Merge pull request #302 from tssurya/address-review-comments-before-v1alpha1

Address review comments before v1alpha1

Author: k8s-ci-robot

apis/v1alpha1/adminnetworkpolicy_types.go

@@ -126,7 +126,7 @@ type AdminNetworkPolicyIngressRule struct {
 	Action AdminNetworkPolicyRuleAction `json:"action"`
 
 	// From is the list of sources whose traffic this rule applies to.
-	// If any AdminNetworkPolicyIngressPeer matches the source of incoming
+	// If any element matches the source of incoming
 	// traffic then the specified action is applied.
 	// This field must be defined and contain at least one item.
 	//
@@ -150,7 +150,7 @@ type AdminNetworkPolicyIngressRule struct {
 // set of traffic originating from pods selected by a AdminNetworkPolicy's
 // Subject field.
 // <network-policy-api:experimental:validation>
-// +kubebuilder:validation:XValidation:rule="!(self.to.exists(peer, has(peer.networks) || has(peer.nodes)) && has(self.ports) && self.ports.exists(port, has(port.namedPort)))",message="networks/nodes peer cannot be set with namedPorts since there are no namedPorts for networks/nodes"
+// +kubebuilder:validation:XValidation:rule="!(self.to.exists(peer, has(peer.networks) || has(peer.nodes) || has(peer.domainNames)) && has(self.ports) && self.ports.exists(port, has(port.namedPort)))",message="networks/nodes/domainNames peer cannot be set with namedPorts since there are no namedPorts for networks/nodes/domainNames"
 type AdminNetworkPolicyEgressRule struct {
 	// Name is an identifier for this rule, that may be no more than 100 characters
 	// in length. This field should be used by the implementation to help
@@ -173,7 +173,7 @@ type AdminNetworkPolicyEgressRule struct {
 	Action AdminNetworkPolicyRuleAction `json:"action"`
 
 	// To is the List of destinations whose traffic this rule applies to.
-	// If any AdminNetworkPolicyEgressPeer matches the destination of outgoing
+	// If any element matches the destination of outgoing
 	// traffic then the specified action is applied.
 	// This field must be defined and contain at least one item.
 	//
@@ -254,7 +254,7 @@ type AdminNetworkPolicyEgressPeer struct {
 	// DomainNames provides a way to specify domain names as peers.
 	//
 	// DomainNames is only supported for ALLOW rules. In order to control
-	// access, DomainNames ALLOW rules should be used with a lower priority
+	// access, DomainNames Allow rules should be used with a lower priority
 	// egress deny -- this allows the admin to maintain an explicit "allowlist"
 	// of reachable domains.
 	//

apis/v1alpha1/baselineadminnetworkpolicy_types.go

@@ -107,7 +107,7 @@ type BaselineAdminNetworkPolicyIngressRule struct {
 	Action BaselineAdminNetworkPolicyRuleAction `json:"action"`
 
 	// From is the list of sources whose traffic this rule applies to.
-	// If any AdminNetworkPolicyIngressPeer matches the source of incoming
+	// If any element matches the source of incoming
 	// traffic then the specified action is applied.
 	// This field must be defined and contain at least one item.
 	//
@@ -150,7 +150,7 @@ type BaselineAdminNetworkPolicyEgressRule struct {
 	Action BaselineAdminNetworkPolicyRuleAction `json:"action"`
 
 	// To is the list of destinations whose traffic this rule applies to.
-	// If any BaselineAdminNetworkPolicyEgressPeer matches the destination of outgoing
+	// If any element matches the destination of outgoing
 	// traffic then the specified action is applied.
 	// This field must be defined and contain at least one item.
 	// +kubebuilder:validation:MinItems=1

config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml

@@ -167,7 +167,7 @@ spec:
                     to:
                       description: |-
                         To is the List of destinations whose traffic this rule applies to.
-                        If any AdminNetworkPolicyEgressPeer matches the destination of outgoing
+                        If any element matches the destination of outgoing
                         traffic then the specified action is applied.
                         This field must be defined and contain at least one item.
                       items:
@@ -190,7 +190,7 @@ spec:
                               DomainNames provides a way to specify domain names as peers.
 
                               DomainNames is only supported for ALLOW rules. In order to control
-                              access, DomainNames ALLOW rules should be used with a lower priority
+                              access, DomainNames Allow rules should be used with a lower priority
                               egress deny -- this allows the admin to maintain an explicit "allowlist"
                               of reachable domains.
 
