diff --git a/config/milo/activity/policies/kustomization.yaml b/config/milo/activity/policies/kustomization.yaml index 7516c7f..e6a876f 100644 --- a/config/milo/activity/policies/kustomization.yaml +++ b/config/milo/activity/policies/kustomization.yaml @@ -11,7 +11,4 @@ resources: # gateway.networking.k8s.io kinds - gateway-policy.yaml - httproute-policy.yaml - - tcproute-policy.yaml - - udproute-policy.yaml - - tlsroute-policy.yaml - backendtlspolicy-policy.yaml diff --git a/config/milo/activity/policies/tcproute-policy.yaml b/config/milo/activity/policies/tcproute-policy.yaml deleted file mode 100644 index f3dfd73..0000000 --- a/config/milo/activity/policies/tcproute-policy.yaml +++ /dev/null @@ -1,45 +0,0 @@ -# ActivityPolicy for TCPRoute resources (gateway.networking.k8s.io). -# Defines how TCPRoute CRUD operations appear in activity timelines. -# -# TCPRoute resources route TCP traffic and have no user-facing display name field -# (spec.rules reference backend services). The resource name is used as the display -# string. All rules exclude system users to suppress reconciliation noise. -apiVersion: activity.miloapis.com/v1alpha1 -kind: ActivityPolicy -metadata: - name: gateway.networking.k8s.io-tcproute -spec: - resource: - apiGroup: gateway.networking.k8s.io - kind: TCPRoute - - auditRules: - # TCPRoute creation with spec available - - name: create - match: "!audit.user.username.startsWith('system:') && audit.verb == 'create' && has(audit.requestObject.spec)" - summary: "{{ actor }} created TCP route {{ link(audit.objectRef.name, audit.objectRef) }}" - - # TCPRoute creation fallback (no spec) - - name: create-fallback - match: "!audit.user.username.startsWith('system:') && audit.verb == 'create'" - summary: "{{ actor }} created {{ link('a TCP route', audit.objectRef) }}" - - # TCPRoute deletion with responseObject.spec available (response contains the deleted resource) - - name: delete - match: "!audit.user.username.startsWith('system:') && audit.verb == 'delete' && has(audit.responseObject.spec)" - summary: "{{ actor }} deleted TCP route {{ audit.objectRef.name }}" - - # TCPRoute deletion fallback (no spec on response) - - name: delete-fallback - match: "!audit.user.username.startsWith('system:') && audit.verb == 'delete'" - summary: "{{ actor }} deleted a TCP route" - - # TCPRoute update with spec available - excludes status subresource - - name: update - match: "!audit.user.username.startsWith('system:') && audit.verb in ['update', 'patch'] && !has(audit.objectRef.subresource) && has(audit.requestObject.spec)" - summary: "{{ actor }} updated TCP route {{ link(audit.objectRef.name, audit.objectRef) }}" - - # TCPRoute update fallback (no spec) - - name: update-fallback - match: "!audit.user.username.startsWith('system:') && audit.verb in ['update', 'patch'] && !has(audit.objectRef.subresource)" - summary: "{{ actor }} updated {{ link('a TCP route', audit.objectRef) }}" diff --git a/config/milo/activity/policies/tlsroute-policy.yaml b/config/milo/activity/policies/tlsroute-policy.yaml deleted file mode 100644 index aac1f67..0000000 --- a/config/milo/activity/policies/tlsroute-policy.yaml +++ /dev/null @@ -1,45 +0,0 @@ -# ActivityPolicy for TLSRoute resources (gateway.networking.k8s.io). -# Defines how TLSRoute CRUD operations appear in activity timelines. -# -# TLSRoute resources route TLS traffic based on SNI and have no user-facing -# display name field (spec.rules reference backend services). The resource name -# is used as the display string. All rules exclude system users to suppress noise. -apiVersion: activity.miloapis.com/v1alpha1 -kind: ActivityPolicy -metadata: - name: gateway.networking.k8s.io-tlsroute -spec: - resource: - apiGroup: gateway.networking.k8s.io - kind: TLSRoute - - auditRules: - # TLSRoute creation with spec available - - name: create - match: "!audit.user.username.startsWith('system:') && audit.verb == 