diff --git a/api/kyverno/v1/common_types.go b/api/kyverno/v1/common_types.go
index 7af2396a21..862322dc62 100644
--- a/api/kyverno/v1/common_types.go
+++ b/api/kyverno/v1/common_types.go
@@ -171,6 +171,65 @@ type APICall struct {
JMESPath string `json:"jmesPath,omitempty" yaml:"jmesPath,omitempty"`
}
+type GlobalContextEntryReference struct {
+ // Name of the global context entry
+ Name string `json:"name,omitempty" yaml:"name,omitempty"`
+
+ // JMESPath is an optional JSON Match Expression that can be used to
+ // transform the JSON response returned from the server. For example
+ // a JMESPath of "items | length(@)" applied to the API server response
+ // for the URLPath "/apis/apps/v1/deployments" will return the total count
+ // of deployments across all namespaces.
+ // +kubebuilder:validation:Optional
+ JMESPath string `json:"jmesPath,omitempty" yaml:"jmesPath,omitempty"`
+}
+
+// KubernetesResource stores infos about kubernetes resource that should be cached
+type KubernetesResource struct {
+ // Group defines the group of the resource
+ Group string `json:"group,omitempty" yaml:"group,omitempty"`
+ // Version defines the version of the resource
+ Version string `json:"version,omitempty" yaml:"version,omitempty"`
+ // Resource defines the type of the resource
+ Resource string `json:"resource,omitempty" yaml:"resource,omitempty"`
+ // Namespace defines the namespace of the resource. Leave empty for cluster scoped resources.
+ // +kubebuilder:validation:Optional
+ Namespace string `json:"namespace,omitempty" yaml:"namespace,omitempty"`
+}
+
+// Validate implements programmatic validation
+func (k *KubernetesResource) Validate(path *field.Path) (errs field.ErrorList) {
+ if k.Group == "" {
+ errs = append(errs, field.Required(path.Child("group"), "An Resource entry requires a group"))
+ }
+ if k.Version == "" {
+ errs = append(errs, field.Required(path.Child("version"), "An Resource entry requires a version"))
+ }
+ if k.Resource == "" {
+ errs = append(errs, field.Required(path.Child("resource"), "An Resource entry requires a resource"))
+ }
+ return errs
+}
+
+// ExternalAPICall stores infos about API call that should be cached
+type ExternalAPICall struct {
+ APICall `json:",inline,omitempty" yaml:",inline,omitempty"`
+ // RefreshIntervalSeconds defines the interval at which to poll the APICall
+ // +kubebuilder:default=0
+ RefreshIntervalSeconds int64 `json:"refreshIntervalSeconds,omitempty" yaml:"refreshIntervalSeconds,omitempty"`
+}
+
+// Validate implements programmatic validation
+func (e *ExternalAPICall) Validate(path *field.Path) (errs field.ErrorList) {
+ if e.Service.URL == "" {
+ errs = append(errs, field.Required(path.Child("url"), "An External API Call entry requires a url"))
+ }
+ if e.RefreshIntervalSeconds <= 0 {
+ errs = append(errs, field.Required(path.Child("refreshIntervalSeconds"), "An Resource entry requires a refresh interval greater than 0 seconds"))
+ }
+ return errs
+}
+
type ServiceCall struct {
// URL is the JSON web service URL. A typical form is
// `https://{service}.{namespace}:{port}/{path}`.
diff --git a/api/kyverno/v1/zz_generated.deepcopy.go b/api/kyverno/v1/zz_generated.deepcopy.go
index 0fee540f54..c1f0e3bd27 100755
--- a/api/kyverno/v1/zz_generated.deepcopy.go
+++ b/api/kyverno/v1/zz_generated.deepcopy.go
@@ -516,6 +516,23 @@ func (in *DryRunOption) DeepCopy() *DryRunOption {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExternalAPICall) DeepCopyInto(out *ExternalAPICall) {
+ *out = *in
+ in.APICall.DeepCopyInto(&out.APICall)
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalAPICall.
+func (in *ExternalAPICall) DeepCopy() *ExternalAPICall {
+ if in == nil {
+ return nil
+ }
+ out := new(ExternalAPICall)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ForEachMutation) DeepCopyInto(out *ForEachMutation) {
*out = *in
@@ -636,6 +653,22 @@ func (in *Generation) DeepCopy() *Generation {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GlobalContextEntryReference) DeepCopyInto(out *GlobalContextEntryReference) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalContextEntryReference.
+func (in *GlobalContextEntryReference) DeepCopy() *GlobalContextEntryReference {
+ if in == nil {
+ return nil
+ }
+ out := new(GlobalContextEntryReference)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in IgnoreFieldList) DeepCopyInto(out *IgnoreFieldList) {
{
@@ -843,6 +876,22 @@ func (in *KeylessAttestor) DeepCopy() *KeylessAttestor {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *KubernetesResource) DeepCopyInto(out *KubernetesResource) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesResource.
+func (in *KubernetesResource) DeepCopy() *KubernetesResource {
+ if in == nil {
+ return nil
+ }
+ out := new(KubernetesResource)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Manifests) DeepCopyInto(out *Manifests) {
*out = *in
diff --git a/api/kyverno/v2alpha1/global_context_entry_status.go b/api/kyverno/v2alpha1/global_context_entry_status.go
new file mode 100644
index 0000000000..f5cef516e9
--- /dev/null
+++ b/api/kyverno/v2alpha1/global_context_entry_status.go
@@ -0,0 +1,47 @@
+package v2alpha1
+
+import (
+ "k8s.io/apimachinery/pkg/api/meta"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+const (
+ // PolicyConditionReady means that the globalcontextentry is ready
+ GlobalContextEntryConditionReady = "Ready"
+)
+
+const (
+ // GlobalContextEntryReasonSucceeded is the reason set when the globalcontextentry is ready
+ GlobalContextEntryReasonSucceeded = "Succeeded"
+ // GlobalContextEntryReasonFailed is the reason set when the globalcontextentry is not ready
+ GlobalContextEntryReasonFailed = "Failed"
+)
+
+type GlobalContextEntryStatus struct {
+ // Deprecated in favor of Conditions
+ Ready bool `json:"ready" yaml:"ready"`
+ // +optional
+ Conditions []metav1.Condition `json:"conditions,omitempty"`
+}
+
+func (status *GlobalContextEntryStatus) SetReady(ready bool, message string) {
+ condition := metav1.Condition{
+ Type: GlobalContextEntryConditionReady,
+ Message: message,
+ }
+ if ready {
+ condition.Status = metav1.ConditionTrue
+ condition.Reason = GlobalContextEntryReasonSucceeded
+ } else {
+ condition.Status = metav1.ConditionFalse
+ condition.Reason = GlobalContextEntryReasonFailed
+ }
+ status.Ready = ready
+ meta.SetStatusCondition(&status.Conditions, condition)
+}
+
+// IsReady indicates if the globalcontextentry has loaded
+func (status *GlobalContextEntryStatus) IsReady() bool {
+ condition := meta.FindStatusCondition(status.Conditions, GlobalContextEntryConditionReady)
+ return condition != nil && condition.Status == metav1.ConditionTrue
+}
diff --git a/api/kyverno/v2alpha1/global_context_entry_types.go b/api/kyverno/v2alpha1/global_context_entry_types.go
new file mode 100644
index 0000000000..4d58369fae
--- /dev/null
+++ b/api/kyverno/v2alpha1/global_context_entry_types.go
@@ -0,0 +1,100 @@
+/*
+Copyright 2022 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package v2alpha1
+
+import (
+ kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/util/validation/field"
+)
+
+// +genclient
+// +genclient:nonNamespaced
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:resource:shortName=gctxentry,categories=kyverno,scope="Cluster"
+
+// GlobalContextEntry declares resources to be cached.
+type GlobalContextEntry struct {
+ metav1.TypeMeta `json:",inline,omitempty" yaml:",inline,omitempty"`
+ metav1.ObjectMeta `json:"metadata,omitempty" yaml:"metadata,omitempty"`
+
+ // Spec declares policy exception behaviors.
+ Spec GlobalContextEntrySpec `json:"spec" yaml:"spec"`
+
+ // Status contains globalcontextentry runtime data.
+ // +optional
+ Status GlobalContextEntryStatus `json:"status,omitempty" yaml:"status,omitempty"`
+}
+
+// GetStatus returns the globalcontextentry status
+func (p *GlobalContextEntry) GetStatus() *GlobalContextEntryStatus {
+ return &p.Status
+}
+
+// Validate implements programmatic validation
+func (c *GlobalContextEntry) Validate() (errs field.ErrorList) {
+ errs = append(errs, c.Spec.Validate(field.NewPath("spec"))...)
