From 59e69ceb1e1f0a9afb0b69bc3987ab0393fd1220 Mon Sep 17 00:00:00 2001
From: Jianjun Shen <shenj@vmware.com>
Date: Thu, 1 Oct 2020 22:13:38 -0700
Subject: [PATCH] Add SNATPolicy CRD

---
 hack/update-codegen-dockerized.sh    |  6 ++++
 pkg/apis/core/v1alpha2/types.go      | 24 +++++++++++++
 pkg/apis/egress/doc.go               | 18 ++++++++++
 pkg/apis/egress/register.go          | 20 +++++++++++
 pkg/apis/egress/v1alpha1/doc.go      | 19 ++++++++++
 pkg/apis/egress/v1alpha1/register.go | 53 ++++++++++++++++++++++++++++
 pkg/apis/egress/v1alpha1/types.go    | 52 +++++++++++++++++++++++++++
 7 files changed, 192 insertions(+)
 create mode 100644 pkg/apis/egress/doc.go
 create mode 100644 pkg/apis/egress/register.go
 create mode 100644 pkg/apis/egress/v1alpha1/doc.go
 create mode 100644 pkg/apis/egress/v1alpha1/register.go
 create mode 100644 pkg/apis/egress/v1alpha1/types.go

diff --git a/hack/update-codegen-dockerized.sh b/hack/update-codegen-dockerized.sh
index a1c969a8652..6d73a7d8f44 100755
--- a/hack/update-codegen-dockerized.sh
+++ b/hack/update-codegen-dockerized.sh
@@ -35,7 +35,9 @@ $GOPATH/bin/client-gen \
   --input "system/v1beta1" \
   --input "security/v1alpha1" \
   --input "core/v1alpha2" \
+  --input "networking/v1alpha1" \
   --input "ops/v1alpha1" \
+  --input "security/v1alpha1" \
   --input "stats/v1alpha1" \
   --output-package "${ANTREA_PKG}/pkg/client/clientset" \
   --plural-exceptions "NetworkPolicyStats:NetworkPolicyStats" \
@@ -48,6 +50,7 @@ $GOPATH/bin/lister-gen \
   --input-dirs "${ANTREA_PKG}/pkg/apis/security/v1alpha1,${ANTREA_PKG}/pkg/apis/core/v1alpha2" \
   --input-dirs "${ANTREA_PKG}/pkg/apis/ops/v1alpha1" \
   --input-dirs "${ANTREA_PKG}/pkg/apis/clusterinformation/v1beta1" \
+  --input-dirs "${ANTREA_PKG}/pkg/apis/core/v1alpha1,${ANTREA_PKG}/pkg/apis/networking/v1alpha1" \
   --output-package "${ANTREA_PKG}/pkg/client/listers" \
   --go-header-file hack/boilerplate/license_header.go.txt
 
@@ -56,6 +59,7 @@ $GOPATH/bin/informer-gen \
   --input-dirs "${ANTREA_PKG}/pkg/apis/security/v1alpha1,${ANTREA_PKG}/pkg/apis/core/v1alpha2" \
   --input-dirs "${ANTREA_PKG}/pkg/apis/ops/v1alpha1" \
   --input-dirs "${ANTREA_PKG}/pkg/apis/clusterinformation/v1beta1" \
+  --input-dirs "${ANTREA_PKG}/pkg/apis/core/v1alpha1,${ANTREA_PKG}/pkg/apis/networking/v1alpha1" \
   --versioned-clientset-package "${ANTREA_PKG}/pkg/client/clientset/versioned" \
   --listers-package "${ANTREA_PKG}/pkg/client/listers" \
   --output-package "${ANTREA_PKG}/pkg/client/informers" \
@@ -69,7 +73,9 @@ $GOPATH/bin/deepcopy-gen \
   --input-dirs "${ANTREA_PKG}/pkg/apis/system/v1beta1" \
   --input-dirs "${ANTREA_PKG}/pkg/apis/security/v1alpha1" \
   --input-dirs "${ANTREA_PKG}/pkg/apis/core/v1alpha2" \
+  --input-dirs "${ANTREA_PKG}/pkg/apis/networking/v1alpha1" \
   --input-dirs "${ANTREA_PKG}/pkg/apis/ops/v1alpha1" \
+  --input-dirs "${ANTREA_PKG}/pkg/apis/security/v1alpha1" \
   --input-dirs "${ANTREA_PKG}/pkg/apis/stats" \
   --input-dirs "${ANTREA_PKG}/pkg/apis/stats/v1alpha1" \
   -O zz_generated.deepcopy \
diff --git a/pkg/apis/core/v1alpha2/types.go b/pkg/apis/core/v1alpha2/types.go
index aba9d7b2780..c313a579076 100644
--- a/pkg/apis/core/v1alpha2/types.go
+++ b/pkg/apis/core/v1alpha2/types.go
@@ -155,3 +155,27 @@ type ClusterGroupList struct {
 
