Renaming ReferencePolicy to ReferenceGrant

apis/v1alpha2/gateway_types.go

@@ -314,8 +314,8 @@ type GatewayTLSConfig struct {
 	// a Listener, but this behavior is implementation-specific.
 	//
 	// References to a resource in different namespace are invalid UNLESS there
-	// is a ReferencePolicy in the target namespace that allows the certificate
-	// to be attached. If a ReferencePolicy does not allow this reference, the
+	// is a ReferenceGrant in the target namespace that allows the certificate
+	// to be attached. If a ReferenceGrant does not allow this reference, the
 	// "ResolvedRefs" condition MUST be set to False for this listener with the
 	// "InvalidCertificateRef" reason.
 	//
@@ -758,7 +758,7 @@ const (
 	// This reason is used with the "ResolvedRefs" condition when
 	// one of the Listener's Routes has a BackendRef to an object in
 	// another namespace, where the object in the other namespace does
-	// not have a ReferencePolicy explicitly allowing the reference.
+	// not have a ReferenceGrant explicitly allowing the reference.
 	ListenerReasonRefNotPermitted ListenerConditionReason = "RefNotPermitted"
 )
 

apis/v1alpha2/httproute_types.go

@@ -204,7 +204,7 @@ type HTTPRouteRule struct {
 	// * an unknown or unsupported kind of resource
 	// * a resource that does not exist
 	// * a resource in another namespace when the reference has not been
-	//   explicitly allowed by a ReferencePolicy (or equivalent concept).
+	//   explicitly allowed by a ReferenceGrant (or equivalent concept).
 	//
 	// When a BackendRef is invalid, 404 status codes MUST be returned for
 	// requests that would have otherwise been routed to an invalid backend. If
@@ -833,7 +833,7 @@ type HTTPRequestMirrorFilter struct {
 	// this backend in the underlying implementation.
 	//
 	// If there is a cross-namespace reference to an *existing* object
-	// that is not allowed by a ReferencePolicy, the controller must ensure the
+	// that is not allowed by a ReferenceGrant, the controller must ensure the
 	// "ResolvedRefs"  condition on the Route is set to `status: False`,
 	// with the "RefNotPermitted" reason and not configure this backend in the
 	// underlying implementation.
@@ -856,7 +856,7 @@ type HTTPBackendRef struct {
 	// configure this backend in the underlying implementation.
 	//
 	// If there is a cross-namespace reference to an *existing* object
-	// that is not covered by a ReferencePolicy, the controller must ensure the
+	// that is not covered by a ReferenceGrant, the controller must ensure the
 	// "ResolvedRefs"  condition on the Route is set to `status: False`,
 	// with the "RefNotPermitted" reason and not configure this backend in the
 	// underlying implementation.

apis/v1alpha2/object_reference_types.go

@@ -65,9 +65,9 @@ type SecretObjectReference struct {
 	// Namespace is the namespace of the backend. When unspecified, the local
 	// namespace is inferred.
 	//
-	// Note that when a namespace is specified, a ReferencePolicy object
+	// Note that when a namespace is specified, a ReferenceGrant object
 	// is required in the referent namespace to allow that namespace's
-	// owner to accept the reference. See the ReferencePolicy documentation
+	// owner to accept the reference. See the ReferenceGrant documentation
 	// for details.
 	//
 	// Support: Core
@@ -80,9 +80,9 @@ type SecretObjectReference struct {
 // specific to BackendRef. It includes a few additional fields and features
 // than a regular ObjectReference.
 //
-// Note that when a namespace is specified, a ReferencePolicy object
+// Note that when a namespace is specified, a ReferenceGrant object
 // is required in the referent namespace to allow that namespace's
-// owner to accept the reference. See the ReferencePolicy documentation
+// owner to accept the reference. See the ReferenceGrant documentation
 // for details.
 //
 // The API object must be valid in the cluster; the Group and Kind must
@@ -112,9 +112,9 @@ type BackendObjectReference struct {
 	// Namespace is the namespace of the backend. When unspecified, the local
 	// namespace is inferred.
 	//
-	// Note that when a namespace is specified, a ReferencePolicy object
+	// Note that when a namespace is specified, a ReferenceGrant object
 	// is required in the referent namespace to allow that namespace's
-	// owner to accept the reference. See the ReferencePolicy documentation
+	// owner to accept the reference. See the ReferenceGrant documentation
 	// for details.
 	//
 	// Support: Core

apis/v1alpha2/referencepolicy_types.go

@@ -24,42 +24,42 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 // +kubebuilder:storageversion
 // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
 