+ return errs
+}
+
+// IsNamespaced indicates if the policy is namespace scoped
+func (c *GlobalContextEntry) IsNamespaced() bool {
+ return false
+}
+
+// GlobalContextEntrySpec stores policy exception spec
+type GlobalContextEntrySpec struct {
+ // KubernetesResource stores infos about kubernetes resource that should be cached
+ // +kubebuilder:validation:Optional
+ KubernetesResource *kyvernov1.KubernetesResource `json:"kubernetesResource,omitempty" yaml:"kubernetesResource,omitempty"`
+
+ // APICall stores infos about API call that should be cached
+ // +kubebuilder:validation:Optional
+ APICall *kyvernov1.ExternalAPICall `json:"apiCall,omitempty" yaml:"apiCall,omitempty"`
+}
+
+func (c *GlobalContextEntrySpec) IsAPICall() bool {
+ return c.APICall != nil
+}
+
+func (c *GlobalContextEntrySpec) IsResource() bool {
+ return c.KubernetesResource != nil
+}
+
+// Validate implements programmatic validation
+func (c *GlobalContextEntrySpec) Validate(path *field.Path) (errs field.ErrorList) {
+ if c.IsResource() && c.IsAPICall() {
+ errs = append(errs, field.Forbidden(path.Child("resource"), "An External API Call entry requires a url"))
+ }
+ if c.IsResource() {
+ errs = append(errs, c.KubernetesResource.Validate(path.Child("resource"))...)
+ }
+ if c.IsAPICall() {
+ errs = append(errs, c.APICall.Validate(path.Child("apiCall"))...)
+ }
+ return errs
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// GlobalContextEntryList is a list of Cached Context Entries
+type GlobalContextEntryList struct {
+ metav1.TypeMeta `json:",inline" yaml:",inline"`
+ metav1.ListMeta `json:"metadata" yaml:"metadata"`
+ Items []GlobalContextEntry `json:"items" yaml:"items"`
+}
diff --git a/api/kyverno/v2alpha1/zz_generated.deepcopy.go b/api/kyverno/v2alpha1/zz_generated.deepcopy.go
index 9d0fd69b41..41a91746fa 100644
--- a/api/kyverno/v2alpha1/zz_generated.deepcopy.go
+++ b/api/kyverno/v2alpha1/zz_generated.deepcopy.go
@@ -22,7 +22,9 @@ limitations under the License.
package v2alpha1
import (
+ v1 "github.com/kyverno/kyverno/api/kyverno/v1"
v2beta1 "github.com/kyverno/kyverno/api/kyverno/v2beta1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
)
@@ -148,6 +150,116 @@ func (in *ClusterCleanupPolicyList) DeepCopyObject() runtime.Object {
return nil
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GlobalContextEntry) DeepCopyInto(out *GlobalContextEntry) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ in.Spec.DeepCopyInto(&out.Spec)
+ in.Status.DeepCopyInto(&out.Status)
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalContextEntry.
+func (in *GlobalContextEntry) DeepCopy() *GlobalContextEntry {
+ if in == nil {
+ return nil
+ }
+ out := new(GlobalContextEntry)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *GlobalContextEntry) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GlobalContextEntryList) DeepCopyInto(out *GlobalContextEntryList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]GlobalContextEntry, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalContextEntryList.
+func (in *GlobalContextEntryList) DeepCopy() *GlobalContextEntryList {
+ if in == nil {
+ return nil
+ }
+ out := new(GlobalContextEntryList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *GlobalContextEntryList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GlobalContextEntrySpec) DeepCopyInto(out *GlobalContextEntrySpec) {
+ *out = *in
+ if in.KubernetesResource != nil {
+ in, out := &in.KubernetesResource, &out.KubernetesResource
+ *out = new(v1.KubernetesResource)
+ **out = **in
+ }
+ if in.APICall != nil {
+ in, out := &in.APICall, &out.APICall
+ *out = new(v1.ExternalAPICall)
+ (*in).DeepCopyInto(*out)
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalContextEntrySpec.
+func (in *GlobalContextEntrySpec) DeepCopy() *GlobalContextEntrySpec {
+ if in == nil {
+ return nil
+ }
+ out := new(GlobalContextEntrySpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GlobalContextEntryStatus) DeepCopyInto(out *GlobalContextEntryStatus) {
+ *out = *in
+ if in.Conditions != nil {
+ in, out := &in.Conditions, &out.Conditions
+ *out = make([]metav1.Condition, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalContextEntryStatus.
+func (in *GlobalContextEntryStatus) DeepCopy() *GlobalContextEntryStatus {
+ if in == nil {
+ return nil
+ }
+ out := new(GlobalContextEntryStatus)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PolicyException) DeepCopyInto(out *PolicyException) {
*out = *in
diff --git a/api/kyverno/v2alpha1/zz_generated.register.go b/api/kyverno/v2alpha1/zz_generated.register.go
index c4395f826a..a6b2e1dc2b 100644
--- a/api/kyverno/v2alpha1/zz_generated.register.go
+++ b/api/kyverno/v2alpha1/zz_generated.register.go
@@ -62,6 +62,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
&CleanupPolicyList{},
&ClusterCleanupPolicy{},
&ClusterCleanupPolicyList{},
+ &GlobalContextEntry{},
+ &GlobalContextEntryList{},
&PolicyException{},
&PolicyExceptionList{},
)
diff --git a/config/crds/kyverno/kyverno.io_globalcontextentries.yaml b/config/crds/kyverno/kyverno.io_globalcontextentries.yaml
new file mode 100644
index 0000000000..7680cc4ebe
--- /dev/null
+++ b/config/crds/kyverno/kyverno.io_globalcontextentries.yaml
@@ -0,0 +1,202 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.0
+ name: globalcontextentries.kyverno.io
+spec:
+ group: kyverno.io
+ names:
+ categories:
+ - kyverno
+ kind: GlobalContextEntry
+ listKind: GlobalContextEntryList
+ plural: globalcontextentries
+ shortNames:
+ - gctxentry
+ singular: globalcontextentry
+ scope: Cluster
+ versions:
+ - name: v2alpha1
+ schema:
+ openAPIV3Schema:
+ description: GlobalContextEntry declares resources to be cached.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec declares policy exception behaviors.
+ properties:
+ apiCall:
+ description: APICall stores infos about API call that should be cached
+ properties:
+ data:
+ description: Data specifies the POST data sent to the server.
+ items:
+ description: RequestData contains the HTTP POST data
+ properties:
+ key:
+ description: Key is a unique identifier for the data value
+ type: string
+ value:
+ description: Value is the data value
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - key
+ - value
+ type: object
+ type: array
+ jmesPath:
+ description: JMESPath is an optional JSON Match Expression that
+ can be used to transform the JSON response returned from the
+ server. For example a JMESPath of "items | length(@)" applied
+ to the API server response for the URLPath "/apis/apps/v1/deployments"
+ will return the total count of deployments across all namespaces.
+ type: string
+ method:
+ default: GET
+ description: Method is the HTTP request type (GET or POST).
+ enum:
+ - GET
+ - POST
+ type: string
+ refreshIntervalSeconds:
+ default: 0
+ description: RefreshIntervalSeconds defines the interval at which
+ to poll the APICall
+ format: int64
+ type: integer
+ service:
+ description: Service is an API call to a JSON web service
+ properties:
+ caBundle:
+ description: CABundle is a PEM encoded CA bundle which will
+ be used to validate the server certificate.
+ type: string
+ url:
+ description: URL is the JSON web service URL. A typical form
+ is `https://{service}.{namespace}:{port}/{path}`.
+ type: string
+ required:
+ - url
+ type: object
+ urlPath:
+ description: URLPath is the URL path to be used in the HTTP GET
+ or POST request to the Kubernetes API server (e.g. "/api/v1/namespaces"
+ or "/apis/apps/v1/deployments"). The format required is the
+ same format used by the `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls
+ for details.
+ type: string
+ type: object
+ kubernetesResource:
+ description: KubernetesResource stores infos about kubernetes resource
+ that should be cached
+ properties:
+ group:
+ description: Group defines the group of the resource
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the resource.
+ Leave empty for cluster scoped resources.
+ type: string
+ resource:
+ description: Resource defines the type of the resource
+ type: string
+ version:
+ description: Version defines the version of the resource
+ type: string
+ type: object
+ type: object
+ status:
+ description: Status contains globalcontextentry runtime data.