 	Items []ClusterGroup `json:"items,omitempty"`
 }
+
+// AppliedTo selects the entities to which a policy is applied.
+type AppliedTo struct {
+	// Selectors is the set of EntitySelectors that select entities.
+	// +optional
+	Selectors []EntitySelector `json:"selectors,omitempty"`
+	// Groups is the set of ClusterGroup names.
+	// +optional
+	Groups []string `json:"groups,omitempty"`
+}
+
+// EntitySelector includes the selectors that select the matched entities.
+type EntitySelector struct {
+	// Select Pods matched by this selector. If set with NamespaceSelector,
+	// Pods are matched from Namespaces matched by the NamespaceSelector;
+	// otherwise, Pods are matched from all Namespaces.
+	// +optional
+	PodSelector *metav1.LabelSelector `json:"podSelector,omitempty"`
+	// Select all Pods from Namespaces matched by this selector, as
+	// workloads in To/From fields. If set with PodSelector,
+	// Pods are matched from Namespaces matched by the NamespaceSelector.
+	// +optional
+	NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"`
+}
diff --git a/pkg/apis/egress/doc.go b/pkg/apis/egress/doc.go
new file mode 100644
index 00000000000..50b1c8199fb
--- /dev/null
+++ b/pkg/apis/egress/doc.go
@@ -0,0 +1,18 @@
+// Copyright 2021 Antrea Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +k8s:deepcopy-gen=package
+// +groupName=egress.antrea.tanzu.vmware.com
+
+package egress
diff --git a/pkg/apis/egress/register.go b/pkg/apis/egress/register.go
new file mode 100644
index 00000000000..36b3ed9d648
--- /dev/null
+++ b/pkg/apis/egress/register.go
@@ -0,0 +1,20 @@
+// Copyright 2021 Antrea Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package egress
+
+// GroupName is the group name used in this package
+const (
+	GroupName = "egress.antrea.tanzu.vmware.com"
+)
diff --git a/pkg/apis/egress/v1alpha1/doc.go b/pkg/apis/egress/v1alpha1/doc.go
new file mode 100644
index 00000000000..76f24976263
--- /dev/null
+++ b/pkg/apis/egress/v1alpha1/doc.go
@@ -0,0 +1,19 @@
+// Copyright 2021 Antrea Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +k8s:openapi-gen=true
+// +k8s:deepcopy-gen=package
+// +groupName=egress.antrea.tanzu.vmware.com
+
+package v1alpha1 // import "github.com/vmware-tanzu/antrea/pkg/apis/egress/v1alpha1"
diff --git a/pkg/apis/egress/v1alpha1/register.go b/pkg/apis/egress/v1alpha1/register.go
new file mode 100644
index 00000000000..354f8cb9685
--- /dev/null
+++ b/pkg/apis/egress/v1alpha1/register.go
@@ -0,0 +1,53 @@
+// Copyright 2021 Antrea Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+// GroupName is the group name used in this package.
+const GroupName = "egress.antrea.tanzu.vmware.com"
+
+// SchemeGroupVersion is group version used to register these objects.
+var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
+
+// Kind takes an unqualified kind and returns back a Group qualified GroupKind
+func Kind(kind string) schema.GroupKind {
+	return SchemeGroupVersion.WithKind(kind).GroupKind()
+}
+
+// Resource takes an unqualified resource and returns a Group qualified GroupResource.
+func Resource(resource string) schema.GroupResource {
+	return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
+
+var (
+	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
+	AddToScheme   = SchemeBuilder.AddToScheme
+)
+
+// Adds the list of known types to the given scheme.
+func addKnownTypes(scheme *runtime.Scheme) error {
+	scheme.AddKnownTypes(SchemeGroupVersion,
+		&Egress{},
+		&EgressList{},
+	)
+
+	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
+	return nil
+}
diff --git a/pkg/apis/egress/v1alpha1/types.go b/pkg/apis/egress/v1alpha1/types.go
new file mode 100644
index 00000000000..a2b2bccd3ac
--- /dev/null
+++ b/pkg/apis/egress/v1alpha1/types.go
@@ -0,0 +1,52 @@
+// Copyright 2021 Antrea Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	antreacore "github.com/vmware-tanzu/antrea/pkg/apis/core/v1alpha1"
+)
+
+// +genclient
+// +genclient:noStatus
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+type Egress struct {
+	metav1.TypeMeta `json:",inline"`
+	// Standard metadata of the object.
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Specification of the desired behavior of Egress.
+	Spec EgressSpec `json:"spec"`
+}
+
+// EgressSpec defines the desired state for Egress.
+type EgressSpec struct {
+	// AppliedTo selects Pods to which the Egress will be applied.
+	AppliedTo antreacore.AppliedTo `json:"appliedTo"`
+	// EgressIP specifies the SNAT IP address for the selected workloads.
+	EgressIP string
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+type EgressList struct {
+	metav1.TypeMeta `json:",inline"`
+	// +optional
+	metav1.ListMeta `json:"metadata,omitempty"`
+
+	Items []Egress `json:"items"`
+}