in pkg/authority/k8s/controller.go [155:218]
func CopyToAuthentication(key, rootNamespace string, pa *apiV1beta1.AuthenticationPolicy) *authentication.Policy {
a := &authentication.Policy{}
a.Name = key
a.Spec = &authentication.PolicySpec{}
a.Spec.Action = pa.Spec.Action
if pa.Spec.Selector != nil {
for _, selector := range pa.Spec.Selector {
r := &authentication.Selector{
Namespaces: selector.Namespaces,
NotNamespaces: selector.NotNamespaces,
IpBlocks: selector.IpBlocks,
NotIpBlocks: selector.NotIpBlocks,
Principals: selector.Principals,
NotPrincipals: selector.NotPrincipals,
}
if selector.Extends != nil {
for _, extends := range selector.Extends {
r.Extends = append(r.Extends, &authentication.Extend{
Key: extends.Key,
Value: extends.Value,
})
}
}
if selector.NotExtends != nil {
for _, notExtend := range selector.NotExtends {
r.NotExtends = append(r.NotExtends, &authentication.Extend{
Key: notExtend.Key,
Value: notExtend.Value,
})
}
}
a.Spec.Selector = append(a.Spec.Selector, r)
}
}
if pa.Spec.PortLevel != nil {
for _, portLevel := range pa.Spec.PortLevel {
r := &authentication.PortLevel{
Port: portLevel.Port,
Action: portLevel.Action,
}
a.Spec.PortLevel = append(a.Spec.PortLevel, r)
}
}
if rootNamespace == pa.Namespace {
return a
}
if len(a.Spec.Selector) == 0 {
a.Spec.Selector = append(a.Spec.Selector, &authentication.Selector{
Namespaces: []string{pa.Namespace},
})
} else {
for _, selector := range a.Spec.Selector {
if !slices.Contains(selector.Namespaces, pa.Namespace) {
selector.Namespaces = append(selector.Namespaces, pa.Namespace)
}
}
}
return a
}