Skip to content

Commit

Permalink
feat: improve api (#157)
Browse files Browse the repository at this point in the history 
Signed-off-by: Charles-Edouard Brétéché <[email protected]>
  • Loading branch information
@eddycharly
eddycharly authored Oct 29, 2023
1 parent a33ddb1 commit 9c25481
Show file tree
Hide file tree
Showing 17 changed files with 231 additions and 168 deletions.
54 changes: 29 additions & 25 deletions .crds/json.kyverno.io_validatingpolicies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,40 +35,44 @@ spec:
description: Policy spec.
properties:
rules:
description: Rules is a list of Rule instances. A Policy contains
multiple rules and each rule can validate, mutate, or generate resources.
description: Rules is a list of ValidatingRule instances.
items:
description: ValidatingRule defines a validating rule.
properties:
assert:
description: Assert is used to validate matching resources.
properties:
all:
description: All allows specifying resources which will
description: All allows specifying assertions which will
be ANDed.
items:
description: Assertion contains an assertion tree associated
with a message.
properties:
check:
description: Check is the assertion check definition.
type: object
x-kubernetes-preserve-unknown-fields: true
message:
description: Message is the variable associated message.
description: Message is the message associated message.
type: string
required:
- check
type: object
type: array
any:
description: Any allows specifying resources which will
description: Any allows specifying assertions which will
be ORed.
items:
description: Assertion contains an assertion tree associated
with a message.
properties:
check:
description: Check is the assertion check definition.
type: object
x-kubernetes-preserve-unknown-fields: true
message:
description: Message is the variable associated message.
description: Message is the message associated message.
type: string
required:
- check
Expand All @@ -80,58 +84,55 @@ spec:
can be used during rule execution.
items:
description: ContextEntry adds variables and data sources
to a rule Context.
to a rule context.
properties:
name:
description: Name is the variable name.
description: Name is the entry name.
type: string
variable:
description: Variable defines an arbitrary JMESPath context
variable that can be defined inline.
description: Variable defines an arbitrary variable.
x-kubernetes-preserve-unknown-fields: true
required:
- name
type: object
type: array
exclude:
description: Exclude defines when this policy rule should not
be applied. The exclude criteria can include resource information
(e.g. kind, name, namespace, labels) and admission review
request information like the name or role.
be applied.
properties:
all:
description: All allows specifying resources which will
be ANDed.
description: All allows specifying assertion trees which
will be ANDed.
items:
description: Any can be any type.
type: object
x-kubernetes-preserve-unknown-fields: true
type: array
any:
description: Any allows specifying resources which will
be ORed.
description: Any allows specifying assertion trees which
will be ORed.
items:
description: Any can be any type.
type: object
x-kubernetes-preserve-unknown-fields: true
type: array
type: object
match:
description: Match defines when this policy rule should be applied.
The match criteria can include resource information (e.g.
kind, name, namespace, labels) and admission review request
information like the user name or role. At least one kind
is required.
properties:
all:
description: All allows specifying resources which will
be ANDed.
description: All allows specifying assertion trees which
will be ANDed.
items:
description: Any can be any type.
type: object
x-kubernetes-preserve-unknown-fields: true
type: array
any:
description: Any allows specifying resources which will
be ORed.
description: Any allows specifying assertion trees which
will be ORed.
items:
description: Any can be any type.
type: object
x-kubernetes-preserve-unknown-fields: true
type: array
Expand All @@ -142,9 +143,12 @@ spec:
maxLength: 63
type: string
required:
- assert
- name
type: object
type: array
required:
- rules
type: object
required:
- spec
Expand Down
39 changes: 25 additions & 14 deletions .schemas/json/_definitions.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16486,13 +16486,18 @@
"spec": {
"description": "Policy spec.",
"type": "object",
"required": [
"rules"
],
"properties": {
"rules": {
"description": "Rules is a list of Rule instances. A Policy contains multiple rules and each rule can validate, mutate, or generate resources.",
"description": "Rules is a list of ValidatingRule instances.",
"type": "array",
"items": {
"description": "ValidatingRule defines a validating rule.",
"type": "object",
"required": [
"assert",
"name"
],
"properties": {
Expand All @@ -16501,9 +16506,10 @@
"type": "object",
"properties": {
"all": {
"description": "All allows specifying resources which will be ANDed.",
"description": "All allows specifying assertions which will be ANDed.",
"type": "array",
"items": {
"description": "Assertion contains an assertion tree associated with a message.",
"type": "object",
"required": [
"check"
Expand All @@ -16514,16 +16520,17 @@
"x-kubernetes-preserve-unknown-fields": true
},
"message": {
"description": "Message is the variable associated message.",
"description": "Message is the message associated message.",
"type": "string"
}
}
}
},
"any": {
"description": "Any allows specifying resources which will be ORed.",
"description": "Any allows specifying assertions which will be ORed.",
"type": "array",
"items": {
"description": "Assertion contains an assertion tree associated with a message.",
"type": "object",
"required": [
"check"
Expand All @@ -16534,7 +16541,7 @@
"x-kubernetes-preserve-unknown-fields": true
},
"message": {
"description": "Message is the variable associated message.",
"description": "Message is the message associated message.",
"type": "string"
}
}
Expand All @@ -16546,58 +16553,62 @@
"description": "Context defines variables and data sources that can be used during rule execution.",
"type": "array",
"items": {
"description": "ContextEntry adds variables and data sources to a rule Context.",
"description": "ContextEntry adds variables and data sources to a rule context.",
"type": "object",
"required": [
"name"
],
"properties": {
"name": {
"description": "Name is the variable name.",
"description": "Name is the entry name.",
"type": "string"
},
"variable": {
"description": "Variable defines an arbitrary JMESPath context variable that can be defined inline.",
"description": "Variable defines an arbitrary variable.",
"x-kubernetes-preserve-unknown-fields": true
}
}
}
},
"exclude": {
"description": "Exclude defines when this policy rule should not be applied. The exclude criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the name or role.",
"description": "Exclude defines when this policy rule should not be applied.",
"type": "object",
"properties": {
"all": {
"description": "All allows specifying resources which will be ANDed.",
"description": "All allows specifying assertion trees which will be ANDed.",
"type": "array",
"items": {
"description": "Any can be any type.",
"x-kubernetes-preserve-unknown-fields": true
}
},
"any": {
"description": "Any allows specifying resources which will be ORed.",
"description": "Any allows specifying assertion trees which will be ORed.",
"type": "array",
"items": {
"description": "Any can be any type.",
"x-kubernetes-preserve-unknown-fields": true
}
}
}
},
"match": {
"description": "Match defines when this policy rule should be applied. The match criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the user name or role. At least one kind is required.",
"description": "Match defines when this policy rule should be applied.",
"type": "object",
"properties": {
"all": {
"description": "All allows specifying resources which will be ANDed.",
"description": "All allows specifying assertion trees which will be ANDed.",
"type": "array",
"items": {
"description": "Any can be any type.",
"x-kubernetes-preserve-unknown-fields": true
}
},
"any": {
"description": "Any allows specifying resources which will be ORed.",
"description": "Any allows specifying assertion trees which will be ORed.",
"type": "array",
"items": {
"description": "Any can be any type.",
"x-kubernetes-preserve-unknown-fields": true
}
}
Expand Down
Loading

0 comments on commit 9c25481

Please sign in to comment.