2023-09-22 11:53:19 +02:00
|
|
|
---
|
|
|
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
|
|
|
kind: CustomResourceDefinition
|
|
|
|
|
metadata:
|
|
|
|
|
annotations:
|
2024-08-03 00:19:35 +02:00
|
|
|
controller-gen.kubebuilder.io/version: (devel)
|
2023-09-22 11:53:19 +02:00
|
|
|
name: policyexceptions.kyverno.io
|
|
|
|
|
spec:
|
|
|
|
|
group: kyverno.io
|
|
|
|
|
names:
|
|
|
|
|
categories:
|
|
|
|
|
- kyverno
|
|
|
|
|
kind: PolicyException
|
|
|
|
|
listKind: PolicyExceptionList
|
|
|
|
|
plural: policyexceptions
|
|
|
|
|
shortNames:
|
|
|
|
|
- polex
|
|
|
|
|
singular: policyexception
|
|
|
|
|
scope: Namespaced
|
|
|
|
|
versions:
|
2023-12-19 12:43:39 +02:00
|
|
|
- name: v2
|
|
|
|
|
schema:
|
|
|
|
|
openAPIV3Schema:
|
|
|
|
|
description: PolicyException declares resources to be excluded from specified
|
|
|
|
|
policies.
|
|
|
|
|
properties:
|
|
|
|
|
apiVersion:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
APIVersion defines the versioned schema of this representation of an object.
|
|
|
|
|
Servers should convert recognized schemas to the latest internal value, and
|
|
|
|
|
may reject unrecognized values.
|
|
|
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
2023-12-19 12:43:39 +02:00
|
|
|
type: string
|
|
|
|
|
kind:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Kind is a string value representing the REST resource this object represents.
|
|
|
|
|
Servers may infer this from the endpoint the client submits requests to.
|
|
|
|
|
Cannot be updated.
|
|
|
|
|
In CamelCase.
|
|
|
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
2023-12-19 12:43:39 +02:00
|
|
|
type: string
|
|
|
|
|
metadata:
|
|
|
|
|
type: object
|
|
|
|
|
spec:
|
|
|
|
|
description: Spec declares policy exception behaviors.
|
|
|
|
|
properties:
|
|
|
|
|
background:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Background controls if exceptions are applied to existing policies during a background scan.
|
|
|
|
|
Optional. Default value is "true". The value must be set to "false" if the policy rule
|
|
|
|
|
uses variables that are only available in the admission review request (e.g. user name).
|
2023-12-19 12:43:39 +02:00
|
|
|
type: boolean
|
|
|
|
|
conditions:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Conditions are used to determine if a resource applies to the exception by evaluating a
|
|
|
|
|
set of conditions. The declaration can contain nested `any` or `all` statements.
|
2023-12-19 12:43:39 +02:00
|
|
|
properties:
|
|
|
|
|
all:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
AllConditions enable variable-based conditional rule execution. This is useful for
|
|
|
|
|
finer control of when an rule is applied. A condition can reference object data
|
|
|
|
|
using JMESPath notation.
|
|
|
|
|
Here, all of the conditions need to pass.
|
2023-12-19 12:43:39 +02:00
|
|
|
items:
|
|
|
|
|
properties:
|
|
|
|
|
key:
|
|
|
|
|
description: Key is the context entry (using JMESPath) for
|
|
|
|
|
conditional rule evaluation.
|
|
|
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
|
|
|
message:
|
|
|
|
|
description: Message is an optional display message
|
|
|
|
|
type: string
|
|
|
|
|
operator:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Operator is the conditional operation to perform. Valid operators are:
|
|
|
|
|
Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,
|
|
|
|
|
GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,
|
|
|
|
|
DurationLessThanOrEquals, DurationLessThan
|
2023-12-19 12:43:39 +02:00
|
|
|
enum:
|
|
|
|
|
- Equals
|
|
|
|
|
- NotEquals
|
|
|
|
|
- AnyIn
|
|
|
|
|
- AllIn
|
|
|
|
|
- AnyNotIn
|
|
|
|
|
- AllNotIn
|
|
|
|
|
- GreaterThanOrEquals
|
|
|
|
|
- GreaterThan
|
|
|
|
|
- LessThanOrEquals
|
|
|
|
|
- LessThan
|
|
|
|
|
- DurationGreaterThanOrEquals
|
|
|
|
|
- DurationGreaterThan
|
|
|
|
|
- DurationLessThanOrEquals
|
|
|
|
|
- DurationLessThan
|
|
|
|
|
type: string
|
|
|
|
|
value:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Value is the conditional value, or set of values. The values can be fixed set
|
|
|
|
|
or can be variables declared using JMESPath.
|
2023-12-19 12:43:39 +02:00
|
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
|
|
|
|
any:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
AnyConditions enable variable-based conditional rule execution. This is useful for
|
|
|
|
|
finer control of when an rule is applied. A condition can reference object data
|
|
|
|
|
using JMESPath notation.
|
|
|
|
|
Here, at least one of the conditions need to pass.
|
2023-12-19 12:43:39 +02:00
|
|
|
items:
|
|
|
|
|
properties:
|
|
|
|
|
key:
|
|
|
|
|
description: Key is the context entry (using JMESPath) for
|
|
|
|
|
conditional rule evaluation.
|
|
|
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
|
|
|
message:
|
|
|
|
|
description: Message is an optional display message
|
|
|
|
|
type: string
|
|
|
|
|
operator:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Operator is the conditional operation to perform. Valid operators are:
|
|
|
|
|
Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,
|
|
|
|
|
GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,
|
|
|
|
|
DurationLessThanOrEquals, DurationLessThan
|
2023-12-19 12:43:39 +02:00
|
|
|
enum:
|
|
|
|
|
- Equals
|
|
|
|
|
- NotEquals
|
|
|
|
|
- AnyIn
|
|
|
|
|
- AllIn
|
|
|
|
|
- AnyNotIn
|
|
|
|
|
- AllNotIn
|
|
|
|
|
- GreaterThanOrEquals
|
|
|
|
|
- GreaterThan
|
|
|
|
|
- LessThanOrEquals
|
|
|
|
|
- LessThan
|
|
|
|
|
- DurationGreaterThanOrEquals
|
|
|
|
|
- DurationGreaterThan
|
|
|
|
|
- DurationLessThanOrEquals
|
|
|
|
|
- DurationLessThan
|
|
|
|
|
type: string
|
|
|
|
|
value:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Value is the conditional value, or set of values. The values can be fixed set
|
|
|
|
|
or can be variables declared using JMESPath.
|
2023-12-19 12:43:39 +02:00
|
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
|
|
|
|
type: object
|
|
|
|
|
exceptions:
|
|
|
|
|
description: Exceptions is a list policy/rules to be excluded
|
|
|
|
|
items:
|
|
|
|
|
description: Exception stores infos about a policy and rules
|
|
|
|
|
properties:
|
|
|
|
|
policyName:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
PolicyName identifies the policy to which the exception is applied.
|
|
|
|
|
The policy name uses the format <namespace>/<name> unless it
|
|
|
|
|
references a ClusterPolicy.
|
2023-12-19 12:43:39 +02:00
|
|
|
type: string
|
|
|
|
|
ruleNames:
|
|
|
|
|
description: RuleNames identifies the rules to which the exception
|
|
|
|
|
is applied.