-// ReferencePolicy identifies kinds of resources in other namespaces that are
+// ReferenceGrant identifies kinds of resources in other namespaces that are
 // trusted to reference the specified kinds of resources in the same namespace
 // as the policy.
 //
-// Each ReferencePolicy can be used to represent a unique trust relationship.
+// Each ReferenceGrant can be used to represent a unique trust relationship.
 // Additional Reference Policies can be used to add to the set of trusted
 // sources of inbound references for the namespace they are defined within.
 //
 // All cross-namespace references in Gateway API (with the exception of cross-namespace
-// Gateway-route attachment) require a ReferencePolicy.
+// Gateway-route attachment) require a ReferenceGrant.
 //
 // Support: Core
 //
-type ReferencePolicy struct {
+type ReferenceGrant struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	// Spec defines the desired state of ReferencePolicy.
-	Spec ReferencePolicySpec `json:"spec,omitempty"`
+	// Spec defines the desired state of ReferenceGrant.
+	Spec ReferenceGrantSpec `json:"spec,omitempty"`
 
 	// Note that `Status` sub-resource has been excluded at the
 	// moment as it was difficult to work out the design.
 	// `Status` sub-resource may be added in future.
 }
 
 // +kubebuilder:object:root=true
-// ReferencePolicyList contains a list of ReferencePolicy.
-type ReferencePolicyList struct {
+// ReferenceGrantList contains a list of ReferenceGrant.
+type ReferenceGrantList struct {
 	metav1.TypeMeta `json:",inline"`
 	metav1.ListMeta `json:"metadata,omitempty"`
-	Items           []ReferencePolicy `json:"items"`
+	Items           []ReferenceGrant `json:"items"`
 }
 
-// ReferencePolicySpec identifies a cross namespace relationship that is trusted
+// ReferenceGrantSpec identifies a cross namespace relationship that is trusted
 // for Gateway API.
-type ReferencePolicySpec struct {
+type ReferenceGrantSpec struct {
 	// From describes the trusted namespaces and kinds that can reference the
 	// resources described in "To". Each entry in this list must be considered
 	// to be an additional place that references can be valid from, or to put
@@ -69,7 +69,7 @@ type ReferencePolicySpec struct {
 	//
 	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=16
-	From []ReferencePolicyFrom `json:"from"`
+	From []ReferenceGrantFrom `json:"from"`
 
 	// To describes the resources that may be referenced by the resources
 	// described in "From". Each entry in this list must be considered to be an
@@ -80,11 +80,11 @@ type ReferencePolicySpec struct {
 	//
 	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=16
-	To []ReferencePolicyTo `json:"to"`
+	To []ReferenceGrantTo `json:"to"`
 }
 
-// ReferencePolicyFrom describes trusted namespaces and kinds.
-type ReferencePolicyFrom struct {
+// ReferenceGrantFrom describes trusted namespaces and kinds.
+type ReferenceGrantFrom struct {
 	// Group is the group of the referent.
 	// When empty, the Kubernetes core API group is inferred.
 	//
@@ -107,9 +107,9 @@ type ReferencePolicyFrom struct {
 	Namespace Namespace `json:"namespace"`
 }
 
-// ReferencePolicyTo describes what Kinds are allowed as targets of the
+// ReferenceGrantTo describes what Kinds are allowed as targets of the
 // references.
-type ReferencePolicyTo struct {
+type ReferenceGrantTo struct {
 	// Group is the group of the referent.
 	// When empty, the Kubernetes core API group is inferred.
 	//

apis/v1alpha2/shared_types.go

@@ -150,9 +150,9 @@ type PortNumber int32
 // BackendRef defines how a Route should forward a request to a Kubernetes
 // resource.
 //
-// Note that when a namespace is specified, a ReferencePolicy object
+// Note that when a namespace is specified, a ReferenceGrant object
 // is required in the referent namespace to allow that namespace's
-// owner to accept the reference. See the ReferencePolicy documentation
+// owner to accept the reference. See the ReferenceGrant documentation
 // for details.
 type BackendRef struct {
 	// BackendObjectReference references a Kubernetes object.
@@ -239,7 +239,7 @@ const (
 	// This reason is used with the "ResolvedRefs" condition when
 	// one of the Listener's Routes has a BackendRef to an object in
 	// another namespace, where the object in the other namespace does
-	// not have a ReferencePolicy explicitly allowing the reference.
+	// not have a ReferenceGrant explicitly allowing the reference.
 	RouteReasonRefNotPermitted RouteConditionReason = "RefNotPermitted"
 )