From 0c22858bbcf5e914d46e10fd5fb710935195d7f4 Mon Sep 17 00:00:00 2001 From: Jim Bugwadia Date: Wed, 26 Apr 2023 16:31:44 -0700 Subject: [PATCH] add support for Kubernetes API server POST (#6948) * allow POST for Kubernetes API calls Signed-off-by: Jim Bugwadia * add kuttl tests Signed-off-by: Jim Bugwadia * fmt and undo local changes Signed-off-by: Jim Bugwadia * fix codegen and unit test Signed-off-by: Jim Bugwadia * fix unit test Signed-off-by: Jim Bugwadia * fix tests and extends docs Signed-off-by: Jim Bugwadia --------- Signed-off-by: Jim Bugwadia --- api/kyverno/v1/common_types.go | 29 +- api/kyverno/v1/zz_generated.deepcopy.go | 16 +- charts/kyverno/templates/crds/crds.yaml | 2406 ++++++++--------- config/crds/kyverno.io_cleanuppolicies.yaml | 67 +- .../kyverno.io_clustercleanuppolicies.yaml | 67 +- config/crds/kyverno.io_clusterpolicies.yaml | 1136 ++++---- config/crds/kyverno.io_policies.yaml | 1136 ++++---- config/install-latest-testing.yaml | 2406 ++++++++--------- docs/user/crd/index.html | 68 +- pkg/clients/dclient/client.go | 16 +- pkg/engine/apicall/apiCall.go | 65 +- pkg/engine/apicall/apiCall_test.go | 8 +- pkg/policy/validate.go | 20 +- .../subjectaccessreview/01-assert.yaml | 9 + .../subjectaccessreview/01-manifests.yaml | 81 + .../subjectaccessreview/02-teststep.yaml | 7 + .../apicalls/subjectaccessreview/README.md | 13 + .../subjectaccessreview/cm-default-ns.yaml | 6 + .../subjectaccessreview/cm-test-ns.yaml | 6 + 19 files changed, 3857 insertions(+), 3705 deletions(-) create mode 100644 test/conformance/kuttl/validate/clusterpolicy/standard/apicalls/subjectaccessreview/01-assert.yaml create mode 100644 test/conformance/kuttl/validate/clusterpolicy/standard/apicalls/subjectaccessreview/01-manifests.yaml create mode 100644 test/conformance/kuttl/validate/clusterpolicy/standard/apicalls/subjectaccessreview/02-teststep.yaml create mode 100644 test/conformance/kuttl/validate/clusterpolicy/standard/apicalls/subjectaccessreview/README.md create mode 100644 test/conformance/kuttl/validate/clusterpolicy/standard/apicalls/subjectaccessreview/cm-default-ns.yaml create mode 100644 test/conformance/kuttl/validate/clusterpolicy/standard/apicalls/subjectaccessreview/cm-test-ns.yaml diff --git a/api/kyverno/v1/common_types.go b/api/kyverno/v1/common_types.go index b8637c70d8..dbd7df9deb 100644 --- a/api/kyverno/v1/common_types.go +++ b/api/kyverno/v1/common_types.go @@ -7,7 +7,6 @@ import ( "github.com/sigstore/k8s-manifest-sigstore/pkg/k8smanifest" admissionv1 "k8s.io/api/admission/v1" "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions" - apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/pod-security-admission/api" @@ -116,12 +115,22 @@ type ConfigMapReference struct { } type APICall struct { - // URLPath is the URL path to be used in the HTTP GET request to the + // URLPath is the URL path to be used in the HTTP GET or POST request to the // Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). // The format required is the same format used by the `kubectl get --raw` command. + // See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + // for details. // +kubebuilder:validation:Optional URLPath string `json:"urlPath" yaml:"urlPath"` + // Method is the HTTP request type (GET or POST). + // +kubebuilder:default=GET + Method Method `json:"method,omitempty" yaml:"method,omitempty"` + + // Data specifies the POST data sent to the server. + // +kubebuilder:validation:Optional + Data []RequestData `json:"data,omitempty" yaml:"data,omitempty"` + // Service is an API call to a JSON web service // +kubebuilder:validation:Optional Service *ServiceCall `json:"service,omitempty" yaml:"service,omitempty"` @@ -136,22 +145,14 @@ type APICall struct { } type ServiceCall struct { - // URL is the JSON web service URL. - // The typical format is `https://{service}.{namespace}:{port}/{path}`. - URL string `json:"urlPath" yaml:"urlPath"` + // URL is the JSON web service URL. A typical form is + // `https://{service}.{namespace}:{port}/{path}`. + URL string `json:"url" yaml:"url"` // CABundle is a PEM encoded CA bundle which will be used to validate // the server certificate. // +kubebuilder:validation:Optional CABundle string `json:"caBundle" yaml:"caBundle"` - - // Method is the HTTP request type (GET or POST). - // +kubebuilder:default=GET - Method Method `json:"requestType" yaml:"requestType"` - - // Data specifies the POST data sent to the server. - // +kubebuilder:validation:Optional - Data []RequestData `json:"data" yaml:"data"` } // Method is a HTTP request type. @@ -164,7 +165,7 @@ type RequestData struct { Key string `json:"key" yaml:"key"` // Value is the data value - Value *apiextensionsv1.JSON `json:"value" yaml:"value"` + Value *apiextv1.JSON `json:"value" yaml:"value"` } // Condition defines variable-based conditional criteria for rule execution. diff --git a/api/kyverno/v1/zz_generated.deepcopy.go b/api/kyverno/v1/zz_generated.deepcopy.go index 4c5c990fc5..b6aeef0bd6 100755 --- a/api/kyverno/v1/zz_generated.deepcopy.go +++ b/api/kyverno/v1/zz_generated.deepcopy.go @@ -32,10 +32,17 @@ import ( // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *APICall) DeepCopyInto(out *APICall) { *out = *in + if in.Data != nil { + in, out := &in.Data, &out.Data + *out = make([]RequestData, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Service != nil { in, out := &in.Service, &out.Service *out = new(ServiceCall) - (*in).DeepCopyInto(*out) + **out = **in } } @@ -1166,13 +1173,6 @@ func (in *SecretReference) DeepCopy() *SecretReference { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ServiceCall) DeepCopyInto(out *ServiceCall) { *out = *in - if in.Data != nil { - in, out := &in.Data, &out.Data - *out = make([]RequestData, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceCall. diff --git a/charts/kyverno/templates/crds/crds.yaml b/charts/kyverno/templates/crds/crds.yaml index 1dece0859c..562316ce40 100644 --- a/charts/kyverno/templates/crds/crds.yaml +++ b/charts/kyverno/templates/crds/crds.yaml @@ -790,6 +790,23 @@ spec: server, or other JSON web service. The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent to the server. + items: + description: RequestData contains the HTTP POST data + properties: + key: + description: Key is a unique identifier for the data + value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response returned @@ -798,6 +815,13 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service properties: @@ -805,45 +829,20 @@ spec: description: CABundle is a PEM encoded CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data sent to the - server. - items: - description: RequestData contains the HTTP POST data - properties: - key: - description: Key is a unique identifier for the - data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type (GET or - POST). - enum: - - GET - - POST - type: string - urlPath: - description: URL is the JSON web service URL. The typical - format is `https://{service}.