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
required:
|
|
|
|
|
- policyName
|
|
|
|
|
- ruleNames
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
|
|
|
|
match:
|
|
|
|
|
description: Match defines match clause used to check if a resource
|
|
|
|
|
applies to the exception
|
2024-09-04 20:00:50 +02:00
|
|
|
not:
|
|
|
|
|
required:
|
|
|
|
|
- any
|
|
|
|
|
- all
|
2023-12-19 12:43:39 +02:00
|
|
|
properties:
|
|
|
|
|
all:
|
|
|
|
|
description: All allows specifying resources which will be ANDed
|
|
|
|
|
items:
|
|
|
|
|
description: ResourceFilter allow users to "AND" or "OR" between
|
|
|
|
|
resources
|
|
|
|
|
properties:
|
|
|
|
|
clusterRoles:
|
|
|
|
|
description: ClusterRoles is the list of cluster-wide role
|
|
|
|
|
names for the user.
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
resources:
|
|
|
|
|
description: ResourceDescription contains information about
|
|
|
|
|
the resource being created or modified.
|
2024-09-04 11:02:57 +02:00
|
|
|
not:
|
|
|
|
|
required:
|
|
|
|
|
- name
|
|
|
|
|
- names
|
2023-12-19 12:43:39 +02:00
|
|
|
properties:
|
|
|
|
|
annotations:
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: string
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Annotations is a map of annotations (key-value pairs of type string). Annotation keys
|
|
|
|
|
and values support the wildcard characters "*" (matches zero or many characters) and
|
|
|
|
|
"?" (matches at least one character).
|
2023-12-19 12:43:39 +02:00
|
|
|
type: object
|
|
|
|
|
kinds:
|
|
|
|
|
description: Kinds is a list of resource kinds.
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
name:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Name is the name of the resource. The name supports wildcard characters
|
|
|
|
|
"*" (matches zero or many characters) and "?" (at least one character).
|
|
|
|
|
NOTE: "Name" is being deprecated in favor of "Names".
|
2023-12-19 12:43:39 +02:00
|
|
|
type: string
|
|
|
|
|
names:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Names are the names of the resources. Each name supports wildcard characters
|
|
|
|
|
"*" (matches zero or many characters) and "?" (at least one character).
|
2023-12-19 12:43:39 +02:00
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
namespaceSelector:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
NamespaceSelector is a label selector for the resource namespace. Label keys and values
|
|
|
|
|
in `matchLabels` support the wildcard characters `*` (matches zero or many characters)
|
|
|
|
|
and `?` (matches one character).Wildcards allows writing label selectors like
|
|
|
|
|
["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but
|
|
|
|
|
does not match an empty label set.
|
2023-12-19 12:43:39 +02:00
|
|
|
properties:
|
|
|
|
|
matchExpressions:
|
|
|
|
|
description: matchExpressions is a list of label
|
|
|
|
|
selector requirements. The requirements are ANDed.
|
|
|
|
|
items:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
|
|
|
relates the key and values.
|
2023-12-19 12:43:39 +02:00
|
|
|
properties:
|
|
|
|
|
key:
|
|
|
|
|
description: key is the label key that the
|
|
|
|
|
selector applies to.
|
|
|
|
|
type: string
|
|
|
|
|
operator:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
operator represents a key's relationship to a set of values.
|
|
|
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
2023-12-19 12:43:39 +02:00
|
|
|
type: string
|
|
|
|
|
values:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
|
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
|
|
|
the values array must be empty. This array is replaced during a strategic
|
|
|
|
|
merge patch.
|
2023-12-19 12:43:39 +02:00
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
2024-04-24 14:07:59 +08:00
|
|
|
x-kubernetes-list-type: atomic
|
2023-12-19 12:43:39 +02:00
|
|
|
required:
|
|
|
|
|
- key
|
|
|
|
|
- operator
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
2024-04-24 14:07:59 +08:00
|
|
|
x-kubernetes-list-type: atomic
|
2023-12-19 12:43:39 +02:00
|
|
|
matchLabels:
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: string
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
|
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
|
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
2023-12-19 12:43:39 +02:00
|
|
|
type: object
|
|
|
|
|
type: object
|
|
|
|
|
x-kubernetes-map-type: atomic
|
|
|
|
|
namespaces:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Namespaces is a list of namespaces names. Each name supports wildcard characters
|
|
|
|
|
"*" (matches zero or many characters) and "?" (at least one character).
|
2023-12-19 12:43:39 +02:00
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
operations:
|
|
|
|
|
description: Operations can contain values ["CREATE,
|
|
|
|
|
"UPDATE", "CONNECT", "DELETE"], which are used to
|
|
|
|
|
match a specific action.
|
|
|
|
|
items:
|
|
|
|
|
description: AdmissionOperation can have one of the
|
|
|
|
|
values CREATE, UPDATE, CONNECT, DELETE, which are
|
|
|
|
|
used to match a specific action.
|
|
|
|
|
enum:
|
|
|
|
|
- CREATE
|
|
|
|
|
- CONNECT
|
|
|
|
|
- UPDATE
|
|
|
|
|
- DELETE
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
selector:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Selector is a label selector. Label keys and values in `matchLabels` support the wildcard
|
|
|
|
|
characters `*` (matches zero or many characters) and `?` (matches one character).
|
|
|
|
|
Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that
|
|
|
|
|
using ["*" : "*"] matches any key and value but does not match an empty label set.
|
2023-12-19 12:43:39 +02:00
|
|
|
properties:
|
|
|
|
|
matchExpressions:
|
|
|
|
|
description: matchExpressions is a list of label
|
|
|
|
|
selector requirements. The requirements are ANDed.
|
|
|
|
|
items:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
|
|
|
relates the key and values.