+ properties:
+ conditions:
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource. --- This struct is intended for direct
+ use as an array at the field path .status.conditions. For example,
+ \n type FooStatus struct{ // Represents the observations of a
+ foo's current state. // Known .status.conditions.type are: \"Available\",
+ \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+ // +listType=map // +listMapKey=type Conditions []metav1.Condition
+ `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+ protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ properties:
+ lastTransitionTime:
+ description: lastTransitionTime is the last time the condition
+ transitioned from one status to another. This should be when
+ the underlying condition changed. If that is not known, then
+ using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: message is a human readable message indicating
+ details about the transition. This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: observedGeneration represents the .metadata.generation
+ that the condition was set based upon. For instance, if .metadata.generation
+ is currently 12, but the .status.conditions[x].observedGeneration
+ is 9, the condition is out of date with respect to the current
+ state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: reason contains a programmatic identifier indicating
+ the reason for the condition's last transition. Producers
+ of specific condition types may define expected values and
+ meanings for this field, and whether the values are considered
+ a guaranteed API. The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ --- Many .condition.type values are consistent across resources
+ like Available, but because arbitrary conditions can be useful
+ (see .node.status.conditions), the ability to deconflict is
+ important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ ready:
+ description: Deprecated in favor of Conditions
+ type: boolean
+ required:
+ - ready
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
diff --git a/docs/user/crd/index.html b/docs/user/crd/index.html
index b2f0dc2fa4..aa4cc7be9e 100644
--- a/docs/user/crd/index.html
+++ b/docs/user/crd/index.html
@@ -610,7 +610,8 @@ PolicyStatus
</h3>
<p>
(<em>Appears on:</em>
-<a href="#kyverno.io/v1.ContextEntry">ContextEntry</a>)
+<a href="#kyverno.io/v1.ContextEntry">ContextEntry</a>,
+<a href="#kyverno.io/v1.ExternalAPICall">ExternalAPICall</a>)
</p>
<p>
</p>
@@ -1570,6 +1571,52 @@ string
</tbody>
</table>
<hr />
+<h3 id="kyverno.io/v1.ExternalAPICall">ExternalAPICall
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#kyverno.io/v2alpha1.GlobalContextEntrySpec">GlobalContextEntrySpec</a>)
+</p>
+<p>
+<p>ExternalAPICall stores infos about API call that should be cached</p>
+</p>
+<table class="table table-striped">
+<thead class="thead-dark">
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>APICall</code><br/>
+<em>
+<a href="#kyverno.io/v1.APICall">
+APICall
+</a>
+</em>
+</td>
+<td>
+<p>
+(Members of <code>APICall</code> are embedded into this type.)
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>refreshIntervalSeconds</code><br/>
+<em>
+int64
+</em>
+</td>
+<td>
+<p>RefreshIntervalSeconds defines the interval at which to poll the APICall</p>
+</td>
+</tr>
+</tbody>
+</table>
+<hr />
<h3 id="kyverno.io/v1.FailurePolicyType">FailurePolicyType
(<code>string</code> alias)</p></h3>
<p>
@@ -1957,6 +2004,47 @@ CloneList
</tbody>
</table>
<hr />
+<h3 id="kyverno.io/v1.GlobalContextEntryReference">GlobalContextEntryReference
+</h3>
+<p>
+</p>
+<table class="table table-striped">
+<thead class="thead-dark">
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>name</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Name of the global context entry</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>jmesPath</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<p>JMESPath is an optional JSON Match Expression that can be used to
+transform the JSON response returned from the server. For example
+a JMESPath of “items | length(@)” applied to the API server response
+for the URLPath “/apis/apps/v1/deployments” will return the total count
+of deployments across all namespaces.</p>
+</td>
+</tr>
+</tbody>
+</table>
+<hr />
<h3 id="kyverno.io/v1.ImageExtractorConfig">ImageExtractorConfig
</h3>
<p>
@@ -2517,6 +2605,70 @@ map[string]string
</tbody>
</table>
<hr />
+<h3 id="kyverno.io/v1.KubernetesResource">KubernetesResource
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#kyverno.io/v2alpha1.GlobalContextEntrySpec">GlobalContextEntrySpec</a>)
+</p>
+<p>
+<p>KubernetesResource stores infos about kubernetes resource that should be cached</p>
+</p>
+<table class="table table-striped">
+<thead class="thead-dark">
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>group</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Group defines the group of the resource</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>version</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Version defines the version of the resource</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>resource</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Resource defines the type of the resource</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>namespace</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Namespace defines the namespace of the resource. Leave empty for cluster scoped resources.</p>
+</td>
+</tr>
+</tbody>
+</table>
+<hr />
<h3 id="kyverno.io/v1.Manifests">Manifests
</h3>
<p>
@@ -7390,6 +7542,8 @@ Resource Types:
</li><li>
<a href="#kyverno.io/v2alpha1.ClusterCleanupPolicy">ClusterCleanupPolicy</a>
</li><li>
+<a href="#kyverno.io/v2alpha1.GlobalContextEntry">GlobalContextEntry</a>
+</li><li>
<a href="#kyverno.io/v2alpha1.PolicyException">PolicyException</a>
</li></ul>
<hr />
@@ -7691,6 +7845,110 @@ CleanupPolicyStatus
</tbody>
</table>
<hr />
+<h3 id="kyverno.io/v2alpha1.GlobalContextEntry">GlobalContextEntry
+</h3>
+<p>
+<p>GlobalContextEntry declares resources to be cached.</p>
+</p>
+<table class="table table-striped">
+<thead class="thead-dark">
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>apiVersion</code><br/>
+string</td>
+<td>
+<code>
+kyverno.io/v2alpha1
+</code>
+</td>
+</tr>
+<tr>
+<td>
+<code>kind</code><br/>
+string
+</td>
+<td><code>GlobalContextEntry</code></td>
+</tr>
+<tr>
+<td>
+<code>metadata</code><br/>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta">
+Kubernetes meta/v1.ObjectMeta
+</a>
+</em>
+</td>
+<td>
+Refer to the Kubernetes API documentation for the fields of the
+<code>metadata</code> field.
+</td>
+</tr>
+<tr>
+<td>
+<code>spec</code><br/>
+<em>
+<a href="#kyverno.io/v2alpha1.GlobalContextEntrySpec">
+GlobalContextEntrySpec
+</a>
+</em>
+</td>
+<td>
+<p>Spec declares policy exception behaviors.</p>
+<br/>
+<br/>
+<table class="table table-striped">
+<tr>
+<td>
+<code>kubernetesResource</code><br/>
+<em>
+<a href="#kyverno.io/v1.KubernetesResource">
+KubernetesResource
+</a>
+</em>
+</td>
+<td>
+<p>KubernetesResource stores infos about kubernetes resource that should be cached</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>apiCall</code><br/>
+<em>
+<a href="#kyverno.io/v1.ExternalAPICall">
+ExternalAPICall
+</a>
+</em>
+</td>
+<td>
+<p>APICall stores infos about API call that should be cached</p>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+<tr>
+<td>
+<code>status</code><br/>
+<em>
+<a href="#kyverno.io/v2alpha1.GlobalContextEntryStatus">
+GlobalContextEntryStatus
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Status contains globalcontextentry runtime data.</p>
+</td>
+</tr>
+</tbody>
+</table>
+<hr />
<h3 id="kyverno.io/v2alpha1.PolicyException">PolicyException
</h3>
<p>
@@ -7829,6 +8087,95 @@ Applicable only to policies that have validate.podSecurity subrule.</p>
<p>
<p>CleanupPolicyInterface abstracts the concrete policy type (CleanupPolicy vs ClusterCleanupPolicy)</p>
</p>
+<h3 id="kyverno.io/v2alpha1.GlobalContextEntrySpec">GlobalContextEntrySpec
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#kyverno.io/v2alpha1.GlobalContextEntry">GlobalContextEntry</a>)
+</p>
+<p>
+<p>GlobalContextEntrySpec stores policy exception spec</p>
+</p>
+<table class="table table-striped">
+<thead class="thead-dark">
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>kubernetesResource</code><br/>
+<em>
+<a href="#kyverno.io/v1.KubernetesResource">
+KubernetesResource
+</a>
+</em>
+</td>
+<td>
+<p>KubernetesResource stores infos about kubernetes resource that should be cached</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>apiCall</code><br/>
+<em>
+<a href="#kyverno.io/v1.ExternalAPICall">
+ExternalAPICall
+</a>
+</em>
+</td>
+<td>
+<p>APICall stores infos about API call that should be cached</p>
+</td>
+</tr>
+</tbody>
+</table>
+<hr />
+<h3 id="kyverno.io/v2alpha1.GlobalContextEntryStatus">GlobalContextEntryStatus
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#kyverno.io/v2alpha1.GlobalContextEntry">GlobalContextEntry</a>)
+</p>
+<p>
+</p>
+<table class="table table-striped">
+<thead class="thead-dark">
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>ready</code><br/>
+<em>
+bool
+</em>
+</td>
+<td>
+<p>Deprecated in favor of Conditions</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>conditions</code><br/>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#condition-v1-meta">
+[]Kubernetes meta/v1.Condition
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+</td>
+</tr>
+</tbody>
+</table>
+<hr />
<h2 id="kyverno.io/v2beta1">kyverno.io/v2beta1</h2>
Resource Types:
<ul><li>
diff --git a/pkg/client/applyconfigurations/kyverno/v1/externalapicall.go b/pkg/client/applyconfigurations/kyverno/v1/externalapicall.go
new file mode 100644
index 0000000000..58b3138e94
--- /dev/null
+++ b/pkg/client/applyconfigurations/kyverno/v1/externalapicall.go
@@ -0,0 +1,89 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
+)
+
+// ExternalAPICallApplyConfiguration represents an declarative configuration of the ExternalAPICall type for use
+// with apply.
+type ExternalAPICallApplyConfiguration struct {
+ APICallApplyConfiguration `json:",omitempty,inline"`
+ RefreshIntervalSeconds *int64 `json:"refreshIntervalSeconds,omitempty"`
+}
+
+// ExternalAPICallApplyConfiguration constructs an declarative configuration of the ExternalAPICall type for use with
+// apply.
+func ExternalAPICall() *ExternalAPICallApplyConfiguration {
+ return &ExternalAPICallApplyConfiguration{}
+}
+
+// WithURLPath sets the URLPath field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the URLPath field is set to the value of the last call.