@@ -468,10 +468,11 @@ spec:
                   - to
                   type: object
                   x-kubernetes-validations:
-                  - message: networks/nodes peer cannot be set with namedPorts since
-                      there are no namedPorts for networks/nodes
-                    rule: '!(self.to.exists(peer, has(peer.networks) || has(peer.nodes))
-                      && has(self.ports) && self.ports.exists(port, has(port.namedPort)))'
+                  - message: networks/nodes/domainNames peer cannot be set with namedPorts
+                      since there are no namedPorts for networks/nodes/domainNames
+                    rule: '!(self.to.exists(peer, has(peer.networks) || has(peer.nodes)
+                      || has(peer.domainNames)) && has(self.ports) && self.ports.exists(port,
+                      has(port.namedPort)))'
                 maxItems: 100
                 type: array
               ingress:
@@ -507,7 +508,7 @@ spec:
                     from:
                       description: |-
                         From is the list of sources whose traffic this rule applies to.
-                        If any AdminNetworkPolicyIngressPeer matches the source of incoming
+                        If any element matches the source of incoming
                         traffic then the specified action is applied.
                         This field must be defined and contain at least one item.
                       items:

config/crd/experimental/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml

@@ -160,7 +160,7 @@ spec:
                     to:
                       description: |-
                         To is the list of destinations whose traffic this rule applies to.
-                        If any BaselineAdminNetworkPolicyEgressPeer matches the destination of outgoing
+                        If any element matches the destination of outgoing
                         traffic then the specified action is applied.
                         This field must be defined and contain at least one item.
                       items:
@@ -458,7 +458,7 @@ spec:
                     from:
                       description: |-
                         From is the list of sources whose traffic this rule applies to.
-                        If any AdminNetworkPolicyIngressPeer matches the source of incoming
+                        If any element matches the source of incoming
                         traffic then the specified action is applied.
                         This field must be defined and contain at least one item.
                       items:

config/crd/standard/policy.networking.k8s.io_adminnetworkpolicies.yaml

@@ -161,7 +161,7 @@ spec:
                     to:
                       description: |-
                         To is the List of destinations whose traffic this rule applies to.
-                        If any AdminNetworkPolicyEgressPeer matches the destination of outgoing
+                        If any element matches the destination of outgoing
                         traffic then the specified action is applied.
                         This field must be defined and contain at least one item.
                       items:
@@ -404,7 +404,7 @@ spec:
                     from:
                       description: |-
                         From is the list of sources whose traffic this rule applies to.
-                        If any AdminNetworkPolicyIngressPeer matches the source of incoming
+                        If any element matches the source of incoming
                         traffic then the specified action is applied.
                         This field must be defined and contain at least one item.
                       items:

config/crd/standard/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml

@@ -154,7 +154,7 @@ spec:
                     to:
                       description: |-
                         To is the list of destinations whose traffic this rule applies to.
-                        If any BaselineAdminNetworkPolicyEgressPeer matches the destination of outgoing
+                        If any element matches the destination of outgoing
                         traffic then the specified action is applied.
                         This field must be defined and contain at least one item.
                       items:
@@ -393,7 +393,7 @@ spec:
                     from:
                       description: |-
                         From is the list of sources whose traffic this rule applies to.
-                        If any AdminNetworkPolicyIngressPeer matches the source of incoming
+                        If any element matches the source of incoming
                         traffic then the specified action is applied.
                         This field must be defined and contain at least one item.
                       items:

npeps/npep-133-fqdn-egress-selector.md

@@ -130,8 +130,8 @@ type AdminNetworkPolicyEgressPeer struct {
     <snipped>
     // DomainNames provides a way to specify domain names as peers.
     // 
-    // DomainNames is only supported for ALLOW rules. In order to control
-    // access, DomainNames ALLOW rules should be used with a lower priority
+    // DomainNames is only supported for Allow rules. In order to control
+    // access, DomainNames Allow rules should be used with a lower priority
     // egress deny -- this allows the admin to maintain an explicit "allowlist"
     // of reachable domains.
     // 

site-src/npeps/npep-133-fqdn-egress-selector.md

@@ -130,8 +130,8 @@ type AdminNetworkPolicyEgressPeer struct {
     <snipped>
     // DomainNames provides a way to specify domain names as peers.
     // 
-    // DomainNames is only supported for ALLOW rules. In order to control
-    // access, DomainNames ALLOW rules should be used with a lower priority
+    // DomainNames is only supported for Allow rules. In order to control
+    // access, DomainNames Allow rules should be used with a lower priority
     // egress deny -- this allows the admin to maintain an explicit "allowlist"
     // of reachable domains.
     //