Skip to content

feat(securitypolicy): add MergeType support for policy merging #7918

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
rajatvig wants to merge 28 commits into
base: main
Choose a base branch
from
Open

feat(securitypolicy): add MergeType support for policy merging #7918

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
c8b4bdc
feat(securitypolicy): add MergeType support for policy merging
rajatvig Jan 12, 2026
d1d61ae
chore: drop unusable annotations and add in generatedfiles
rajatvig Jan 13, 2026
edff170
chore: add release notes
rajatvig Jan 13, 2026
8792f98
test: add e2e test
rajatvig Jan 13, 2026
5e5372d
chore: add more test coverage
rajatvig Jan 13, 2026
1c62ff2
Merge remote-tracking branch 'upstream/main' into feat/security-polic…
rajatvig Jan 13, 2026
09e0b17
chore: fix e2e test
rajatvig Jan 18, 2026
5cacf84
Merge remote-tracking branch 'upstream/main' into feat/security-polic…
rajatvig Jan 18, 2026
a190a39
chore: add test data files for security policy
rajatvig Jan 18, 2026
6cd2177
chore: add docs
rajatvig Jan 18, 2026
d51f188
fix: simplify e2e test
rajatvig Jan 19, 2026
bfcc540
Merge branch 'main' into feat/security-policy-merge
rajatvig Jan 19, 2026
96db222
fix: address feedback and update docs on secrets issues when merging …
rajatvig Jan 24, 2026
3150f9d
Merge remote-tracking branch 'upstream/main' into feat/security-polic…
rajatvig Jan 24, 2026
c3d1e18
Merge remote-tracking branch 'upstream/main' into feat/security-polic…
rajatvig Jan 25, 2026
815025f
chore: fix generated code
rajatvig Jan 25, 2026
cc1d153
Merge branch 'main' into feat/security-policy-merge
rajatvig Jan 26, 2026
ed35567
Merge branch 'main' into feat/security-policy-merge
rajatvig Jan 26, 2026
52b7bb2
Merge branch 'main' into feat/security-policy-merge
zhaohuabing Jan 27, 2026
0885bb6
Merge branch 'main' into feat/security-policy-merge
zhaohuabing Jan 28, 2026
7c56302
Merge branch 'main' into feat/security-policy-merge
zhaohuabing Jan 28, 2026
7d0261d
address feedback for multiple IR sends and write a test case to asser…
rajatvig Jan 31, 2026
925ade7
Merge remote-tracking branch 'upstream/main' into feat/security-polic…
rajatvig Jan 31, 2026
a826120
Merge branch 'main' into feat/security-policy-merge
rajatvig Feb 6, 2026
dbc78fa
Merge remote-tracking branch 'upstream/main' into feat/security-polic…
rajatvig Feb 9, 2026
e3ea6aa
Merge remote-tracking branch 'upstream/main' into feat/security-polic…
rajatvig Feb 11, 2026
4cf5271
chore: add generted code
rajatvig Feb 11, 2026
215388d
Merge remote-tracking branch 'upstream/main' into feat/security-polic…
rajatvig Feb 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions api/v1alpha1/securitypolicy_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,15 @@ type SecurityPolicy struct {
type SecurityPolicySpec struct {
PolicyTargetReferences `json:",inline"`

// MergeType determines how this configuration is merged with existing SecurityPolicy
// configurations targeting a parent resource. When set, this configuration will be merged
// into a parent SecurityPolicy (i.e. the one targeting a Gateway or Listener).
// This field cannot be set when targeting a parent resource (Gateway).
// If unset, no merging occurs, and only the most specific configuration takes effect.
//
// +optional
MergeType *MergeType `json:"mergeType,omitempty"`

// APIKeyAuth defines the configuration for the API Key Authentication.
//
// +optional
Expand Down
5 changes: 5 additions & 0 deletions api/v1alpha1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 8 additions & 0 deletions charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_securitypolicies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4368,6 +4368,14 @@ spec:
required:
- providers
type: object
mergeType:
description: |-
MergeType determines how this configuration is merged with existing SecurityPolicy
configurations targeting a parent resource. When set, this configuration will be merged
into a parent SecurityPolicy (i.e. the one targeting a Gateway or Listener).
This field cannot be set when targeting a parent resource (Gateway).
If unset, no merging occurs, and only the most specific configuration takes effect.
type: string
oidc:
description: OIDC defines the configuration for the OpenID Connect
(OIDC) authentication.
Expand Down
8 changes: 8 additions & 0 deletions charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4367,6 +4367,14 @@ spec:
required:
- providers
type: object
mergeType:
description: |-
MergeType determines how this configuration is merged with existing SecurityPolicy
configurations targeting a parent resource. When set, this configuration will be merged
into a parent SecurityPolicy (i.e. the one targeting a Gateway or Listener).
This field cannot be set when targeting a parent resource (Gateway).
If unset, no merging occurs, and only the most specific configuration takes effect.
type: string
oidc:
description: OIDC defines the configuration for the OpenID Connect
(OIDC) authentication.
Expand Down
Loading
Loading