'create' && has(audit.requestObject.spec)" - summary: "{{ actor }} created TLS route {{ link(audit.objectRef.name, audit.objectRef) }}" - - # TLSRoute creation fallback (no spec) - - name: create-fallback - match: "!audit.user.username.startsWith('system:') && audit.verb == 'create'" - summary: "{{ actor }} created {{ link('a TLS route', audit.objectRef) }}" - - # TLSRoute deletion with responseObject.spec available (response contains the deleted resource) - - name: delete - match: "!audit.user.username.startsWith('system:') && audit.verb == 'delete' && has(audit.responseObject.spec)" - summary: "{{ actor }} deleted TLS route {{ audit.objectRef.name }}" - - # TLSRoute deletion fallback (no spec on response) - - name: delete-fallback - match: "!audit.user.username.startsWith('system:') && audit.verb == 'delete'" - summary: "{{ actor }} deleted a TLS route" - - # TLSRoute update with spec available - excludes status subresource - - name: update - match: "!audit.user.username.startsWith('system:') && audit.verb in ['update', 'patch'] && !has(audit.objectRef.subresource) && has(audit.requestObject.spec)" - summary: "{{ actor }} updated TLS route {{ link(audit.objectRef.name, audit.objectRef) }}" - - # TLSRoute update fallback (no spec) - - name: update-fallback - match: "!audit.user.username.startsWith('system:') && audit.verb in ['update', 'patch'] && !has(audit.objectRef.subresource)" - summary: "{{ actor }} updated {{ link('a TLS route', audit.objectRef) }}" diff --git a/config/milo/activity/policies/udproute-policy.yaml b/config/milo/activity/policies/udproute-policy.yaml deleted file mode 100644 index 966a43f..0000000 --- a/config/milo/activity/policies/udproute-policy.yaml +++ /dev/null @@ -1,45 +0,0 @@ -# ActivityPolicy for UDPRoute resources (gateway.networking.k8s.io). -# Defines how UDPRoute CRUD operations appear in activity timelines. -# -# UDPRoute resources route UDP traffic and have no user-facing display name field -# (spec.rules reference backend services). The resource name is used as the display -# string. All rules exclude system users to suppress reconciliation noise. -apiVersion: activity.miloapis.com/v1alpha1 -kind: ActivityPolicy -metadata: - name: gateway.networking.k8s.io-udproute -spec: - resource: - apiGroup: gateway.networking.k8s.io - kind: UDPRoute - - auditRules: - # UDPRoute creation with spec available - - name: create - match: "!audit.user.username.startsWith('system:') && audit.verb == 'create' && has(audit.requestObject.spec)" - summary: "{{ actor }} created UDP route {{ link(audit.objectRef.name, audit.objectRef) }}" - - # UDPRoute creation fallback (no spec) - - name: create-fallback - match: "!audit.user.username.startsWith('system:') && audit.verb == 'create'" - summary: "{{ actor }} created {{ link('a UDP route', audit.objectRef) }}" - - # UDPRoute deletion with responseObject.spec available (response contains the deleted resource) - - name: delete - match: "!audit.user.username.startsWith('system:') && audit.verb == 'delete' && has(audit.responseObject.spec)" - summary: "{{ actor }} deleted UDP route {{ audit.objectRef.name }}" - - # UDPRoute deletion fallback (no spec on response) - - name: delete-fallback - match: "!audit.user.username.startsWith('system:') && audit.verb == 'delete'" - summary: "{{ actor }} deleted a UDP route" - - # UDPRoute update with spec available - excludes status subresource - - name: update - match: "!audit.user.username.startsWith('system:') && audit.verb in ['update', 'patch'] && !has(audit.objectRef.subresource) && has(audit.requestObject.spec)" - summary: "{{ actor }} updated UDP route {{ link(audit.objectRef.name, audit.objectRef) }}" - - # UDPRoute update fallback (no spec) - - name: update-fallback - match: "!audit.user.username.startsWith('system:') && audit.verb in ['update', 'patch'] && !has(audit.objectRef.subresource)" - summary: "{{ actor }} updated {{ link('a UDP route', audit.objectRef) }}"