+func (b *ExternalAPICallApplyConfiguration) WithURLPath(value string) *ExternalAPICallApplyConfiguration {
+ b.URLPath = &value
+ return b
+}
+
+// WithMethod sets the Method field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Method field is set to the value of the last call.
+func (b *ExternalAPICallApplyConfiguration) WithMethod(value kyvernov1.Method) *ExternalAPICallApplyConfiguration {
+ b.Method = &value
+ return b
+}
+
+// WithData adds the given value to the Data field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Data field.
+func (b *ExternalAPICallApplyConfiguration) WithData(values ...*RequestDataApplyConfiguration) *ExternalAPICallApplyConfiguration {
+ for i := range values {
+ if values[i] == nil {
+ panic("nil value passed to WithData")
+ }
+ b.Data = append(b.Data, *values[i])
+ }
+ return b
+}
+
+// WithService sets the Service field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Service field is set to the value of the last call.
+func (b *ExternalAPICallApplyConfiguration) WithService(value *ServiceCallApplyConfiguration) *ExternalAPICallApplyConfiguration {
+ b.Service = value
+ return b
+}
+
+// WithJMESPath sets the JMESPath field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the JMESPath field is set to the value of the last call.
+func (b *ExternalAPICallApplyConfiguration) WithJMESPath(value string) *ExternalAPICallApplyConfiguration {
+ b.JMESPath = &value
+ return b
+}
+
+// WithRefreshIntervalSeconds sets the RefreshIntervalSeconds field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the RefreshIntervalSeconds field is set to the value of the last call.
+func (b *ExternalAPICallApplyConfiguration) WithRefreshIntervalSeconds(value int64) *ExternalAPICallApplyConfiguration {
+ b.RefreshIntervalSeconds = &value
+ return b
+}
diff --git a/pkg/client/applyconfigurations/kyverno/v1/kubernetesresource.go b/pkg/client/applyconfigurations/kyverno/v1/kubernetesresource.go
new file mode 100644
index 0000000000..933cc92aa7
--- /dev/null
+++ b/pkg/client/applyconfigurations/kyverno/v1/kubernetesresource.go
@@ -0,0 +1,66 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// KubernetesResourceApplyConfiguration represents an declarative configuration of the KubernetesResource type for use
+// with apply.
+type KubernetesResourceApplyConfiguration struct {
+ Group *string `json:"group,omitempty"`
+ Version *string `json:"version,omitempty"`
+ Resource *string `json:"resource,omitempty"`
+ Namespace *string `json:"namespace,omitempty"`
+}
+
+// KubernetesResourceApplyConfiguration constructs an declarative configuration of the KubernetesResource type for use with
+// apply.
+func KubernetesResource() *KubernetesResourceApplyConfiguration {
+ return &KubernetesResourceApplyConfiguration{}
+}
+
+// WithGroup sets the Group field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Group field is set to the value of the last call.
+func (b *KubernetesResourceApplyConfiguration) WithGroup(value string) *KubernetesResourceApplyConfiguration {
+ b.Group = &value
+ return b
+}
+
+// WithVersion sets the Version field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Version field is set to the value of the last call.
+func (b *KubernetesResourceApplyConfiguration) WithVersion(value string) *KubernetesResourceApplyConfiguration {
+ b.Version = &value
+ return b
+}
+
+// WithResource sets the Resource field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Resource field is set to the value of the last call.
+func (b *KubernetesResourceApplyConfiguration) WithResource(value string) *KubernetesResourceApplyConfiguration {
+ b.Resource = &value
+ return b
+}
+
+// WithNamespace sets the Namespace field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Namespace field is set to the value of the last call.
+func (b *KubernetesResourceApplyConfiguration) WithNamespace(value string) *KubernetesResourceApplyConfiguration {
+ b.Namespace = &value
+ return b
+}
diff --git a/pkg/client/applyconfigurations/kyverno/v2alpha1/globalcontextentry.go b/pkg/client/applyconfigurations/kyverno/v2alpha1/globalcontextentry.go
new file mode 100644
index 0000000000..ba2a9da9bc
--- /dev/null
+++ b/pkg/client/applyconfigurations/kyverno/v2alpha1/globalcontextentry.go
@@ -0,0 +1,218 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v2alpha1
+
+import (
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ types "k8s.io/apimachinery/pkg/types"
+ v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// GlobalContextEntryApplyConfiguration represents an declarative configuration of the GlobalContextEntry type for use
+// with apply.
+type GlobalContextEntryApplyConfiguration struct {
+ v1.TypeMetaApplyConfiguration `json:",omitempty,inline"`
+ *v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
+ Spec *GlobalContextEntrySpecApplyConfiguration `json:"spec,omitempty"`
+ Status *GlobalContextEntryStatusApplyConfiguration `json:"status,omitempty"`
+}
+
+// GlobalContextEntry constructs an declarative configuration of the GlobalContextEntry type for use with
+// apply.
+func GlobalContextEntry(name string) *GlobalContextEntryApplyConfiguration {
+ b := &GlobalContextEntryApplyConfiguration{}
+ b.WithName(name)
+ b.WithKind("GlobalContextEntry")
+ b.WithAPIVersion("kyverno.io/v2alpha1")
+ return b
+}
+
+// WithKind sets the Kind field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Kind field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithKind(value string) *GlobalContextEntryApplyConfiguration {
+ b.Kind = &value
+ return b
+}
+
+// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the APIVersion field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithAPIVersion(value string) *GlobalContextEntryApplyConfiguration {
+ b.APIVersion = &value
+ return b
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithName(value string) *GlobalContextEntryApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.Name = &value
+ return b
+}
+
+// WithGenerateName sets the GenerateName field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the GenerateName field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithGenerateName(value string) *GlobalContextEntryApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.GenerateName = &value
+ return b
+}
+
+// WithNamespace sets the Namespace field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Namespace field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithNamespace(value string) *GlobalContextEntryApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.Namespace = &value
+ return b
+}
+
+// WithUID sets the UID field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the UID field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithUID(value types.UID) *GlobalContextEntryApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.UID = &value
+ return b
+}
+
+// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ResourceVersion field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithResourceVersion(value string) *GlobalContextEntryApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.ResourceVersion = &value
+ return b
+}
+
+// WithGeneration sets the Generation field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Generation field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithGeneration(value int64) *GlobalContextEntryApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.Generation = &value
+ return b
+}
+
+// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the CreationTimestamp field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithCreationTimestamp(value metav1.Time) *GlobalContextEntryApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.CreationTimestamp = &value
+ return b
+}
+
+// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionTimestamp field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *GlobalContextEntryApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.DeletionTimestamp = &value
+ return b
+}
+
+// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *GlobalContextEntryApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ b.DeletionGracePeriodSeconds = &value
+ return b
+}
+
+// WithLabels puts the entries into the Labels field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Labels field,
+// overwriting an existing map entries in Labels field with the same key.
+func (b *GlobalContextEntryApplyConfiguration) WithLabels(entries map[string]string) *GlobalContextEntryApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ if b.Labels == nil && len(entries) > 0 {
+ b.Labels = make(map[string]string, len(entries))
+ }
+ for k, v := range entries {
+ b.Labels[k] = v
+ }
+ return b
+}
+
+// WithAnnotations puts the entries into the Annotations field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Annotations field,
+// overwriting an existing map entries in Annotations field with the same key.
+func (b *GlobalContextEntryApplyConfiguration) WithAnnotations(entries map[string]string) *GlobalContextEntryApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ if b.Annotations == nil && len(entries) > 0 {
+ b.Annotations = make(map[string]string, len(entries))
+ }
+ for k, v := range entries {
+ b.Annotations[k] = v
+ }
+ return b
+}
+
+// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the OwnerReferences field.
+func (b *GlobalContextEntryApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *GlobalContextEntryApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ for i := range values {
+ if values[i] == nil {
+ panic("nil value passed to WithOwnerReferences")
+ }
+ b.OwnerReferences = append(b.OwnerReferences, *values[i])
+ }
+ return b
+}
+
+// WithFinalizers adds the given value to the Finalizers field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Finalizers field.
+func (b *GlobalContextEntryApplyConfiguration) WithFinalizers(values ...string) *GlobalContextEntryApplyConfiguration {
+ b.ensureObjectMetaApplyConfigurationExists()
+ for i := range values {
+ b.Finalizers = append(b.Finalizers, values[i])
+ }
+ return b
+}
+
+func (b *GlobalContextEntryApplyConfiguration) ensureObjectMetaApplyConfigurationExists() {
+ if b.ObjectMetaApplyConfiguration == nil {
+ b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{}
+ }
+}
+
+// WithSpec sets the Spec field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Spec field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithSpec(value *GlobalContextEntrySpecApplyConfiguration) *GlobalContextEntryApplyConfiguration {
+ b.Spec = value
+ return b
+}
+
+// WithStatus sets the Status field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Status field is set to the value of the last call.
