Change to sensible path defaults

ciarams87 · ciarams87 · commit 9b8d48e74a22 · 2025-06-11T17:27:14.000+01:00
diff --git a/apis/v1alpha1/wafpolicy_types.go b/apis/v1alpha1/wafpolicy_types.go
@@ -38,8 +38,8 @@ type WAFPolicyList struct {
 type WAFPolicySpec struct {
 	// PolicySource defines the source location and configuration for the compiled WAF policy bundle.
 	//
-	// +kubebuilder:validation:Required
-	PolicySource WAFPolicySource `json:"policySource"`
+	// +optional
+	PolicySource *WAFPolicySource `json:"policySource,omitempty"`
 
 	// TargetRef identifies an API object to apply the policy to.
 	// Object must be in the same namespace as the policy.
@@ -88,7 +88,7 @@ type WAFPolicySource struct {
 	// FileLocation defines the location of the WAF policy file.
 	//
 	// +kubebuilder:validation:MinLength=1
-	// +kubebuilder:validation:MaxLength=2048
+	// +kubebuilder:validation:MaxLength=256
 	FileLocation string `json:"fileLocation"`
 }
 
@@ -127,7 +127,7 @@ const (
 // WAFPolicyPolling defines the polling configuration for automatic WAF policy change detection.
 type WAFPolicyPolling struct {
 	// Enabled indicates whether polling is enabled for automatic WAF policy change detection.
-	// When enabled, NGF will periodically check for policy changes using checksum validation.
+	// When enabled, NGINX Gateway Fabric will periodically check for policy changes using checksum validation.
 	//
 	// +optional
 	// +kubebuilder:default=false
@@ -163,7 +163,6 @@ type WAFPolicyRetry struct {
 	// Supported values: "exponential", "linear"
 	//
 	// +optional
-	// +kubebuilder:validation:Enum=exponential;linear
 	// +kubebuilder:default="exponential"
 	Backoff *WAFPolicyRetryBackoff `json:"backoff,omitempty"`
 
@@ -241,7 +240,7 @@ type SecurityLogDestination struct {
 	// Type identifies the type of security log destination.
 	//
 	// +unionDiscriminator
-	// +kubebuilder:default=stderr
+	// +kubebuilder:default:=stderr
 	Type SecurityLogDestinationType `json:"type"`
 }
 
@@ -265,7 +264,7 @@ type SecurityLogFile struct {
 	// Must be accessible to the waf-enforcer container.
 	//
 	// +kubebuilder:validation:MinLength=1
-	// +kubebuilder:validation:MaxLength=4096
+	// +kubebuilder:validation:MaxLength=256
 	// +kubebuilder:validation:Pattern=`^/.*$`
 	Path string `json:"path"`
 }
@@ -281,6 +280,7 @@ type SecurityLogSyslog struct {
 }
 
 // LogProfile defines the built-in logging profiles available in NGINX App Protect.
+//
 // +kubebuilder:validation:Enum=log_default;log_all;log_illegal;log_blocked;log_grpc_all;log_grpc_blocked;log_grpc_illegal
 //
 //nolint:lll
diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/gateway.nginx.org_wafpolicies.yaml b/config/crd/bases/gateway.nginx.org_wafpolicies.yaml
@@ -68,11 +68,9 @@ spec:
                     - name
                     type: object
                   fileLocation:
-                    description: |-
-                      FileLocation defines the location of the WAF policy file.
-                      Supports various protocols: s3://, https://, http://, file://
-                      Examples: "s3://bucket/policy.tgz", "https://example.com/policy.tgz"
-                    maxLength: 2048
+                    description: FileLocation defines the location of the WAF policy
+                      file.
+                    maxLength: 256
                     minLength: 1
                     type: string
                   polling:
@@ -89,7 +87,7 @@ spec:
                         default: false
                         description: |-
                           Enabled indicates whether polling is enabled for automatic WAF policy change detection.
-                          When enabled, NGF will periodically check for policy changes using checksum validation.
+                          When enabled, NGINX Gateway Fabric will periodically check for policy changes using checksum validation.
                         type: boolean
                       interval:
                         default: 5m
@@ -113,17 +111,13 @@ spec:
                         minimum: 0
                         type: integer
                       backoff:
-                        allOf:
-                        - enum:
-                          - exponential
-                          - linear
-                        - enum:
-                          - exponential
-                          - linear
                         default: exponential
                         description: |-
                           Backoff defines the backoff strategy for retry attempts.
                           Supported values: "exponential", "linear"
+                        enum:
+                        - exponential
+                        - linear
                         type: string
                       maxDelay:
                         default: 5m
@@ -180,7 +174,7 @@ spec:
                               description: |-
                                 Path is the file path where security logs will be written.
                                 Must be accessible to the waf-enforcer container.
-                              maxLength: 4096
+                              maxLength: 256
                               minLength: 1
                               pattern: ^/.*$
                               type: string
@@ -255,11 +249,9 @@ spec:
                           - name
                           type: object
                         fileLocation:
-                          description: |-
-                            FileLocation defines the location of the WAF policy file.
-                            Supports various protocols: s3://, https://, http://, file://
-                            Examples: "s3://bucket/policy.tgz", "https://example.com/policy.tgz"
-                          maxLength: 2048
+                          description: FileLocation defines the location of the WAF
+                            policy file.
+                          maxLength: 256
                           minLength: 1
                           type: string
                         polling:
@@ -276,7 +268,7 @@ spec:
                               default: false
                               description: |-
                                 Enabled indicates whether polling is enabled for automatic WAF policy change detection.
-                                When enabled, NGF will periodically check for policy changes using checksum validation.
+                                When enabled, NGINX Gateway Fabric will periodically check for policy changes using checksum validation.
                               type: boolean
                             interval:
                               default: 5m
@@ -300,17 +292,13 @@ spec:
                               minimum: 0
                               type: integer
                             backoff:
-                              allOf:
-                              - enum:
-                                - exponential
-                                - linear
-                              - enum:
-                                - exponential
-                                - linear
                               default: exponential
                               description: |-
                                 Backoff defines the backoff strategy for retry attempts.
                                 Supported values: "exponential", "linear"
+                              enum:
+                              - exponential
+                              - linear
                               type: string
                             maxDelay:
                               default: 5m
@@ -396,7 +384,6 @@ spec:
                 - message: TargetRef Group must be gateway.networking.k8s.io.
                   rule: (self.group=='gateway.networking.k8s.io')
             required:
-            - policySource
             - targetRef
             type: object
           status:
