValue { if len(kr.GetLabels()) == 0 { // It's probably too dangerous to apply a policy without specifying any label selector. // For now, we simply disallow that. @@ -101,7 +101,7 @@ func (r *SubjectResolver) ResolveFromRef(ref tracker.Reference, parent interface var l metav1.LabelSelector if err := json.Unmarshal([]byte(selector), &l); err != nil { - return nil, fmt.Errorf("the reference doesn't have a valid subject in annotation %q; it must be a LabelSelector: %w", security.AuthorizableAnnotationKey, err) + return nil, fmt.Errorf("the reference doesn't have a valid subject in annotation %q; it must be a LabelSelector: %w", policy.AuthorizableAnnotationKey, err) } return &l, nil diff --git a/pkg/reconciler/security/subject_resolver_test.go b/pkg/reconciler/policy/subject_resolver_test.go similarity index 97% rename from pkg/reconciler/security/subject_resolver_test.go rename to pkg/reconciler/policy/subject_resolver_test.go index b5b2e7747b..8da94b477e 100644 --- a/pkg/reconciler/security/subject_resolver_test.go +++ b/pkg/reconciler/policy/subject_resolver_test.go @@ -14,14 +14,14 @@ See the License for the specific language governing permissions and limitations under the License. */ -package security +package policy import ( "context" "testing" "github.com/google/go-cmp/cmp" - "github.com/google/knative-gcp/pkg/apis/security" + "github.com/google/knative-gcp/pkg/apis/policy" "github.com/google/knative-gcp/pkg/client/clientset/versioned/scheme" "github.com/google/knative-gcp/pkg/client/injection/ducks/duck/v1alpha1/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -173,7 +173,7 @@ func genObject(annotation string, labels map[string]interface{}) *unstructured.U var anno map[string]interface{} if annotation != "" { anno = map[string]interface{}{ - security.AuthorizableAnnotationKey: annotation, + policy.AuthorizableAnnotationKey: annotation, } } return &unstructured.Unstructured{ diff --git a/pkg/reconciler/testing/listers.go b/pkg/reconciler/testing/listers.go index e7eae2f9dc..ce28abfe23 100644 --- a/pkg/reconciler/testing/listers.go +++ b/pkg/reconciler/testing/listers.go @@ -43,13 +43,13 @@ import ( EventsV1alpha1 "github.com/google/knative-gcp/pkg/apis/events/v1alpha1" MessagingV1alpha1 "github.com/google/knative-gcp/pkg/apis/messaging/v1alpha1" + policyv1alpha1 "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" pubsubv1alpha1 "github.com/google/knative-gcp/pkg/apis/pubsub/v1alpha1" - securityv1alpha1 "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" fakeeventsclientset "github.com/google/knative-gcp/pkg/client/clientset/versioned/fake" eventslisters "github.com/google/knative-gcp/pkg/client/listers/events/v1alpha1" messaginglisters "github.com/google/knative-gcp/pkg/client/listers/messaging/v1alpha1" + policylisters "github.com/google/knative-gcp/pkg/client/listers/policy/v1alpha1" pubsublisters "github.com/google/knative-gcp/pkg/client/listers/pubsub/v1alpha1" - securitylisters "github.com/google/knative-gcp/pkg/client/listers/security/v1alpha1" fakeistioclientset "github.com/google/knative-gcp/pkg/client/istio/clientset/versioned/fake" istiov1beta1listers "github.com/google/knative-gcp/pkg/client/istio/listers/security/v1beta1" @@ -193,20 +193,20 @@ func (l *Listers) GetConfigMapLister() corev1listers.ConfigMapLister { return corev1listers.NewConfigMapLister(l.indexerFor(&corev1.ConfigMap{})) } -func (l *Listers) GetHTTPPolicyLister() securitylisters.HTTPPolicyLister { - return securitylisters.NewHTTPPolicyLister(l.indexerFor(&securityv1alpha1.HTTPPolicy{})) +func (l *Listers) GetHTTPPolicyLister() policylisters.HTTPPolicyLister { + return policylisters.NewHTTPPolicyLister(l.indexerFor(&policyv1alpha1.HTTPPolicy{})) } -func (l *Listers) GetHTTPPolicyBindingLister() securitylisters.HTTPPolicyBindingLister { - return securitylisters.NewHTTPPolicyBindingLister(l.indexerFor(&securityv1alpha1.HTTPPolicyBinding{})) +func (l *Listers) GetHTTPPolicyBindingLister() policylisters.HTTPPolicyBindingLister { + return policylisters.NewHTTPPolicyBindingLister(l.indexerFor(&policyv1alpha1.HTTPPolicyBinding{})) } -func (l *Listers) GetEventPolicyLister() securitylisters.EventPolicyLister { - return securitylisters.NewEventPolicyLister(l.indexerFor(&securityv1alpha1.EventPolicy{})) +func (l *Listers) GetEventPolicyLister() policylisters.EventPolicyLister { + return policylisters.NewEventPolicyLister(l.indexerFor(&policyv1alpha1.EventPolicy{})) } -func (l *Listers) GetEventPolicyBindingLister() securitylisters.EventPolicyBindingLister { - return securitylisters.NewEventPolicyBindingLister(l.indexerFor(&securityv1alpha1.EventPolicyBinding{})) +func (l *Listers) GetEventPolicyBindingLister() policylisters.EventPolicyBindingLister { + return policylisters.NewEventPolicyBindingLister(l.indexerFor(&policyv1alpha1.EventPolicyBinding{})) } func (l *Listers) GetRequestAuthenticationLister() istiov1beta1listers.RequestAuthenticationLister { diff --git a/pkg/reconciler/testing/policybinding.go b/pkg/reconciler/testing/policybinding.go index a1e8f1b303..17a4f18fff 100644 --- a/pkg/reconciler/testing/policybinding.go +++ b/pkg/reconciler/testing/policybinding.go @@ -19,7 +19,7 @@ package testing import ( "context" - "github.com/google/knative-gcp/pkg/apis/security/v1alpha1" + "github.com/google/knative-gcp/pkg/apis/policy/v1alpha1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" duckv1 "knative.dev/pkg/apis/duck/v1" "knative.dev/pkg/tracker"