|
2023-12-19 12:43:39 +02:00
|
|
|
properties:
|
|
|
|
|
key:
|
|
|
|
|
description: key is the label key that the
|
|
|
|
|
selector applies to.
|
|
|
|
|
type: string
|
|
|
|
|
operator:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
operator represents a key's relationship to a set of values.
|
|
|
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
2023-12-19 12:43:39 +02:00
|
|
|
type: string
|
|
|
|
|
values:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
|
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
|
|
|
the values array must be empty. This array is replaced during a strategic
|
|
|
|
|
merge patch.
|
2023-12-19 12:43:39 +02:00
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
2024-04-24 14:07:59 +08:00
|
|
|
x-kubernetes-list-type: atomic
|
2023-12-19 12:43:39 +02:00
|
|
|
required:
|
|
|
|
|
- key
|
|
|
|
|
- operator
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
2024-04-24 14:07:59 +08:00
|
|
|
x-kubernetes-list-type: atomic
|
2023-12-19 12:43:39 +02:00
|
|
|
matchLabels:
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: string
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
|
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
|
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
2023-12-19 12:43:39 +02:00
|
|
|
type: object
|
|
|
|
|
type: object
|
|
|
|
|
x-kubernetes-map-type: atomic
|
|
|
|
|
type: object
|
|
|
|
|
roles:
|
|
|
|
|
description: Roles is the list of namespaced role names
|
|
|
|
|
for the user.
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
subjects:
|
|
|
|
|
description: Subjects is the list of subject names like
|
|
|
|
|
users, user groups, and service accounts.
|
|
|
|
|
items:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,
|
|
|
|
|
or a value for non-objects such as user and group names.
|
2023-12-19 12:43:39 +02:00
|
|
|
properties:
|
|
|
|
|
apiGroup:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
APIGroup holds the API group of the referenced subject.
|
|
|
|
|
Defaults to "" for ServiceAccount subjects.
|
|
|
|
|
Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
|
2023-12-19 12:43:39 +02:00
|
|
|
type: string
|
|
|
|
|
kind:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
|
|
|
|
|
If the Authorizer does not recognized the kind value, the Authorizer should report an error.
|
2023-12-19 12:43:39 +02:00
|
|
|
type: string
|
|
|
|
|
name:
|
|
|
|
|
description: Name of the object being referenced.
|
|
|
|
|
type: string
|
|
|
|
|
namespace:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
|
|
|
|
|
the Authorizer should report an error.
|
2023-12-19 12:43:39 +02:00
|
|
|
type: string
|
|
|
|
|
required:
|
|
|
|
|
- kind
|
|
|
|
|
- name
|
|
|
|
|
type: object
|
|
|
|
|
x-kubernetes-map-type: atomic
|
|
|
|
|
type: array
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
|
|
|
|
any:
|
|
|
|
|
description: Any allows specifying resources which will be ORed
|
|
|
|
|
items:
|
|
|
|
|
description: ResourceFilter allow users to "AND" or "OR" between
|
|
|
|
|
resources
|
|
|
|
|
properties:
|
|
|
|
|
clusterRoles:
|
|
|
|
|
description: ClusterRoles is the list of cluster-wide role
|
|
|
|
|
names for the user.
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
resources:
|
|
|
|
|
description: ResourceDescription contains information about
|
|
|
|
|
the resource being created or modified.
|
2024-09-04 11:02:57 +02:00
|
|
|
not:
|
|
|
|
|
required:
|
|
|
|
|
- name
|
|
|
|
|
- names
|
2023-12-19 12:43:39 +02:00
|
|
|
properties:
|
|
|
|
|
annotations:
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: string
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Annotations is a map of annotations (key-value pairs of type string). Annotation keys
|
|
|
|
|
and values support the wildcard characters "*" (matches zero or many characters) and
|
|
|
|
|
"?" (matches at least one character).
|
2023-12-19 12:43:39 +02:00
|
|
|
type: object
|
|
|
|
|
kinds:
|
|
|
|
|
description: Kinds is a list of resource kinds.
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
name:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Name is the name of the resource. The name supports wildcard characters
|
|
|
|
|
"*" (matches zero or many characters) and "?" (at least one character).
|
|
|
|
|
NOTE: "Name" is being deprecated in favor of "Names".
|
2023-12-19 12:43:39 +02:00
|
|
|
type: string
|
|
|
|
|
names:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Names are the names of the resources. Each name supports wildcard characters
|
|
|
|
|
"*" (matches zero or many characters) and "?" (at least one character).
|
2023-12-19 12:43:39 +02:00
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
namespaceSelector:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
NamespaceSelector is a label selector for the resource namespace. Label keys and values
|
|
|
|
|
in `matchLabels` support the wildcard characters `*` (matches zero or many characters)
|
|
|
|
|
and `?` (matches one character).Wildcards allows writing label selectors like
|
|
|
|
|
["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but
|
|
|
|
|
does not match an empty label set.
|
2023-12-19 12:43:39 +02:00
|
|
|
properties:
|
|
|
|
|
matchExpressions:
|
|
|
|
|
description: matchExpressions is a list of label
|
|
|
|
|
selector requirements. The requirements are ANDed.
|
|
|
|
|
items:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
|
|
|
relates the key and values.
|
2023-12-19 12:43:39 +02:00
|
|
|
properties:
|
|
|
|
|
key:
|
|
|
|
|
description: key is the label key that the
|
|
|
|
|
selector applies to.
|
|
|
|
|
type: string
|
|
|
|
|
operator:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
operator represents a key's relationship to a set of values.
|
|
|
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
2023-12-19 12:43:39 +02:00
|
|
|
type: string
|
|
|
|
|
values:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
|
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
|
|
|
the values array must be empty. This array is replaced during a strategic
|
|
|
|
|
merge patch.
|
2023-12-19 12:43:39 +02:00
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
2024-04-24 14:07:59 +08:00
|
|
|
x-kubernetes-list-type: atomic
|
2023-12-19 12:43:39 +02:00
|
|
|
required:
|
|
|
|
|
- key
|
|
|
|
|
- operator
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
2024-04-24 14:07:59 +08:00
|
|
|
x-kubernetes-list-type: atomic
|
2023-12-19 12:43:39 +02:00
|
|
|
matchLabels:
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: string
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
|
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
|
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
2023-12-19 12:43:39 +02:00
|
|
|
type: object
|
|
|
|
|
type: object
|
|
|
|
|
x-kubernetes-map-type: atomic
|
|
|
|
|
namespaces:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Namespaces is a list of namespaces names. Each name supports wildcard characters
|
|
|
|
|
"*" (matches zero or many characters) and "?" (at least one character).
|
2023-12-19 12:43:39 +02:00
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
operations:
|
|
|
|
|
description: Operations can contain values ["CREATE,
|
|
|
|
|
"UPDATE", "CONNECT", "DELETE"], which are used to
|
|
|
|
|
match a specific action.
|
|
|
|
|
items:
|
|
|
|
|
description: AdmissionOperation can have one of the
|
|
|
|
|
values CREATE, UPDATE, CONNECT, DELETE, which are
|
|
|
|
|
used to match a specific action.
|
|
|
|
|
enum:
|
|
|
|
|
- CREATE
|
|
|
|
|
- CONNECT
|
|
|
|
|
- UPDATE
|
|
|
|
|
- DELETE
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
selector:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Selector is a label selector. Label keys and values in `matchLabels` support the wildcard
|
|
|
|
|
characters `*` (matches zero or many characters) and `?` (matches one character).
|
|
|
|
|
Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that
|
|
|
|
|
using ["*" : "*"] matches any key and value but does not match an empty label set.
|
2023-12-19 12:43:39 +02:00
|
|
|
properties:
|
|
|
|
|
matchExpressions:
|
|
|
|
|
description: matchExpressions is a list of label
|
|
|
|
|
selector requirements. The requirements are ANDed.
|
|
|
|
|
items:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
|
|
|
relates the key and values.
|
2023-12-19 12:43:39 +02:00
|
|
|
properties:
|
|
|
|
|
key:
|
|
|
|
|
description: key is the label key that the
|
|
|
|
|
selector applies to.
|
|
|
|
|
type: string
|
|
|
|
|
operator:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
operator represents a key's relationship to a set of values.
|
|
|
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
2023-12-19 12:43:39 +02:00
|
|
|
type: string
|
|
|
|
|
values:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
|
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
|
|
|
the values array must be empty. This array is replaced during a strategic
|
|
|
|
|
merge patch.
|
2023-12-19 12:43:39 +02:00
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
2024-04-24 14:07:59 +08:00
|
|
|
x-kubernetes-list-type: atomic
|
2023-12-19 12:43:39 +02:00
|
|
|
required:
|
|
|
|
|
- key
|
|
|
|
|
- operator
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
2024-04-24 14:07:59 +08:00
|
|
|
x-kubernetes-list-type: atomic
|
2023-12-19 12:43:39 +02:00
|
|
|
matchLabels:
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: string
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
|
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
|
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
2023-12-19 12:43:39 +02:00
|
|
|
type: object
|
|
|
|
|
type: object
|
|
|
|
|
x-kubernetes-map-type: atomic
|
|
|
|
|
type: object
|
|
|
|
|
roles:
|
|
|
|
|
description: Roles is the list of namespaced role names
|
|
|
|
|
for the user.
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
subjects:
|
|
|
|
|
description: Subjects is the list of subject names like
|
|
|
|
|
users, user groups, and service accounts.
|
|
|
|
|
items:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,
|
|
|
|
|
or a value for non-objects such as user and group names.
|
2023-12-19 12:43:39 +02:00
|
|
|
properties:
|
|
|
|
|
apiGroup:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
APIGroup holds the API group of the referenced subject.
|
|
|
|
|
Defaults to "" for ServiceAccount subjects.
|
|
|
|
|
Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
|
2023-12-19 12:43:39 +02:00
|
|
|
type: string
|
|
|
|
|
kind:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
|
|
|
|
|
If the Authorizer does not recognized the kind value, the Authorizer should report an error.
|
2023-12-19 12:43:39 +02:00
|
|
|
type: string
|
|
|
|
|
name:
|
|
|
|
|
description: Name of the object being referenced.
|
|
|
|
|
type: string
|
|
|
|
|
namespace:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
|
|
|
|
|
the Authorizer should report an error.
|
2023-12-19 12:43:39 +02:00
|
|
|
type: string
|
|
|
|
|
required:
|
|
|
|
|
- kind
|
|
|
|
|
- name
|
|
|
|
|
type: object
|
|
|
|
|
x-kubernetes-map-type: atomic
|
|
|
|
|
type: array
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
|
|
|
|
type: object
|
2024-01-26 20:43:07 +02:00
|
|
|
podSecurity:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
PodSecurity specifies the Pod Security Standard controls to be excluded.
|
|
|
|
|
Applicable only to policies that have validate.podSecurity subrule.
|
2024-01-26 20:43:07 +02:00
|
|
|
items:
|
|
|
|
|
description: PodSecurityStandard specifies the Pod Security Standard
|
|
|
|
|
controls to be excluded.
|
|
|
|
|
properties:
|
|
|
|
|
controlName:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
ControlName specifies the name of the Pod Security Standard control.
|
|
|
|
|
See: https://kubernetes.io/docs/concepts/security/pod-security-standards/
|
2024-01-26 20:43:07 +02:00
|
|
|
enum:
|
|
|
|
|
- HostProcess
|
|
|
|
|
- Host Namespaces
|
|
|
|
|
- Privileged Containers
|
|
|
|
|
- Capabilities
|
|
|
|
|
- HostPath Volumes
|
|
|
|
|
- Host Ports
|
|
|
|
|
- AppArmor
|
|
|
|
|
- SELinux
|
|
|
|
|
- /proc Mount Type
|
|
|
|
|
- Seccomp
|
|
|
|
|
- Sysctls
|
|
|
|
|
- Volume Types
|
|
|
|
|
- Privilege Escalation
|
|
|
|
|
- Running as Non-root
|
|
|
|
|
- Running as Non-root user
|
|
|
|
|
type: string
|
|
|
|
|
images:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Images selects matching containers and applies the container level PSS.
|
|
|
|
|
Each image is the image name consisting of the registry address, repository, image, and tag.
|
|
|
|
|
Empty list matches no containers, PSS checks are applied at the pod level only.
|
|
|
|
|
Wildcards ('*' and '?') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.
|
2024-01-26 20:43:07 +02:00
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
restrictedField:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
RestrictedField selects the field for the given Pod Security Standard control.
|
|
|
|
|
When not set, all restricted fields for the control are selected.
|
2024-01-26 20:43:07 +02:00
|
|
|
type: string
|
|
|
|
|
values:
|
|
|
|
|
description: Values defines the allowed values that can be excluded.
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
required:
|
|
|
|
|
- controlName
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
2023-12-19 12:43:39 +02:00
|
|
|
required:
|
|
|
|
|
- exceptions
|
|
|
|
|
- match
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- spec
|
|
|
|
|
type: object
|
|
|
|
|
served: true
|
2024-06-14 11:39:36 +02:00
|
|
|
storage: true
|
|
|
|
|
- deprecated: true
|
|
|
|
|
name: v2beta1
|
2023-09-22 11:53:19 +02:00
|
|
|
schema:
|
|
|
|
|
openAPIV3Schema:
|
|
|
|
|
description: PolicyException declares resources to be excluded from specified
|
|
|
|
|
policies.
|
|
|
|
|
properties:
|
|
|
|
|
apiVersion:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
APIVersion defines the versioned schema of this representation of an object.
|
|
|
|
|
Servers should convert recognized schemas to the latest internal value, and
|
|
|
|
|
may reject unrecognized values.
|
|
|
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
2023-09-22 11:53:19 +02:00
|
|
|
type: string
|
|
|
|
|
kind:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Kind is a string value representing the REST resource this object represents.
|
|
|
|
|
Servers may infer this from the endpoint the client submits requests to.
|
|
|
|
|
Cannot be updated.
|
|
|
|
|
In CamelCase.
|
|
|
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
2023-09-22 11:53:19 +02:00
|
|
|
type: string
|
|
|
|
|
metadata:
|
|
|
|
|
type: object
|
|
|
|
|
spec:
|
|
|
|
|
description: Spec declares policy exception behaviors.
|
|
|
|
|
properties:
|
|
|
|
|
background:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Background controls if exceptions are applied to existing policies during a background scan.
|
|
|
|
|
Optional. Default value is "true". The value must be set to "false" if the policy rule
|
|
|
|
|
uses variables that are only available in the admission review request (e.g. user name).
|
2023-09-22 11:53:19 +02:00
|
|
|
type: boolean
|
2023-10-24 16:15:52 +05:30
|
|
|
conditions:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Conditions are used to determine if a resource applies to the exception by evaluating a
|
|
|
|
|
set of conditions. The declaration can contain nested `any` or `all` statements.
|
2023-10-24 16:15:52 +05:30
|
|
|
properties:
|
|
|
|
|
all:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
AllConditions enable variable-based conditional rule execution. This is useful for
|
|
|
|
|
finer control of when an rule is applied. A condition can reference object data
|
|
|
|
|
using JMESPath notation.
|
|
|
|
|
Here, all of the conditions need to pass.
|
2023-10-24 16:15:52 +05:30
|
|
|
items:
|
|
|
|
|
properties:
|
|
|
|
|
key:
|
|
|
|
|
description: Key is the context entry (using JMESPath) for
|
|
|
|
|
conditional rule evaluation.
|
|
|
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
|
|
|
message:
|
|
|
|
|
description: Message is an optional display message
|
|
|
|
|
type: string
|
|
|
|
|
operator:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Operator is the conditional operation to perform. Valid operators are:
|
|
|
|
|
Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,
|
|
|
|
|
GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,
|
|
|
|
|
DurationLessThanOrEquals, DurationLessThan
|
2023-10-24 16:15:52 +05:30
|
|
|
enum:
|
|
|
|
|
- Equals
|
|
|
|
|
- NotEquals
|
|
|
|
|
- AnyIn
|
|
|
|
|
- AllIn
|
|
|
|
|
- AnyNotIn
|
|
|
|
|
- AllNotIn
|
|
|
|
|
- GreaterThanOrEquals
|
|
|
|
|
- GreaterThan
|
|
|
|
|
- LessThanOrEquals
|
|
|
|
|
- LessThan
|
|
|
|
|
- DurationGreaterThanOrEquals
|
|
|
|
|
- DurationGreaterThan
|
|
|
|
|
- DurationLessThanOrEquals
|
|
|
|
|
- DurationLessThan
|
|
|
|
|
type: string
|
|
|
|
|
value:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Value is the conditional value, or set of values. The values can be fixed set
|
|
|
|
|
or can be variables declared using JMESPath.
|
2023-10-24 16:15:52 +05:30
|
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
|
|
|
|
any:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
AnyConditions enable variable-based conditional rule execution. This is useful for
|
|
|
|
|
finer control of when an rule is applied. A condition can reference object data
|
|
|
|
|
using JMESPath notation.
|
|
|
|
|
Here, at least one of the conditions need to pass.
|
2023-10-24 16:15:52 +05:30
|
|
|
items:
|
|
|
|
|
properties:
|
|
|
|
|
key:
|
|
|
|
|
description: Key is the context entry (using JMESPath) for
|
|
|
|
|
conditional rule evaluation.
|
|
|
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
|
|
|
message:
|
|
|
|
|
description: Message is an optional display message
|
|
|
|
|
type: string
|
|
|
|
|
operator:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Operator is the conditional operation to perform. Valid operators are:
|
|
|
|
|
Equals, NotEquals, In, AnyIn, AllIn, NotIn, AnyNotIn, AllNotIn, GreaterThanOrEquals,
|
|
|
|
|
GreaterThan, LessThanOrEquals, LessThan, DurationGreaterThanOrEquals, DurationGreaterThan,
|
|
|
|
|
DurationLessThanOrEquals, DurationLessThan
|
2023-10-24 16:15:52 +05:30
|
|
|
enum:
|
|
|
|
|
- Equals
|
|
|
|
|
- NotEquals
|
|
|
|
|
- AnyIn
|
|
|
|
|
- AllIn
|
|
|
|
|
- AnyNotIn
|
|
|
|
|
- AllNotIn
|
|
|
|
|
- GreaterThanOrEquals
|
|
|
|
|
- GreaterThan
|
|
|
|
|
- LessThanOrEquals
|
|
|
|
|
- LessThan
|
|
|
|
|
- DurationGreaterThanOrEquals
|
|
|
|
|
- DurationGreaterThan
|
|
|
|
|
- DurationLessThanOrEquals
|
|
|
|
|
- DurationLessThan
|
|
|
|
|
type: string
|
|
|
|
|
value:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Value is the conditional value, or set of values. The values can be fixed set
|
|
|
|
|
or can be variables declared using JMESPath.
|
2023-10-24 16:15:52 +05:30
|
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
|
|
|
|
type: object
|
2023-09-22 11:53:19 +02:00
|
|
|
exceptions:
|
|
|
|
|
description: Exceptions is a list policy/rules to be excluded
|
|
|
|
|
items:
|
|
|
|
|
description: Exception stores infos about a policy and rules
|
|
|
|
|
properties:
|
|
|
|
|
policyName:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
PolicyName identifies the policy to which the exception is applied.
|
|
|
|
|
The policy name uses the format <namespace>/<name> unless it
|
|
|
|
|
references a ClusterPolicy.
|
2023-09-22 11:53:19 +02:00
|
|
|
type: string
|
|
|
|
|
ruleNames:
|
|
|
|
|
description: RuleNames identifies the rules to which the exception
|
|
|
|
|
is applied.
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
required:
|
|
|
|
|
- policyName
|
|
|
|
|
- ruleNames
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
|
|
|
|
match:
|
|
|
|
|
description: Match defines match clause used to check if a resource
|
|
|
|
|
applies to the exception
|
2024-09-04 20:00:50 +02:00
|
|
|
not:
|
|
|
|
|
required:
|
|
|
|
|
- any
|
|
|
|
|
- all
|
2023-09-22 11:53:19 +02:00
|
|
|
properties:
|
|
|
|
|
all:
|
|
|
|
|
description: All allows specifying resources which will be ANDed
|
|
|
|
|
items:
|
|
|
|
|
description: ResourceFilter allow users to "AND" or "OR" between
|
|
|
|
|
resources
|
|
|
|
|
properties:
|
|
|
|
|
clusterRoles:
|
|
|
|
|
description: ClusterRoles is the list of cluster-wide role
|
|
|
|
|
names for the user.
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
resources:
|
|
|
|
|
description: ResourceDescription contains information about
|
|
|
|
|
the resource being created or modified.
|
2024-09-04 11:02:57 +02:00
|
|
|
not:
|
|
|
|
|
required:
|
|
|
|
|
- name
|
|
|
|
|
- names
|
2023-09-22 11:53:19 +02:00
|
|
|
properties:
|
|
|
|
|
annotations:
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: string
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Annotations is a map of annotations (key-value pairs of type string). Annotation keys
|
|
|
|
|
and values support the wildcard characters "*" (matches zero or many characters) and
|
|
|
|
|
"?" (matches at least one character).
|
2023-09-22 11:53:19 +02:00
|
|
|
type: object
|
|
|
|
|
kinds:
|
|
|
|
|
description: Kinds is a list of resource kinds.
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
name:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Name is the name of the resource. The name supports wildcard characters
|
|
|
|
|
"*" (matches zero or many characters) and "?" (at least one character).
|
|
|
|
|
NOTE: "Name" is being deprecated in favor of "Names".
|
2023-09-22 11:53:19 +02:00
|
|
|
type: string
|
|
|
|
|
names:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Names are the names of the resources. Each name supports wildcard characters
|
|
|
|
|
"*" (matches zero or many characters) and "?" (at least one character).
|
2023-09-22 11:53:19 +02:00
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
namespaceSelector:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
NamespaceSelector is a label selector for the resource namespace. Label keys and values
|
|
|
|
|
in `matchLabels` support the wildcard characters `*` (matches zero or many characters)
|
|
|
|
|
and `?` (matches one character).Wildcards allows writing label selectors like
|
|
|
|
|
["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but
|
|
|
|
|
does not match an empty label set.
|
2023-09-22 11:53:19 +02:00
|
|
|
properties:
|
|
|
|
|
matchExpressions:
|
|
|
|
|
description: matchExpressions is a list of label
|
|
|
|
|
selector requirements. The requirements are ANDed.
|
|
|
|
|
items:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
|
|
|
relates the key and values.
|
2023-09-22 11:53:19 +02:00
|
|
|
properties:
|
|
|
|
|
key:
|
|
|
|
|
description: key is the label key that the
|
|
|
|
|
selector applies to.
|
|
|
|
|
type: string
|
|
|
|
|
operator:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
operator represents a key's relationship to a set of values.
|
|
|
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
2023-09-22 11:53:19 +02:00
|
|
|
type: string
|
|
|
|
|
values:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
|
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
|
|
|
the values array must be empty. This array is replaced during a strategic
|
|
|
|
|
merge patch.
|
2023-09-22 11:53:19 +02:00
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
2024-04-24 14:07:59 +08:00
|
|
|
x-kubernetes-list-type: atomic
|
2023-09-22 11:53:19 +02:00
|
|
|
required:
|
|
|
|
|
- key
|
|
|
|
|
- operator
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
2024-04-24 14:07:59 +08:00
|
|
|
x-kubernetes-list-type: atomic
|
2023-09-22 11:53:19 +02:00
|
|
|
matchLabels:
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: string
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
|
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
|
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
2023-09-22 11:53:19 +02:00
|
|
|
type: object
|
|
|
|
|
type: object
|
|
|
|
|
x-kubernetes-map-type: atomic
|
|
|
|
|
namespaces:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Namespaces is a list of namespaces names. Each name supports wildcard characters
|
|
|
|
|
"*" (matches zero or many characters) and "?" (at least one character).
|
2023-09-22 11:53:19 +02:00
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
operations:
|
|
|
|
|
description: Operations can contain values ["CREATE,
|
|
|
|
|
"UPDATE", "CONNECT", "DELETE"], which are used to
|
|
|
|
|
match a specific action.
|
|
|
|
|
items:
|
|
|
|
|
description: AdmissionOperation can have one of the
|
|
|
|
|
values CREATE, UPDATE, CONNECT, DELETE, which are
|
|
|
|
|
used to match a specific action.
|
|
|
|
|
enum:
|
|
|
|
|
- CREATE
|
|
|
|
|
- CONNECT
|
|
|
|
|
- UPDATE
|
|
|
|
|
- DELETE
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
selector:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Selector is a label selector. Label keys and values in `matchLabels` support the wildcard
|
|
|
|
|
characters `*` (matches zero or many characters) and `?` (matches one character).
|
|
|
|
|
Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that
|
|
|
|
|
using ["*" : "*"] matches any key and value but does not match an empty label set.
|
2023-09-22 11:53:19 +02:00
|
|
|
properties:
|
|
|
|
|
matchExpressions:
|
|
|
|
|
description: matchExpressions is a list of label
|
|
|
|
|
selector requirements. The requirements are ANDed.
|
|
|
|
|
items:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
|
|
|
relates the key and values.
|
2023-09-22 11:53:19 +02:00
|
|
|
properties:
|
|
|
|
|
key:
|
|
|
|
|
description: key is the label key that the
|
|
|
|
|
selector applies to.
|
|
|
|
|
type: string
|
|
|
|
|
operator:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
operator represents a key's relationship to a set of values.
|
|
|
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
2023-09-22 11:53:19 +02:00
|
|
|
type: string
|
|
|
|
|
values:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
|
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
|
|
|
the values array must be empty. This array is replaced during a strategic
|
|
|
|
|
merge patch.
|
2023-09-22 11:53:19 +02:00
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
2024-04-24 14:07:59 +08:00
|
|
|
x-kubernetes-list-type: atomic
|
2023-09-22 11:53:19 +02:00
|
|
|
required:
|
|
|
|
|
- key
|
|
|
|
|
- operator
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
2024-04-24 14:07:59 +08:00
|
|
|
x-kubernetes-list-type: atomic
|
2023-09-22 11:53:19 +02:00
|
|
|
matchLabels:
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: string
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
|
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
|
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
2023-09-22 11:53:19 +02:00
|
|
|
type: object
|
|
|
|
|
type: object
|
|
|
|
|
x-kubernetes-map-type: atomic
|
|
|
|
|
type: object
|
|
|
|
|
roles:
|
|
|
|
|
description: Roles is the list of namespaced role names
|
|
|
|
|
for the user.
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
subjects:
|
|
|
|
|
description: Subjects is the list of subject names like
|
|
|
|
|
users, user groups, and service accounts.
|
|
|
|
|
items:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,
|
|
|
|
|
or a value for non-objects such as user and group names.
|
2023-09-22 11:53:19 +02:00
|
|
|
properties:
|
|
|
|
|
apiGroup:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
APIGroup holds the API group of the referenced subject.
|
|
|
|
|
Defaults to "" for ServiceAccount subjects.
|
|
|
|
|
Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
|
2023-09-22 11:53:19 +02:00
|
|
|
type: string
|
|
|
|
|
kind:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
|
|
|
|
|
If the Authorizer does not recognized the kind value, the Authorizer should report an error.
|
2023-09-22 11:53:19 +02:00
|
|
|
type: string
|
|
|
|
|
name:
|
|
|
|
|
description: Name of the object being referenced.
|
|
|
|
|
type: string
|
|
|
|
|
namespace:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
|
|
|
|
|
the Authorizer should report an error.
|
2023-09-22 11:53:19 +02:00
|
|
|
type: string
|
|
|
|
|
required:
|
|
|
|
|
- kind
|
|
|
|
|
- name
|
|
|
|
|
type: object
|
|
|
|
|
x-kubernetes-map-type: atomic
|
|
|
|
|
type: array
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
|
|
|
|
any:
|
|
|
|
|
description: Any allows specifying resources which will be ORed
|
|
|
|
|
items:
|
|
|
|
|
description: ResourceFilter allow users to "AND" or "OR" between
|
|
|
|
|
resources
|
|
|
|
|
properties:
|
|
|
|
|
clusterRoles:
|
|
|
|
|
description: ClusterRoles is the list of cluster-wide role
|
|
|
|
|
names for the user.
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
resources:
|
|
|
|
|
description: ResourceDescription contains information about
|
|
|
|
|
the resource being created or modified.
|
2024-09-04 11:02:57 +02:00
|
|
|
not:
|
|
|
|
|
required:
|
|
|
|
|
- name
|
|
|
|
|
- names
|
2023-09-22 11:53:19 +02:00
|
|
|
properties:
|
|
|
|
|
annotations:
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: string
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Annotations is a map of annotations (key-value pairs of type string). Annotation keys
|
|
|
|
|
and values support the wildcard characters "*" (matches zero or many characters) and
|
|
|
|
|
"?" (matches at least one character).
|
2023-09-22 11:53:19 +02:00
|
|
|
type: object
|
|
|
|
|
kinds:
|
|
|
|
|
description: Kinds is a list of resource kinds.
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
name:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Name is the name of the resource. The name supports wildcard characters
|
|
|
|
|
"*" (matches zero or many characters) and "?" (at least one character).
|
|
|
|
|
NOTE: "Name" is being deprecated in favor of "Names".
|
2023-09-22 11:53:19 +02:00
|
|
|
type: string
|
|
|
|
|
names:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Names are the names of the resources. Each name supports wildcard characters
|
|
|
|
|
"*" (matches zero or many characters) and "?" (at least one character).
|
2023-09-22 11:53:19 +02:00
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
namespaceSelector:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
NamespaceSelector is a label selector for the resource namespace. Label keys and values
|
|
|
|
|
in `matchLabels` support the wildcard characters `*` (matches zero or many characters)
|
|
|
|
|
and `?` (matches one character).Wildcards allows writing label selectors like
|
|
|
|
|
["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but
|
|
|
|
|
does not match an empty label set.
|
2023-09-22 11:53:19 +02:00
|
|
|
properties:
|
|
|
|
|
matchExpressions:
|
|
|
|
|
description: matchExpressions is a list of label
|
|
|
|
|
selector requirements. The requirements are ANDed.
|
|
|
|
|
items:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
|
|
|
relates the key and values.
|
2023-09-22 11:53:19 +02:00
|
|
|
properties:
|
|
|
|
|
key:
|
|
|
|
|
description: key is the label key that the
|
|
|
|
|
selector applies to.
|
|
|
|
|
type: string
|
|
|
|
|
operator:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
operator represents a key's relationship to a set of values.
|
|
|
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
2023-09-22 11:53:19 +02:00
|
|
|
type: string
|
|
|
|
|
values:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
|
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
|
|
|
the values array must be empty. This array is replaced during a strategic
|
|
|
|
|
merge patch.
|
2023-09-22 11:53:19 +02:00
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
2024-04-24 14:07:59 +08:00
|
|
|
x-kubernetes-list-type: atomic
|
2023-09-22 11:53:19 +02:00
|
|
|
required:
|
|
|
|
|
- key
|
|
|
|
|
- operator
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
2024-04-24 14:07:59 +08:00
|
|
|
x-kubernetes-list-type: atomic
|
2023-09-22 11:53:19 +02:00
|
|
|
matchLabels:
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: string
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
|
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
|
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
2023-09-22 11:53:19 +02:00
|
|
|
type: object
|
|
|
|
|
type: object
|
|
|
|
|
x-kubernetes-map-type: atomic
|
|
|
|
|
namespaces:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Namespaces is a list of namespaces names. Each name supports wildcard characters
|
|
|
|
|
"*" (matches zero or many characters) and "?" (at least one character).
|
2023-09-22 11:53:19 +02:00
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
operations:
|
|
|
|
|
description: Operations can contain values ["CREATE,
|
|
|
|
|
"UPDATE", "CONNECT", "DELETE"], which are used to
|
|
|
|
|
match a specific action.