+func (b *GlobalContextEntryApplyConfiguration) WithStatus(value *GlobalContextEntryStatusApplyConfiguration) *GlobalContextEntryApplyConfiguration {
+ b.Status = value
+ return b
+}
diff --git a/pkg/client/applyconfigurations/kyverno/v2alpha1/globalcontextentryspec.go b/pkg/client/applyconfigurations/kyverno/v2alpha1/globalcontextentryspec.go
new file mode 100644
index 0000000000..33853a72a2
--- /dev/null
+++ b/pkg/client/applyconfigurations/kyverno/v2alpha1/globalcontextentryspec.go
@@ -0,0 +1,52 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v2alpha1
+
+import (
+ v1 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/kyverno/v1"
+)
+
+// GlobalContextEntrySpecApplyConfiguration represents an declarative configuration of the GlobalContextEntrySpec type for use
+// with apply.
+type GlobalContextEntrySpecApplyConfiguration struct {
+ KubernetesResource *v1.KubernetesResourceApplyConfiguration `json:"kubernetesResource,omitempty"`
+ APICall *v1.ExternalAPICallApplyConfiguration `json:"apiCall,omitempty"`
+}
+
+// GlobalContextEntrySpecApplyConfiguration constructs an declarative configuration of the GlobalContextEntrySpec type for use with
+// apply.
+func GlobalContextEntrySpec() *GlobalContextEntrySpecApplyConfiguration {
+ return &GlobalContextEntrySpecApplyConfiguration{}
+}
+
+// WithKubernetesResource sets the KubernetesResource field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the KubernetesResource field is set to the value of the last call.
+func (b *GlobalContextEntrySpecApplyConfiguration) WithKubernetesResource(value *v1.KubernetesResourceApplyConfiguration) *GlobalContextEntrySpecApplyConfiguration {
+ b.KubernetesResource = value
+ return b
+}
+
+// WithAPICall sets the APICall field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the APICall field is set to the value of the last call.
+func (b *GlobalContextEntrySpecApplyConfiguration) WithAPICall(value *v1.ExternalAPICallApplyConfiguration) *GlobalContextEntrySpecApplyConfiguration {
+ b.APICall = value
+ return b
+}
diff --git a/pkg/client/applyconfigurations/kyverno/v2alpha1/globalcontextentrystatus.go b/pkg/client/applyconfigurations/kyverno/v2alpha1/globalcontextentrystatus.go
new file mode 100644
index 0000000000..6a57c2335c
--- /dev/null
+++ b/pkg/client/applyconfigurations/kyverno/v2alpha1/globalcontextentrystatus.go
@@ -0,0 +1,54 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v2alpha1
+
+import (
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// GlobalContextEntryStatusApplyConfiguration represents an declarative configuration of the GlobalContextEntryStatus type for use
+// with apply.
+type GlobalContextEntryStatusApplyConfiguration struct {
+ Ready *bool `json:"ready,omitempty"`
+ Conditions []v1.Condition `json:"conditions,omitempty"`
+}
+
+// GlobalContextEntryStatusApplyConfiguration constructs an declarative configuration of the GlobalContextEntryStatus type for use with
+// apply.
+func GlobalContextEntryStatus() *GlobalContextEntryStatusApplyConfiguration {
+ return &GlobalContextEntryStatusApplyConfiguration{}
+}
+
+// WithReady sets the Ready field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Ready field is set to the value of the last call.
+func (b *GlobalContextEntryStatusApplyConfiguration) WithReady(value bool) *GlobalContextEntryStatusApplyConfiguration {
+ b.Ready = &value
+ return b
+}
+
+// WithConditions adds the given value to the Conditions field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Conditions field.
+func (b *GlobalContextEntryStatusApplyConfiguration) WithConditions(values ...v1.Condition) *GlobalContextEntryStatusApplyConfiguration {
+ for i := range values {
+ b.Conditions = append(b.Conditions, values[i])
+ }
+ return b
+}
diff --git a/pkg/client/applyconfigurations/utils.go b/pkg/client/applyconfigurations/utils.go
index f7cafbbfa8..d0a6f55a69 100644
--- a/pkg/client/applyconfigurations/utils.go
+++ b/pkg/client/applyconfigurations/utils.go
@@ -77,6 +77,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
return &kyvernov1.DenyApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("DryRunOption"):
return &kyvernov1.DryRunOptionApplyConfiguration{}
+ case v1.SchemeGroupVersion.WithKind("ExternalAPICall"):
+ return &kyvernov1.ExternalAPICallApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("ForEachMutation"):
return &kyvernov1.ForEachMutationApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("ForEachValidation"):
@@ -93,6 +95,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
return &kyvernov1.ImageVerificationApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("KeylessAttestor"):
return &kyvernov1.KeylessAttestorApplyConfiguration{}
+ case v1.SchemeGroupVersion.WithKind("KubernetesResource"):
+ return &kyvernov1.KubernetesResourceApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("Manifests"):
return &kyvernov1.ManifestsApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("MatchResources"):
@@ -221,6 +225,12 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
return &kyvernov2alpha1.CleanupPolicyApplyConfiguration{}
case v2alpha1.SchemeGroupVersion.WithKind("ClusterCleanupPolicy"):
return &kyvernov2alpha1.ClusterCleanupPolicyApplyConfiguration{}
+ case v2alpha1.SchemeGroupVersion.WithKind("GlobalContextEntry"):
+ return &kyvernov2alpha1.GlobalContextEntryApplyConfiguration{}
+ case v2alpha1.SchemeGroupVersion.WithKind("GlobalContextEntrySpec"):
+ return &kyvernov2alpha1.GlobalContextEntrySpecApplyConfiguration{}
+ case v2alpha1.SchemeGroupVersion.WithKind("GlobalContextEntryStatus"):
+ return &kyvernov2alpha1.GlobalContextEntryStatusApplyConfiguration{}
case v2alpha1.SchemeGroupVersion.WithKind("PolicyException"):
return &kyvernov2alpha1.PolicyExceptionApplyConfiguration{}
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/fake/fake_globalcontextentry.go b/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/fake/fake_globalcontextentry.go
new file mode 100644
index 0000000000..95efa3a51e
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/fake/fake_globalcontextentry.go
@@ -0,0 +1,132 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+ "context"
+
+ v2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ labels "k8s.io/apimachinery/pkg/labels"
+ types "k8s.io/apimachinery/pkg/types"
+ watch "k8s.io/apimachinery/pkg/watch"
+ testing "k8s.io/client-go/testing"
+)
+
+// FakeGlobalContextEntries implements GlobalContextEntryInterface
+type FakeGlobalContextEntries struct {
+ Fake *FakeKyvernoV2alpha1
+}
+
+var globalcontextentriesResource = v2alpha1.SchemeGroupVersion.WithResource("globalcontextentries")
+
+var globalcontextentriesKind = v2alpha1.SchemeGroupVersion.WithKind("GlobalContextEntry")
+
+// Get takes name of the globalContextEntry, and returns the corresponding globalContextEntry object, and an error if there is any.
+func (c *FakeGlobalContextEntries) Get(ctx context.Context, name string, options v1.GetOptions) (result *v2alpha1.GlobalContextEntry, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootGetAction(globalcontextentriesResource, name), &v2alpha1.GlobalContextEntry{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v2alpha1.GlobalContextEntry), err
+}
+
+// List takes label and field selectors, and returns the list of GlobalContextEntries that match those selectors.
+func (c *FakeGlobalContextEntries) List(ctx context.Context, opts v1.ListOptions) (result *v2alpha1.GlobalContextEntryList, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootListAction(globalcontextentriesResource, globalcontextentriesKind, opts), &v2alpha1.GlobalContextEntryList{})
+ if obj == nil {
+ return nil, err
+ }
+
+ label, _, _ := testing.ExtractFromListOptions(opts)
+ if label == nil {
+ label = labels.Everything()
+ }
+ list := &v2alpha1.GlobalContextEntryList{ListMeta: obj.(*v2alpha1.GlobalContextEntryList).ListMeta}
+ for _, item := range obj.(*v2alpha1.GlobalContextEntryList).Items {
+ if label.Matches(labels.Set(item.Labels)) {
+ list.Items = append(list.Items, item)
+ }
+ }
+ return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested globalContextEntries.
+func (c *FakeGlobalContextEntries) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+ return c.Fake.
+ InvokesWatch(testing.NewRootWatchAction(globalcontextentriesResource, opts))
+}
+
+// Create takes the representation of a globalContextEntry and creates it. Returns the server's representation of the globalContextEntry, and an error, if there is any.
+func (c *FakeGlobalContextEntries) Create(ctx context.Context, globalContextEntry *v2alpha1.GlobalContextEntry, opts v1.CreateOptions) (result *v2alpha1.GlobalContextEntry, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootCreateAction(globalcontextentriesResource, globalContextEntry), &v2alpha1.GlobalContextEntry{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v2alpha1.GlobalContextEntry), err
+}
+
+// Update takes the representation of a globalContextEntry and updates it. Returns the server's representation of the globalContextEntry, and an error, if there is any.