{namespace}:{port}/{path}`. + url: + description: URL is the JSON web service URL. A typical + form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used in the HTTP - GET request to the Kubernetes API server (e.g. "/api/v1/namespaces" - or "/apis/apps/v1/deployments"). The format required - is the same format used by the `kubectl get --raw` command. + GET or POST request to the Kubernetes API server (e.g. + "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + The format required is the same format used by the `kubectl + get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -2660,6 +2659,23 @@ spec: server, or other JSON web service. The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent to the server. + items: + description: RequestData contains the HTTP POST data + properties: + key: + description: Key is a unique identifier for the data + value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response returned @@ -2668,6 +2684,13 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service properties: @@ -2675,45 +2698,20 @@ spec: description: CABundle is a PEM encoded CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data sent to the - server. - items: - description: RequestData contains the HTTP POST data - properties: - key: - description: Key is a unique identifier for the - data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type (GET or - POST). - enum: - - GET - - POST - type: string - urlPath: - description: URL is the JSON web service URL. The typical - format is `https://{service}.{namespace}:{port}/{path}`. + url: + description: URL is the JSON web service URL. A typical + form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used in the HTTP - GET request to the Kubernetes API server (e.g. "/api/v1/namespaces" - or "/apis/apps/v1/deployments"). The format required - is the same format used by the `kubectl get --raw` command. + GET or POST request to the Kubernetes API server (e.g. + "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + The format required is the same format used by the `kubectl + get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -3884,6 +3882,25 @@ spec: is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent to + the server. + items: + description: RequestData contains the HTTP POST + data + properties: + key: + description: Key is a unique identifier for + the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response @@ -3893,6 +3910,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET + or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -3901,47 +3926,20 @@ spec: description: CABundle is a PEM encoded CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data sent - to the server. - items: - description: RequestData contains the HTTP POST - data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type (GET - or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service URL. - The typical format is `https://{service}.{namespace}:{port}/{path}`. + A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used in - the HTTP GET request to the Kubernetes API server - (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + the HTTP GET or POST request to the Kubernetes API + server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the - `kubectl get --raw` command. + `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -5543,6 +5541,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -5553,6 +5570,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -5562,49 +5587,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -5824,6 +5822,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -5834,6 +5851,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -5843,49 +5868,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -6028,6 +6026,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -6038,6 +6055,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -6047,49 +6072,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -7359,6 +7357,25 @@ spec: returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent + to the server. + items: + description: RequestData contains the HTTP POST + data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the @@ -7368,6 +7385,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET + or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -7377,47 +7402,20 @@ spec: bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data - sent to the server. - items: - description: RequestData contains the HTTP - POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type - (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service URL. - The typical format is `https://{service}.