nginx
diff --git a/‎apis/v1alpha1/wafpolicy_types.go‎
Lines changed: 4 additions & 0 deletions b/‎apis/v1alpha1/wafpolicy_types.go‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎charts/nginx-gateway-fabric/templates/clusterrole.yaml‎
Lines changed: 2 additions & 0 deletions b/‎charts/nginx-gateway-fabric/templates/clusterrole.yaml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎config/crd/bases/gateway.nginx.org_wafpolicies.yaml‎
Lines changed: 6 additions & 0 deletions b/‎config/crd/bases/gateway.nginx.org_wafpolicies.yaml‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎deploy/azure/deploy.yaml‎
Lines changed: 2 additions & 0 deletions b/‎deploy/azure/deploy.yaml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎deploy/default/deploy.yaml‎
Lines changed: 2 additions & 0 deletions b/‎deploy/default/deploy.yaml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎deploy/experimental-nginx-plus/deploy.yaml‎
Lines changed: 2 additions & 0 deletions b/‎deploy/experimental-nginx-plus/deploy.yaml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎deploy/experimental/deploy.yaml‎
Lines changed: 2 additions & 0 deletions b/‎deploy/experimental/deploy.yaml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎deploy/nginx-plus/deploy.yaml‎
Lines changed: 2 additions & 0 deletions b/‎deploy/nginx-plus/deploy.yaml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎deploy/nodeport/deploy.yaml‎
Lines changed: 2 additions & 0 deletions b/‎deploy/nodeport/deploy.yaml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎deploy/openshift/deploy.yaml‎
Lines changed: 2 additions & 0 deletions b/‎deploy/openshift/deploy.yaml‎
Lines changed: 2 additions & 0 deletions
@@ -59,6 +59,10 @@ type WAFPolicySpec struct {
 }
 
 // WAFPolicySource defines the source location and configuration for fetching WAF policy bundles.
+//
+// +kubebuilder:validation:XValidation:message="policySource is required when securityLogs are specified",rule="!has(self.securityLogs) || has(self.policySource)"
+//
+//nolint:lll
 type WAFPolicySource struct {
 	// AuthSecret is the Secret containing authentication credentials for the WAF policy source.
 	//
 
@@ -109,6 +109,7 @@ rules:
   - clientsettingspolicies
   - observabilitypolicies
   - upstreamsettingspolicies
+  - wafpolicies
   {{- if .Values.nginxGateway.snippetsFilters.enable }}
   - snippetsfilters
   {{- end }}
@@ -122,6 +123,7 @@ rules:
   - clientsettingspolicies/status
   - observabilitypolicies/status
   - upstreamsettingspolicies/status
+  - wafpolicies/status
   {{- if .Values.nginxGateway.snippetsFilters.enable }}
   - snippetsfilters/status
   {{- end }}
 
@@ -151,6 +151,9 @@ spec:
                 required:
                 - fileLocation
                 type: object
+                x-kubernetes-validations:
+                - message: policySource is required when securityLogs are specified
+                  rule: '!has(self.securityLogs) || has(self.policySource)'
               securityLogs:
                 description: |-
                   SecurityLogs defines the security logging configuration for app_protect_security_log directives.
@@ -331,6 +334,9 @@ spec:
                       required:
                       - fileLocation
                       type: object
+                      x-kubernetes-validations:
+                      - message: policySource is required when securityLogs are specified
+                        rule: '!has(self.securityLogs) || has(self.policySource)'
                     name:
                       description: Name is the name of the security log configuration.
                       maxLength: 63
 
@@ -145,6 +145,7 @@ rules:
   - clientsettingspolicies
   - observabilitypolicies
   - upstreamsettingspolicies
+  - wafpolicies
   verbs:
   - list
   - watch
@@ -155,6 +156,7 @@ rules:
   - clientsettingspolicies/status
   - observabilitypolicies/status
   - upstreamsettingspolicies/status
+  - wafpolicies/status
   verbs:
   - update
 - apiGroups:
 
@@ -145,6 +145,7 @@ rules:
   - clientsettingspolicies
   - observabilitypolicies
   - upstreamsettingspolicies
+  - wafpolicies
   verbs:
   - list
   - watch
@@ -155,6 +156,7 @@ rules:
   - clientsettingspolicies/status
   - observabilitypolicies/status
   - upstreamsettingspolicies/status
+  - wafpolicies/status
   verbs:
   - update
 - apiGroups:
 
@@ -149,6 +149,7 @@ rules:
   - clientsettingspolicies
   - observabilitypolicies
   - upstreamsettingspolicies
+  - wafpolicies
   verbs:
   - list
   - watch
@@ -159,6 +160,7 @@ rules:
   - clientsettingspolicies/status
   - observabilitypolicies/status
   - upstreamsettingspolicies/status
+  - wafpolicies/status
   verbs:
   - update
 - apiGroups:
 
@@ -149,6 +149,7 @@ rules:
   - clientsettingspolicies
   - observabilitypolicies
   - upstreamsettingspolicies
+  - wafpolicies
   verbs:
   - list
   - watch
@@ -159,6 +160,7 @@ rules:
   - clientsettingspolicies/status
   - observabilitypolicies/status
   - upstreamsettingspolicies/status
+  - wafpolicies/status
   verbs:
   - update
 - apiGroups:
 
@@ -145,6 +145,7 @@ rules:
   - clientsettingspolicies
   - observabilitypolicies
   - upstreamsettingspolicies
+  - wafpolicies
   verbs:
   - list
   - watch
@@ -155,6 +156,7 @@ rules:
   - clientsettingspolicies/status
   - observabilitypolicies/status
   - upstreamsettingspolicies/status
+  - wafpolicies/status
   verbs:
   - update
 - apiGroups:
 
@@ -145,6 +145,7 @@ rules:
   - clientsettingspolicies
   - observabilitypolicies
   - upstreamsettingspolicies
+  - wafpolicies
   verbs:
   - list
   - watch
@@ -155,6 +156,7 @@ rules:
   - clientsettingspolicies/status
   - observabilitypolicies/status
   - upstreamsettingspolicies/status
+  - wafpolicies/status
   verbs:
   - update
 - apiGroups:
 
@@ -145,6 +145,7 @@ rules:
   - clientsettingspolicies
   - observabilitypolicies
   - upstreamsettingspolicies
+  - wafpolicies
   verbs:
   - list
   - watch
@@ -155,6 +156,7 @@ rules:
   - clientsettingspolicies/status
   - observabilitypolicies/status
   - upstreamsettingspolicies/status
+  - wafpolicies/status
   verbs:
   - update
 - apiGroups: