Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: improve api #157

Merged
merged 1 commit into from
Oct 29, 2023
Merged

feat: improve api #157

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 29 additions & 25 deletions .crds/json.kyverno.io_validatingpolicies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,40 +35,44 @@ spec:
description: Policy spec.
properties:
rules:
description: Rules is a list of Rule instances. A Policy contains
multiple rules and each rule can validate, mutate, or generate resources.
description: Rules is a list of ValidatingRule instances.
items:
description: ValidatingRule defines a validating rule.
properties:
assert:
description: Assert is used to validate matching resources.
properties:
all:
description: All allows specifying resources which will
description: All allows specifying assertions which will
be ANDed.
items:
description: Assertion contains an assertion tree associated
with a message.
properties:
check:
description: Check is the assertion check definition.
type: object
x-kubernetes-preserve-unknown-fields: true
message:
description: Message is the variable associated message.
description: Message is the message associated message.
type: string
required:
- check
type: object
type: array
any:
description: Any allows specifying resources which will
description: Any allows specifying assertions which will
be ORed.
items:
description: Assertion contains an assertion tree associated
with a message.
properties:
check:
description: Check is the assertion check definition.
type: object
x-kubernetes-preserve-unknown-fields: true
message:
description: Message is the variable associated message.
description: Message is the message associated message.
type: string
required:
- check
Expand All @@ -80,58 +84,55 @@ spec:
can be used during rule execution.
items:
description: ContextEntry adds variables and data sources
to a rule Context.
to a rule context.
properties:
name:
description: Name is the variable name.
description: Name is the entry name.
type: string
variable:
description: Variable defines an arbitrary JMESPath context
variable that can be defined inline.
description: Variable defines an arbitrary variable.
x-kubernetes-preserve-unknown-fields: true
required:
- name
type: object
type: array
exclude:
description: Exclude defines when this policy rule should not
be applied. The exclude criteria can include resource information
(e.g. kind, name, namespace, labels) and admission review
request information like the name or role.
be applied.
properties:
all:
description: All allows specifying resources which will
be ANDed.
description: All allows specifying assertion trees which
will be ANDed.
items:
description: Any can be any type.
type: object
x-kubernetes-preserve-unknown-fields: true
type: array
any:
description: Any allows specifying resources which will
be ORed.
description: Any allows specifying assertion trees which
will be ORed.
items:
description: Any can be any type.
type: object
x-kubernetes-preserve-unknown-fields: true
type: array
type: object
match:
description: Match defines when this policy rule should be applied.
The match criteria can include resource information (e.g.
kind, name, namespace, labels) and admission review request
information like the user name or role. At least one kind
is required.
properties:
all:
description: All allows specifying resources which will
be ANDed.
description: All allows specifying assertion trees which
will be ANDed.
items:
description: Any can be any type.
type: object
x-kubernetes-preserve-unknown-fields: true
type: array
any:
description: Any allows specifying resources which will
be ORed.
description: Any allows specifying assertion trees which
will be ORed.
items:
description: Any can be any type.
type: object
x-kubernetes-preserve-unknown-fields: true
type: array
Expand All @@ -142,9 +143,12 @@ spec:
maxLength: 63
type: string
required:
- assert
- name
type: object
type: array
required:
- rules
type: object
required:
- spec
Expand Down
39 changes: 25 additions & 14 deletions .schemas/json/_definitions.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16486,13 +16486,18 @@
"spec": {
"description": "Policy spec.",
"type": "object",
"required": [
"rules"
],
"properties": {
"rules": {
"description": "Rules is a list of Rule instances. A Policy contains multiple rules and each rule can validate, mutate, or generate resources.",
"description": "Rules is a list of ValidatingRule instances.",
"type": "array",
"items": {
"description": "ValidatingRule defines a validating rule.",
"type": "object",
"required": [
"assert",
"name"
],
"properties": {
Expand All @@ -16501,9 +16506,10 @@
"type": "object",
"properties": {
"all": {
"description": "All allows specifying resources which will be ANDed.",
"description": "All allows specifying assertions which will be ANDed.",
"type": "array",
"items": {
"description": "Assertion contains an assertion tree associated with a message.",
"type": "object",
"required": [
"check"
Expand All @@ -16514,16 +16520,17 @@
"x-kubernetes-preserve-unknown-fields": true
},
"message": {
"description": "Message is the variable associated message.",
"description": "Message is the message associated message.",
"type": "string"
}
}
}
},
"any": {
"description": "Any allows specifying resources which will be ORed.",
"description": "Any allows specifying assertions which will be ORed.",
"type": "array",
"items": {
"description": "Assertion contains an assertion tree associated with a message.",
"type": "object",
"required": [
"check"
Expand All @@ -16534,7 +16541,7 @@
"x-kubernetes-preserve-unknown-fields": true
},
"message": {
"description": "Message is the variable associated message.",
"description": "Message is the message associated message.",
"type": "string"
}
}
Expand All @@ -16546,58 +16553,62 @@
"description": "Context defines variables and data sources that can be used during rule execution.",
"type": "array",
"items": {
"description": "ContextEntry adds variables and data sources to a rule Context.",
"description": "ContextEntry adds variables and data sources to a rule context.",
"type": "object",
"required": [
"name"
],
"properties": {
"name": {
"description": "Name is the variable name.",
"description": "Name is the entry name.",
"type": "string"
},
"variable": {
"description": "Variable defines an arbitrary JMESPath context variable that can be defined inline.",
"description": "Variable defines an arbitrary variable.",
"x-kubernetes-preserve-unknown-fields": true
}
}
}
},
"exclude": {
"description": "Exclude defines when this policy rule should not be applied. The exclude criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the name or role.",
"description": "Exclude defines when this policy rule should not be applied.",
"type": "object",
"properties": {
"all": {
"description": "All allows specifying resources which will be ANDed.",
"description": "All allows specifying assertion trees which will be ANDed.",
"type": "array",
"items": {
"description": "Any can be any type.",
"x-kubernetes-preserve-unknown-fields": true
}
},
"any": {
"description": "Any allows specifying resources which will be ORed.",
"description": "Any allows specifying assertion trees which will be ORed.",
"type": "array",
"items": {
"description": "Any can be any type.",
"x-kubernetes-preserve-unknown-fields": true
}
}
}
},
"match": {
"description": "Match defines when this policy rule should be applied. The match criteria can include resource information (e.g. kind, name, namespace, labels) and admission review request information like the user name or role. At least one kind is required.",
"description": "Match defines when this policy rule should be applied.",
"type": "object",
"properties": {
"all": {
"description": "All allows specifying resources which will be ANDed.",
"description": "All allows specifying assertion trees which will be ANDed.",
"type": "array",
"items": {
"description": "Any can be any type.",
"x-kubernetes-preserve-unknown-fields": true
}
},
"any": {
"description": "Any allows specifying resources which will be ORed.",
"description": "Any allows specifying assertion trees which will be ORed.",
"type": "array",
"items": {
"description": "Any can be any type.",
"x-kubernetes-preserve-unknown-fields": true
}
}
Expand Down
Loading
Loading