{namespace}:{port}/{path}`. + A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used - in the HTTP GET request to the Kubernetes API - server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + in the HTTP GET or POST request to the Kubernetes + API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -9092,6 +9090,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -9103,6 +9121,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -9112,51 +9138,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -9387,6 +9385,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -9398,6 +9416,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -9407,51 +9433,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -9602,6 +9600,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -9613,6 +9631,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -9622,51 +9648,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -11087,6 +11085,25 @@ spec: is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent to + the server. + items: + description: RequestData contains the HTTP POST + data + properties: + key: + description: Key is a unique identifier for + the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response @@ -11096,6 +11113,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET + or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -11104,47 +11129,20 @@ spec: description: CABundle is a PEM encoded CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data sent - to the server. - items: - description: RequestData contains the HTTP POST - data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type (GET - or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service URL. - The typical format is `https://{service}.{namespace}:{port}/{path}`. + A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used in - the HTTP GET request to the Kubernetes API server - (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + the HTTP GET or POST request to the Kubernetes API + server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the - `kubectl get --raw` command. + `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -12320,6 +12318,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -12330,6 +12347,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -12339,49 +12364,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -12601,6 +12599,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -12611,6 +12628,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -12620,49 +12645,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -12973,6 +12971,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -12983,6 +13000,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -12992,49 +13017,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -14264,6 +14262,25 @@ spec: returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent + to the server. + items: + description: RequestData contains the HTTP POST + data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the @@ -14273,6 +14290,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET + or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -14282,47 +14307,20 @@ spec: bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data - sent to the server. - items: - description: RequestData contains the HTTP - POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type - (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service URL. - The typical format is `https://{service}.{namespace}:{port}/{path}`. + A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used - in the HTTP GET request to the Kubernetes API - server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + in the HTTP GET or POST request to the Kubernetes + API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -15997,6 +15995,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -16008,6 +16026,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -16017,51 +16043,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -16292,6 +16290,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -16303,6 +16321,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -16312,51 +16338,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -16507,6 +16505,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -16518,6 +16536,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -16527,51 +16553,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -18019,6 +18017,25 @@ spec: is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent to + the server. + items: + description: RequestData contains the HTTP POST + data + properties: + key: + description: Key is a unique identifier for + the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response @@ -18028,6 +18045,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET + or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -18036,47 +18061,20 @@ spec: description: CABundle is a PEM encoded CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data sent - to the server. - items: - description: RequestData contains the HTTP POST - data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type (GET - or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service URL. - The typical format is `https://{service}.{namespace}:{port}/{path}`. + A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used in - the HTTP GET request to the Kubernetes API server - (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + the HTTP GET or POST request to the Kubernetes API + server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the - `kubectl get --raw` command. + `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -19678,6 +19676,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -19688,6 +19705,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -19697,49 +19722,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -19959,6 +19957,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -19969,6 +19986,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -19978,49 +20003,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -20163,6 +20161,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -20173,6 +20190,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -20182,49 +20207,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -21495,6 +21493,25 @@ spec: returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent + to the server. + items: + description: RequestData contains the HTTP POST + data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the @@ -21504,6 +21521,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET + or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -21513,47 +21538,20 @@ spec: bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data - sent to the server. - items: - description: RequestData contains the HTTP - POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type - (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service URL. - The typical format is `https://{service}.