github/kubevela
1
0
Fork 0
mirror of https://github.com/kubevela/kubevela.git synced 2026-05-21 00:33:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
release-1.11
kubevela/pkg/cue/process/keyword.go
Brian Kane 38dea0b56c feat: application-scoped policies (#7067) 
Introduces application-scoped policies and global auto-applied policies
for KubeVela.

Key changes:
- PolicyDefinition gains `scope`, `global`, and `priority` fields
- Global policies (global=true, scope=Application) are auto-applied to
  every Application in their namespace (and vela-system globals apply
  cluster-wide) without being listed in spec.policies
- PolicyScopeIndex: in-memory singleton index of PolicyDefinition
  metadata, bootstrapped at startup and kept live via watch events.
  Follows KubeVela's 2-step lookup (local namespace → vela-system)
- ApplicationPolicyCache: per-app cache of rendered policy results,
  invalidated by spec hash, revision hash, or TTL; cleared on deletion
- Policy rendering pipeline extended to inject global policies before
  user-specified ones, respecting priority ordering
- Appfile.Context carries context.Context from controller into rendering
- Feature gates: EnableApplicationScopedPolicies and EnableGlobalPolicies
  (both Alpha, default false); admission webhook warns when a
  PolicyDefinition targets a disabled gate

Signed-off-by: Brian Kane <briankane1@gmail.com>
2026-03-19 07:58:15 -07:00

77 lines
3.4 KiB
Go
Raw Permalink Blame History

/*
Copyright 2022 The KubeVela Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package process
const (
// OutputFieldName is the reference of context base object
OutputFieldName = "output"
// OutputsFieldName is the reference of context Auxiliaries
OutputsFieldName = "outputs"
// ParameterFieldName is the keyword in CUE template to define users' input and the reference to the context parameter
ParameterFieldName = "parameter"
// ContextName is the name of context
ContextName = "name"
// ContextAppName is the appName of context
ContextAppName = "appName"
// ContextAppRevision is the revision name of app of context
ContextAppRevision = "appRevision"
// ContextAppRevisionNum is the revision num of app of context
ContextAppRevisionNum = "appRevisionNum"
// ContextAppLabels is the labels of app of context
ContextAppLabels = "appLabels"
// ContextAppAnnotations is the annotations of app of context
ContextAppAnnotations = "appAnnotations"
// ContextAppComponents is the components array of the app
ContextAppComponents = "appComponents"
// ContextAppWorkflow is the workflow object of the app
ContextAppWorkflow = "appWorkflow"
// ContextAppPolicies is the policies array of the app
ContextAppPolicies = "appPolicies"
// ContextNamespace is the namespace of the app
ContextNamespace = "namespace"
// ContextCluster is the cluster currently focusing on
ContextCluster = "cluster"
// ContextClusterVersion is the version object info of cluster
ContextClusterVersion = "clusterVersion"
// ContextPublishVersion is the publish version of the app
ContextPublishVersion = "publishVersion"
// ContextWorkflowName is the name of the workflow
ContextWorkflowName = "workflowName"
// OutputSecretName is used to store all secret names which are generated by cloud resource components
OutputSecretName = "outputSecretName"
// ContextCompRevisionName is the component revision name of context
ContextCompRevisionName = "revision"
// ContextComponents is the components of app
ContextComponents = "components"
// ContextComponentType is the component type of current trait binding with
ContextComponentType = "componentType"
// ContextDataArtifacts is used to store unstructured resources of components
ContextDataArtifacts = "artifacts"
// ContextReplicaKey is the key of replication in context
ContextReplicaKey = "replicaKey"
// ContextPolicyName is the instance name of the currently executing policy (from spec.policies[].name)
ContextPolicyName = "policyName"
// ContextPolicyType is the definition type of the currently executing policy (from spec.policies[].type)
ContextPolicyType = "policyType"
// ContextPolicyRevisionName is the DefinitionRevision name if versioned
ContextPolicyRevisionName = "policyRevisionName"
// ContextPolicyRevision is the revision number
ContextPolicyRevision = "policyRevision"
// ContextPolicyRevisionHash is the template content hash
ContextPolicyRevisionHash = "policyRevisionHash"
)
Reference in New Issue View Git Blame Copy Permalink