+func (c *FakeGlobalContextEntries) Update(ctx context.Context, globalContextEntry *v2alpha1.GlobalContextEntry, opts v1.UpdateOptions) (result *v2alpha1.GlobalContextEntry, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootUpdateAction(globalcontextentriesResource, globalContextEntry), &v2alpha1.GlobalContextEntry{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v2alpha1.GlobalContextEntry), err
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *FakeGlobalContextEntries) UpdateStatus(ctx context.Context, globalContextEntry *v2alpha1.GlobalContextEntry, opts v1.UpdateOptions) (*v2alpha1.GlobalContextEntry, error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootUpdateSubresourceAction(globalcontextentriesResource, "status", globalContextEntry), &v2alpha1.GlobalContextEntry{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v2alpha1.GlobalContextEntry), err
+}
+
+// Delete takes name of the globalContextEntry and deletes it. Returns an error if one occurs.
+func (c *FakeGlobalContextEntries) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+ _, err := c.Fake.
+ Invokes(testing.NewRootDeleteActionWithOptions(globalcontextentriesResource, name, opts), &v2alpha1.GlobalContextEntry{})
+ return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeGlobalContextEntries) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+ action := testing.NewRootDeleteCollectionAction(globalcontextentriesResource, listOpts)
+
+ _, err := c.Fake.Invokes(action, &v2alpha1.GlobalContextEntryList{})
+ return err
+}
+
+// Patch applies the patch and returns the patched globalContextEntry.
+func (c *FakeGlobalContextEntries) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v2alpha1.GlobalContextEntry, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootPatchSubresourceAction(globalcontextentriesResource, name, pt, data, subresources...), &v2alpha1.GlobalContextEntry{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v2alpha1.GlobalContextEntry), err
+}
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/fake/fake_kyverno_client.go b/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/fake/fake_kyverno_client.go
index a476a09342..9f0cc853c5 100644
--- a/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/fake/fake_kyverno_client.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/fake/fake_kyverno_client.go
@@ -36,6 +36,10 @@ func (c *FakeKyvernoV2alpha1) ClusterCleanupPolicies() v2alpha1.ClusterCleanupPo
return &FakeClusterCleanupPolicies{c}
}
+func (c *FakeKyvernoV2alpha1) GlobalContextEntries() v2alpha1.GlobalContextEntryInterface {
+ return &FakeGlobalContextEntries{c}
+}
+
func (c *FakeKyvernoV2alpha1) PolicyExceptions(namespace string) v2alpha1.PolicyExceptionInterface {
return &FakePolicyExceptions{c, namespace}
}
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/generated_expansion.go b/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/generated_expansion.go
index 22b56fcb7d..2fc6ba8622 100644
--- a/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/generated_expansion.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/generated_expansion.go
@@ -22,4 +22,6 @@ type CleanupPolicyExpansion interface{}
type ClusterCleanupPolicyExpansion interface{}
+type GlobalContextEntryExpansion interface{}
+
type PolicyExceptionExpansion interface{}
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/globalcontextentry.go b/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/globalcontextentry.go
new file mode 100644
index 0000000000..ee99525fae
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/globalcontextentry.go
@@ -0,0 +1,184 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v2alpha1
+
+import (
+ "context"
+ "time"
+
+ v2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
+ scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ types "k8s.io/apimachinery/pkg/types"
+ watch "k8s.io/apimachinery/pkg/watch"
+ rest "k8s.io/client-go/rest"
+)
+
+// GlobalContextEntriesGetter has a method to return a GlobalContextEntryInterface.
+// A group's client should implement this interface.
+type GlobalContextEntriesGetter interface {
+ GlobalContextEntries() GlobalContextEntryInterface
+}
+
+// GlobalContextEntryInterface has methods to work with GlobalContextEntry resources.
+type GlobalContextEntryInterface interface {
+ Create(ctx context.Context, globalContextEntry *v2alpha1.GlobalContextEntry, opts v1.CreateOptions) (*v2alpha1.GlobalContextEntry, error)
+ Update(ctx context.Context, globalContextEntry *v2alpha1.GlobalContextEntry, opts v1.UpdateOptions) (*v2alpha1.GlobalContextEntry, error)
+ UpdateStatus(ctx context.Context, globalContextEntry *v2alpha1.GlobalContextEntry, opts v1.UpdateOptions) (*v2alpha1.GlobalContextEntry, error)
+ Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+ DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+ Get(ctx context.Context, name string, opts v1.GetOptions) (*v2alpha1.GlobalContextEntry, error)
+ List(ctx context.Context, opts v1.ListOptions) (*v2alpha1.GlobalContextEntryList, error)
+ Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+ Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v2alpha1.GlobalContextEntry, err error)
+ GlobalContextEntryExpansion
+}
+
+// globalContextEntries implements GlobalContextEntryInterface
+type globalContextEntries struct {
+ client rest.Interface
+}
+
+// newGlobalContextEntries returns a GlobalContextEntries
+func newGlobalContextEntries(c *KyvernoV2alpha1Client) *globalContextEntries {
+ return &globalContextEntries{
+ client: c.RESTClient(),
+ }
+}
+
+// Get takes name of the globalContextEntry, and returns the corresponding globalContextEntry object, and an error if there is any.
+func (c *globalContextEntries) Get(ctx context.Context, name string, options v1.GetOptions) (result *v2alpha1.GlobalContextEntry, err error) {
+ result = &v2alpha1.GlobalContextEntry{}
+ err = c.client.Get().
+ Resource("globalcontextentries").
+ Name(name).
+ VersionedParams(&options, scheme.ParameterCodec).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// List takes label and field selectors, and returns the list of GlobalContextEntries that match those selectors.
+func (c *globalContextEntries) List(ctx context.Context, opts v1.ListOptions) (result *v2alpha1.GlobalContextEntryList, err error) {
+ var timeout time.Duration
+ if opts.TimeoutSeconds != nil {
+ timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+ }
+ result = &v2alpha1.GlobalContextEntryList{}
+ err = c.client.Get().
+ Resource("globalcontextentries").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Watch returns a watch.Interface that watches the requested globalContextEntries.
+func (c *globalContextEntries) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+ var timeout time.Duration
+ if opts.TimeoutSeconds != nil {
+ timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+ }
+ opts.Watch = true
+ return c.client.Get().
+ Resource("globalcontextentries").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Watch(ctx)
+}
+
+// Create takes the representation of a globalContextEntry and creates it. Returns the server's representation of the globalContextEntry, and an error, if there is any.
+func (c *globalContextEntries) Create(ctx context.Context, globalContextEntry *v2alpha1.GlobalContextEntry, opts v1.CreateOptions) (result *v2alpha1.GlobalContextEntry, err error) {
+ result = &v2alpha1.GlobalContextEntry{}
+ err = c.client.Post().
+ Resource("globalcontextentries").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(globalContextEntry).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Update takes the representation of a globalContextEntry and updates it. Returns the server's representation of the globalContextEntry, and an error, if there is any.
+func (c *globalContextEntries) Update(ctx context.Context, globalContextEntry *v2alpha1.GlobalContextEntry, opts v1.UpdateOptions) (result *v2alpha1.GlobalContextEntry, err error) {
+ result = &v2alpha1.GlobalContextEntry{}
+ err = c.client.Put().
+ Resource("globalcontextentries").
+ Name(globalContextEntry.Name).
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(globalContextEntry).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *globalContextEntries) UpdateStatus(ctx context.Context, globalContextEntry *v2alpha1.GlobalContextEntry, opts v1.UpdateOptions) (result *v2alpha1.GlobalContextEntry, err error) {
+ result = &v2alpha1.GlobalContextEntry{}
+ err = c.client.Put().
+ Resource("globalcontextentries").
+ Name(globalContextEntry.Name).
+ SubResource("status").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(globalContextEntry).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Delete takes name of the globalContextEntry and deletes it. Returns an error if one occurs.
+func (c *globalContextEntries) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+ return c.client.Delete().
+ Resource("globalcontextentries").
+ Name(name).
+ Body(&opts).
+ Do(ctx).
+ Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *globalContextEntries) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+ var timeout time.Duration
+ if listOpts.TimeoutSeconds != nil {
+ timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+ }
+ return c.client.Delete().
+ Resource("globalcontextentries").
+ VersionedParams(&listOpts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Body(&opts).
+ Do(ctx).
+ Error()
+}
+
+// Patch applies the patch and returns the patched globalContextEntry.
+func (c *globalContextEntries) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v2alpha1.GlobalContextEntry, err error) {
+ result = &v2alpha1.GlobalContextEntry{}
+ err = c.client.Patch(pt).
+ Resource("globalcontextentries").
+ Name(name).
+ SubResource(subresources...).
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(data).
+ Do(ctx).