|
|
|
|
|
items:
|
|
|
|
|
description: AdmissionOperation can have one of the
|
|
|
|
|
values CREATE, UPDATE, CONNECT, DELETE, which are
|
|
|
|
|
used to match a specific action.
|
|
|
|
|
enum:
|
|
|
|
|
- CREATE
|
|
|
|
|
- CONNECT
|
|
|
|
|
- UPDATE
|
|
|
|
|
- DELETE
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
selector:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Selector is a label selector. Label keys and values in `matchLabels` support the wildcard
|
|
|
|
|
characters `*` (matches zero or many characters) and `?` (matches one character).
|
|
|
|
|
Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that
|
|
|
|
|
using ["*" : "*"] matches any key and value but does not match an empty label set.
|
2023-09-22 11:53:19 +02:00
|
|
|
properties:
|
|
|
|
|
matchExpressions:
|
|
|
|
|
description: matchExpressions is a list of label
|
|
|
|
|
selector requirements. The requirements are ANDed.
|
|
|
|
|
items:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
|
|
|
relates the key and values.
|
2023-09-22 11:53:19 +02:00
|
|
|
properties:
|
|
|
|
|
key:
|
|
|
|
|
description: key is the label key that the
|
|
|
|
|
selector applies to.
|
|
|
|
|
type: string
|
|
|
|
|
operator:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
operator represents a key's relationship to a set of values.
|
|
|
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
2023-09-22 11:53:19 +02:00
|
|
|
type: string
|
|
|
|
|
values:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
|
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
|
|
|
the values array must be empty. This array is replaced during a strategic
|
|
|
|
|
merge patch.
|
2023-09-22 11:53:19 +02:00
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
2024-04-24 14:07:59 +08:00
|
|
|
x-kubernetes-list-type: atomic
|
2023-09-22 11:53:19 +02:00
|
|
|
required:
|
|
|
|
|
- key
|
|
|
|
|
- operator
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
2024-04-24 14:07:59 +08:00
|
|
|
x-kubernetes-list-type: atomic
|
2023-09-22 11:53:19 +02:00
|
|
|
matchLabels:
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: string
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
|
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
|
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
2023-09-22 11:53:19 +02:00
|
|
|
type: object
|
|
|
|
|
type: object
|
|
|
|
|
x-kubernetes-map-type: atomic
|
|
|
|
|
type: object
|
|
|
|
|
roles:
|
|
|
|
|
description: Roles is the list of namespaced role names
|
|
|
|
|
for the user.
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
subjects:
|
|
|
|
|
description: Subjects is the list of subject names like
|
|
|
|
|
users, user groups, and service accounts.
|
|
|
|
|
items:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,
|
|
|
|
|
or a value for non-objects such as user and group names.
|
2023-09-22 11:53:19 +02:00
|
|
|
properties:
|
|
|
|
|
apiGroup:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
APIGroup holds the API group of the referenced subject.
|
|
|
|
|
Defaults to "" for ServiceAccount subjects.
|
|
|
|
|
Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
|
2023-09-22 11:53:19 +02:00
|
|
|
type: string
|
|
|
|
|
kind:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
|
|
|
|
|
If the Authorizer does not recognized the kind value, the Authorizer should report an error.
|
2023-09-22 11:53:19 +02:00
|
|
|
type: string
|
|
|
|
|
name:
|
|
|
|
|
description: Name of the object being referenced.
|
|
|
|
|
type: string
|
|
|
|
|
namespace:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
|
|
|
|
|
the Authorizer should report an error.
|
2023-09-22 11:53:19 +02:00
|
|
|
type: string
|
|
|
|
|
required:
|
|
|
|
|
- kind
|
|
|
|
|
- name
|
|
|
|
|
type: object
|
|
|
|
|
x-kubernetes-map-type: atomic
|
|
|
|
|
type: array
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
|
|
|
|
type: object
|
2024-01-26 20:43:07 +02:00
|
|
|
podSecurity:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
PodSecurity specifies the Pod Security Standard controls to be excluded.
|
|
|
|
|
Applicable only to policies that have validate.podSecurity subrule.
|
2024-01-26 20:43:07 +02:00
|
|
|
items:
|
|
|
|
|
description: PodSecurityStandard specifies the Pod Security Standard
|
|
|
|
|
controls to be excluded.
|
|
|
|
|
properties:
|
|
|
|
|
controlName:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
ControlName specifies the name of the Pod Security Standard control.
|
|
|
|
|
See: https://kubernetes.io/docs/concepts/security/pod-security-standards/
|
2024-01-26 20:43:07 +02:00
|
|
|
enum:
|
|
|
|
|
- HostProcess
|
|
|
|
|
- Host Namespaces
|
|
|
|
|
- Privileged Containers
|
|
|
|
|
- Capabilities
|
|
|
|
|
- HostPath Volumes
|
|
|
|
|
- Host Ports
|
|
|
|
|
- AppArmor
|
|
|
|
|
- SELinux
|
|
|
|
|
- /proc Mount Type
|
|
|
|
|
- Seccomp
|
|
|
|
|
- Sysctls
|
|
|
|
|
- Volume Types
|
|
|
|
|
- Privilege Escalation
|
|
|
|
|
- Running as Non-root
|
|
|
|
|
- Running as Non-root user
|
|
|
|
|
type: string
|
|
|
|
|
images:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
Images selects matching containers and applies the container level PSS.
|
|
|
|
|
Each image is the image name consisting of the registry address, repository, image, and tag.
|
|
|
|
|
Empty list matches no containers, PSS checks are applied at the pod level only.
|
|
|
|
|
Wildcards ('*' and '?') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.
|
2024-01-26 20:43:07 +02:00
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
restrictedField:
|
2024-03-28 14:03:17 +05:30
|
|
|
description: |-
|
|
|
|
|
RestrictedField selects the field for the given Pod Security Standard control.
|
|
|
|
|
When not set, all restricted fields for the control are selected.
|
2024-01-26 20:43:07 +02:00
|
|
|
type: string
|
|
|
|
|
values:
|
|
|
|
|
description: Values defines the allowed values that can be excluded.
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
required:
|
|
|
|
|
- controlName
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
2023-09-22 11:53:19 +02:00
|
|
|
required:
|
|
|
|
|
- exceptions
|
|
|
|
|
- match
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- spec
|
|
|
|
|
type: object
|
|
|
|
|
served: true
|
2024-06-14 11:39:36 +02:00
|
|
|
storage: false
|