+ Into(result)
+ return
+}
diff --git a/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/kyverno_client.go b/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/kyverno_client.go
index ab305eec2d..75cb096816 100644
--- a/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/kyverno_client.go
+++ b/pkg/client/clientset/versioned/typed/kyverno/v2alpha1/kyverno_client.go
@@ -30,6 +30,7 @@ type KyvernoV2alpha1Interface interface {
RESTClient() rest.Interface
CleanupPoliciesGetter
ClusterCleanupPoliciesGetter
+ GlobalContextEntriesGetter
PolicyExceptionsGetter
}
@@ -46,6 +47,10 @@ func (c *KyvernoV2alpha1Client) ClusterCleanupPolicies() ClusterCleanupPolicyInt
return newClusterCleanupPolicies(c)
}
+func (c *KyvernoV2alpha1Client) GlobalContextEntries() GlobalContextEntryInterface {
+ return newGlobalContextEntries(c)
+}
+
func (c *KyvernoV2alpha1Client) PolicyExceptions(namespace string) PolicyExceptionInterface {
return newPolicyExceptions(c, namespace)
}
diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go
index 52d5c7799f..b4e83dcb7f 100644
--- a/pkg/client/informers/externalversions/generic.go
+++ b/pkg/client/informers/externalversions/generic.go
@@ -102,6 +102,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V2alpha1().CleanupPolicies().Informer()}, nil
case v2alpha1.SchemeGroupVersion.WithResource("clustercleanuppolicies"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V2alpha1().ClusterCleanupPolicies().Informer()}, nil
+ case v2alpha1.SchemeGroupVersion.WithResource("globalcontextentries"):
+ return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V2alpha1().GlobalContextEntries().Informer()}, nil
case v2alpha1.SchemeGroupVersion.WithResource("policyexceptions"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V2alpha1().PolicyExceptions().Informer()}, nil
diff --git a/pkg/client/informers/externalversions/kyverno/v2alpha1/globalcontextentry.go b/pkg/client/informers/externalversions/kyverno/v2alpha1/globalcontextentry.go
new file mode 100644
index 0000000000..817a2fd8b2
--- /dev/null
+++ b/pkg/client/informers/externalversions/kyverno/v2alpha1/globalcontextentry.go
@@ -0,0 +1,89 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v2alpha1
+
+import (
+ "context"
+ time "time"
+
+ kyvernov2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
+ versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
+ internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+ v2alpha1 "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2alpha1"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ runtime "k8s.io/apimachinery/pkg/runtime"
+ watch "k8s.io/apimachinery/pkg/watch"
+ cache "k8s.io/client-go/tools/cache"
+)
+
+// GlobalContextEntryInformer provides access to a shared informer and lister for
+// GlobalContextEntries.
+type GlobalContextEntryInformer interface {
+ Informer() cache.SharedIndexInformer
+ Lister() v2alpha1.GlobalContextEntryLister
+}
+
+type globalContextEntryInformer struct {
+ factory internalinterfaces.SharedInformerFactory
+ tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// NewGlobalContextEntryInformer constructs a new informer for GlobalContextEntry type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewGlobalContextEntryInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+ return NewFilteredGlobalContextEntryInformer(client, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredGlobalContextEntryInformer constructs a new informer for GlobalContextEntry type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredGlobalContextEntryInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+ return cache.NewSharedIndexInformer(
+ &cache.ListWatch{
+ ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.KyvernoV2alpha1().GlobalContextEntries().List(context.TODO(), options)
+ },
+ WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.KyvernoV2alpha1().GlobalContextEntries().Watch(context.TODO(), options)
+ },
+ },
+ &kyvernov2alpha1.GlobalContextEntry{},
+ resyncPeriod,
+ indexers,
+ )
+}
+
+func (f *globalContextEntryInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+ return NewFilteredGlobalContextEntryInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *globalContextEntryInformer) Informer() cache.SharedIndexInformer {
+ return f.factory.InformerFor(&kyvernov2alpha1.GlobalContextEntry{}, f.defaultInformer)
+}
+
+func (f *globalContextEntryInformer) Lister() v2alpha1.GlobalContextEntryLister {
+ return v2alpha1.NewGlobalContextEntryLister(f.Informer().GetIndexer())
+}
diff --git a/pkg/client/informers/externalversions/kyverno/v2alpha1/interface.go b/pkg/client/informers/externalversions/kyverno/v2alpha1/interface.go
index 039139f326..516af0c7fa 100644
--- a/pkg/client/informers/externalversions/kyverno/v2alpha1/interface.go
+++ b/pkg/client/informers/externalversions/kyverno/v2alpha1/interface.go
@@ -28,6 +28,8 @@ type Interface interface {
CleanupPolicies() CleanupPolicyInformer
// ClusterCleanupPolicies returns a ClusterCleanupPolicyInformer.
ClusterCleanupPolicies() ClusterCleanupPolicyInformer
+ // GlobalContextEntries returns a GlobalContextEntryInformer.
+ GlobalContextEntries() GlobalContextEntryInformer
// PolicyExceptions returns a PolicyExceptionInformer.
PolicyExceptions() PolicyExceptionInformer
}
@@ -53,6 +55,11 @@ func (v *version) ClusterCleanupPolicies() ClusterCleanupPolicyInformer {
return &clusterCleanupPolicyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
}
+// GlobalContextEntries returns a GlobalContextEntryInformer.
+func (v *version) GlobalContextEntries() GlobalContextEntryInformer {
+ return &globalContextEntryInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
+}
+
// PolicyExceptions returns a PolicyExceptionInformer.
func (v *version) PolicyExceptions() PolicyExceptionInformer {
return &policyExceptionInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
diff --git a/pkg/client/listers/kyverno/v2alpha1/expansion_generated.go b/pkg/client/listers/kyverno/v2alpha1/expansion_generated.go
index 2dc0588a8a..fe8a7b2368 100644
--- a/pkg/client/listers/kyverno/v2alpha1/expansion_generated.go
+++ b/pkg/client/listers/kyverno/v2alpha1/expansion_generated.go
@@ -30,6 +30,10 @@ type CleanupPolicyNamespaceListerExpansion interface{}
// ClusterCleanupPolicyLister.
type ClusterCleanupPolicyListerExpansion interface{}
+// GlobalContextEntryListerExpansion allows custom methods to be added to
+// GlobalContextEntryLister.
+type GlobalContextEntryListerExpansion interface{}
+
// PolicyExceptionListerExpansion allows custom methods to be added to
// PolicyExceptionLister.
type PolicyExceptionListerExpansion interface{}
diff --git a/pkg/client/listers/kyverno/v2alpha1/globalcontextentry.go b/pkg/client/listers/kyverno/v2alpha1/globalcontextentry.go
new file mode 100644
index 0000000000..1ec64d543b
--- /dev/null
+++ b/pkg/client/listers/kyverno/v2alpha1/globalcontextentry.go
@@ -0,0 +1,68 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v2alpha1
+
+import (
+ v2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
+ "k8s.io/apimachinery/pkg/api/errors"
+ "k8s.io/apimachinery/pkg/labels"
+ "k8s.io/client-go/tools/cache"
+)
+
+// GlobalContextEntryLister helps list GlobalContextEntries.
+// All objects returned here must be treated as read-only.
+type GlobalContextEntryLister interface {
+ // List lists all GlobalContextEntries in the indexer.
+ // Objects returned here must be treated as read-only.
+ List(selector labels.Selector) (ret []*v2alpha1.GlobalContextEntry, err error)
+ // Get retrieves the GlobalContextEntry from the index for a given name.
+ // Objects returned here must be treated as read-only.
+ Get(name string) (*v2alpha1.GlobalContextEntry, error)
+ GlobalContextEntryListerExpansion
+}
+
+// globalContextEntryLister implements the GlobalContextEntryLister interface.
+type globalContextEntryLister struct {
+ indexer cache.Indexer
+}
+
+// NewGlobalContextEntryLister returns a new GlobalContextEntryLister.
+func NewGlobalContextEntryLister(indexer cache.Indexer) GlobalContextEntryLister {
+ return &globalContextEntryLister{indexer: indexer}
+}
+
+// List lists all GlobalContextEntries in the indexer.
+func (s *globalContextEntryLister) List(selector labels.Selector) (ret []*v2alpha1.GlobalContextEntry, err error) {
+ err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+ ret = append(ret, m.(*v2alpha1.GlobalContextEntry))
+ })
+ return ret, err
+}
+
+// Get retrieves the GlobalContextEntry from the index for a given name.
+func (s *globalContextEntryLister) Get(name string) (*v2alpha1.GlobalContextEntry, error) {
+ obj, exists, err := s.indexer.GetByKey(name)
+ if err != nil {
+ return nil, err
+ }
+ if !exists {
+ return nil, errors.NewNotFound(v2alpha1.Resource("globalcontextentry"), name)
+ }
+ return obj.(*v2alpha1.GlobalContextEntry), nil
+}
diff --git a/pkg/clients/kyverno/kyvernov2alpha1/client.generated.go b/pkg/clients/kyverno/kyvernov2alpha1/client.generated.go
index 5c223d8212..b17da9abdf 100644
--- a/pkg/clients/kyverno/kyvernov2alpha1/client.generated.go
+++ b/pkg/clients/kyverno/kyvernov2alpha1/client.generated.go
@@ -5,6 +5,7 @@ import (
github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2alpha1"
cleanuppolicies "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov2alpha1/cleanuppolicies"
clustercleanuppolicies "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov2alpha1/clustercleanuppolicies"
+ globalcontextentries "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov2alpha1/globalcontextentries"
policyexceptions "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov2alpha1/policyexceptions"
"github.com/kyverno/kyverno/pkg/metrics"
"k8s.io/client-go/rest"
@@ -39,6 +40,10 @@ func (c *withMetrics) ClusterCleanupPolicies() github_com_kyverno_kyverno_pkg_cl
recorder := metrics.ClusteredClientQueryRecorder(c.metrics, "ClusterCleanupPolicy", c.clientType)
return clustercleanuppolicies.WithMetrics(c.inner.ClusterCleanupPolicies(), recorder)
}
+func (c *withMetrics) GlobalContextEntries() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.GlobalContextEntryInterface {
+ recorder := metrics.ClusteredClientQueryRecorder(c.metrics, "GlobalContextEntry", c.clientType)
+ return globalcontextentries.WithMetrics(c.inner.GlobalContextEntries(), recorder)
+}
func (c *withMetrics) PolicyExceptions(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.PolicyExceptionInterface {
recorder := metrics.NamespacedClientQueryRecorder(c.metrics, namespace, "PolicyException", c.clientType)
return policyexceptions.WithMetrics(c.inner.PolicyExceptions(namespace), recorder)
@@ -58,6 +63,9 @@ func (c *withTracing) CleanupPolicies(namespace string) github_com_kyverno_kyver
func (c *withTracing) ClusterCleanupPolicies() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.ClusterCleanupPolicyInterface {
return clustercleanuppolicies.WithTracing(c.inner.ClusterCleanupPolicies(), c.client, "ClusterCleanupPolicy")
}
+func (c *withTracing) GlobalContextEntries() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.GlobalContextEntryInterface {
+ return globalcontextentries.WithTracing(c.inner.GlobalContextEntries(), c.client, "GlobalContextEntry")
+}
func (c *withTracing) PolicyExceptions(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.PolicyExceptionInterface {
return policyexceptions.WithTracing(c.inner.PolicyExceptions(namespace), c.client, "PolicyException")
}
@@ -76,6 +84,9 @@ func (c *withLogging) CleanupPolicies(namespace string) github_com_kyverno_kyver
func (c *withLogging) ClusterCleanupPolicies() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.ClusterCleanupPolicyInterface {
return clustercleanuppolicies.WithLogging(c.inner.ClusterCleanupPolicies(), c.logger.WithValues("resource", "ClusterCleanupPolicies"))
}
+func (c *withLogging) GlobalContextEntries() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.GlobalContextEntryInterface {
+ return globalcontextentries.WithLogging(c.inner.GlobalContextEntries(), c.logger.WithValues("resource", "GlobalContextEntries"))
+}
func (c *withLogging) PolicyExceptions(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.PolicyExceptionInterface {
return policyexceptions.WithLogging(c.inner.PolicyExceptions(namespace), c.logger.WithValues("resource", "PolicyExceptions").WithValues("namespace", namespace))
}
diff --git a/pkg/clients/kyverno/kyvernov2alpha1/globalcontextentries/resource.generated.go b/pkg/clients/kyverno/kyvernov2alpha1/globalcontextentries/resource.generated.go
new file mode 100644
index 0000000000..9ffc9ac057
--- /dev/null
+++ b/pkg/clients/kyverno/kyvernov2alpha1/globalcontextentries/resource.generated.go
@@ -0,0 +1,373 @@
+package resource
+
+import (
+ context "context"
+ "fmt"
+ "time"
+
+ "github.com/go-logr/logr"
+ github_com_kyverno_kyverno_api_kyverno_v2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
+ github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2alpha1"
+ "github.com/kyverno/kyverno/pkg/metrics"
+ "github.com/kyverno/kyverno/pkg/tracing"
+ "go.opentelemetry.io/otel/trace"
+ "go.uber.org/multierr"
+ k8s_io_apimachinery_pkg_apis_meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ k8s_io_apimachinery_pkg_types "k8s.io/apimachinery/pkg/types"
+ k8s_io_apimachinery_pkg_watch "k8s.io/apimachinery/pkg/watch"
+)
+
+func WithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.GlobalContextEntryInterface, logger logr.Logger) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.GlobalContextEntryInterface {
+ return &withLogging{inner, logger}
+}
+
+func WithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.GlobalContextEntryInterface, recorder metrics.Recorder) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.GlobalContextEntryInterface {
+ return &withMetrics{inner, recorder}
+}
+
+func WithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.GlobalContextEntryInterface, client, kind string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.GlobalContextEntryInterface {
+ return &withTracing{inner, client, kind}
+}
+
+type withLogging struct {
+ inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.GlobalContextEntryInterface
+ logger logr.Logger
+}
+
+func (c *withLogging) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Create")
+ ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "Create failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Create done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Delete")
+ ret0 := c.inner.Delete(arg0, arg1, arg2)
+ if err := multierr.Combine(ret0); err != nil {
+ logger.Error(err, "Delete failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Delete done", "duration", time.Since(start))
+ }
+ return ret0
+}
+func (c *withLogging) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "DeleteCollection")
+ ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
+ if err := multierr.Combine(ret0); err != nil {
+ logger.Error(err, "DeleteCollection failed", "duration", time.Since(start))
+ } else {
+ logger.Info("DeleteCollection done", "duration", time.Since(start))
+ }
+ return ret0
+}
+func (c *withLogging) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Get")
+ ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "Get failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Get done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntryList, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "List")
+ ret0, ret1 := c.inner.List(arg0, arg1)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "List failed", "duration", time.Since(start))
+ } else {
+ logger.Info("List done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Patch")
+ ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "Patch failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Patch done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Update")
+ ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "Update failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Update done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) UpdateStatus(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "UpdateStatus")
+ ret0, ret1 := c.inner.UpdateStatus(arg0, arg1, arg2)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "UpdateStatus failed", "duration", time.Since(start))
+ } else {
+ logger.Info("UpdateStatus done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+func (c *withLogging) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+ start := time.Now()
+ logger := c.logger.WithValues("operation", "Watch")
+ ret0, ret1 := c.inner.Watch(arg0, arg1)
+ if err := multierr.Combine(ret1); err != nil {
+ logger.Error(err, "Watch failed", "duration", time.Since(start))
+ } else {
+ logger.Info("Watch done", "duration", time.Since(start))
+ }
+ return ret0, ret1
+}
+
+type withMetrics struct {
+ inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.GlobalContextEntryInterface
+ recorder metrics.Recorder
+}
+
+func (c *withMetrics) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+ defer c.recorder.RecordWithContext(arg0, "create")
+ return c.inner.Create(arg0, arg1, arg2)
+}
+func (c *withMetrics) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+ defer c.recorder.RecordWithContext(arg0, "delete")
+ return c.inner.Delete(arg0, arg1, arg2)
+}
+func (c *withMetrics) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+ defer c.recorder.RecordWithContext(arg0, "delete_collection")
+ return c.inner.DeleteCollection(arg0, arg1, arg2)
+}
+func (c *withMetrics) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+ defer c.recorder.RecordWithContext(arg0, "get")
+ return c.inner.Get(arg0, arg1, arg2)
+}
+func (c *withMetrics) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntryList, error) {
+ defer c.recorder.RecordWithContext(arg0, "list")
+ return c.inner.List(arg0, arg1)
+}
+func (c *withMetrics) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+ defer c.recorder.RecordWithContext(arg0, "patch")
+ return c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+}
+func (c *withMetrics) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+ defer c.recorder.RecordWithContext(arg0, "update")
+ return c.inner.Update(arg0, arg1, arg2)
+}
+func (c *withMetrics) UpdateStatus(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+ defer c.recorder.RecordWithContext(arg0, "update_status")
+ return c.inner.UpdateStatus(arg0, arg1, arg2)
+}
+func (c *withMetrics) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+ defer c.recorder.RecordWithContext(arg0, "watch")
+ return c.inner.Watch(arg0, arg1)
+}
+
+type withTracing struct {
+ inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.GlobalContextEntryInterface
+ client string
+ kind string
+}
+
+func (c *withTracing) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Create"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Create"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Delete"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Delete"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0 := c.inner.Delete(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret0)
+ }
+ return ret0
+}
+func (c *withTracing) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "DeleteCollection"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("DeleteCollection"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret0)
+ }
+ return ret0
+}
+func (c *withTracing) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Get"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Get"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntryList, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "List"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("List"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.List(arg0, arg1)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Patch"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Patch"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Update"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Update"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) UpdateStatus(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_v2alpha1.GlobalContextEntry, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "UpdateStatus"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("UpdateStatus"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.UpdateStatus(arg0, arg1, arg2)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}
+func (c *withTracing) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+ var span trace.Span
+ if tracing.IsInSpan(arg0) {
+ arg0, span = tracing.StartChildSpan(
+ arg0,
+ "",
+ fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Watch"),
+ trace.WithAttributes(
+ tracing.KubeClientGroupKey.String(c.client),
+ tracing.KubeClientKindKey.String(c.kind),
+ tracing.KubeClientOperationKey.String("Watch"),
+ ),
+ )
+ defer span.End()
+ }
+ ret0, ret1 := c.inner.Watch(arg0, arg1)
+ if span != nil {
+ tracing.SetSpanStatus(span, ret1)
+ }
+ return ret0, ret1
+}