{namespace}:{port}/{path}`. + A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used - in the HTTP GET request to the Kubernetes API - server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + in the HTTP GET or POST request to the Kubernetes + API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -23228,6 +23226,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -23239,6 +23257,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -23248,51 +23274,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -23523,6 +23521,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -23534,6 +23552,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -23543,51 +23569,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -23738,6 +23736,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -23749,6 +23767,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -23758,51 +23784,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -25224,6 +25222,25 @@ spec: is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent to + the server. + items: + description: RequestData contains the HTTP POST + data + properties: + key: + description: Key is a unique identifier for + the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response @@ -25233,6 +25250,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET + or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -25241,47 +25266,20 @@ spec: description: CABundle is a PEM encoded CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data sent - to the server. - items: - description: RequestData contains the HTTP POST - data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type (GET - or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service URL. - The typical format is `https://{service}.{namespace}:{port}/{path}`. + A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used in - the HTTP GET request to the Kubernetes API server - (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + the HTTP GET or POST request to the Kubernetes API + server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the - `kubectl get --raw` command. + `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -26457,6 +26455,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -26467,6 +26484,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -26476,49 +26501,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -26738,6 +26736,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -26748,6 +26765,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -26757,49 +26782,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -27110,6 +27108,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -27120,6 +27137,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -27129,49 +27154,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -28401,6 +28399,25 @@ spec: returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent + to the server. + items: + description: RequestData contains the HTTP POST + data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the @@ -28410,6 +28427,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET + or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -28419,47 +28444,20 @@ spec: bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data - sent to the server. - items: - description: RequestData contains the HTTP - POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type - (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service URL. - The typical format is `https://{service}.{namespace}:{port}/{path}`. + A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used - in the HTTP GET request to the Kubernetes API - server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + in the HTTP GET or POST request to the Kubernetes + API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -30134,6 +30132,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -30145,6 +30163,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -30154,51 +30180,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -30429,6 +30427,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -30440,6 +30458,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -30449,51 +30475,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -30644,6 +30642,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -30655,6 +30673,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -30664,51 +30690,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: diff --git a/config/crds/kyverno.io_cleanuppolicies.yaml b/config/crds/kyverno.io_cleanuppolicies.yaml index 053b4baffc..56d8f011a6 100644 --- a/config/crds/kyverno.io_cleanuppolicies.yaml +++ b/config/crds/kyverno.io_cleanuppolicies.yaml @@ -143,6 +143,23 @@ spec: server, or other JSON web service. The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent to the server. + items: + description: RequestData contains the HTTP POST data + properties: + key: + description: Key is a unique identifier for the data + value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response returned @@ -151,6 +168,13 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service properties: @@ -158,45 +182,20 @@ spec: description: CABundle is a PEM encoded CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data sent to the - server. - items: - description: RequestData contains the HTTP POST data - properties: - key: - description: Key is a unique identifier for the - data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type (GET or - POST). - enum: - - GET - - POST - type: string - urlPath: - description: URL is the JSON web service URL. The typical - format is `https://{service}.{namespace}:{port}/{path}`. + url: + description: URL is the JSON web service URL. A typical + form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used in the HTTP - GET request to the Kubernetes API server (e.g. "/api/v1/namespaces" - or "/apis/apps/v1/deployments"). The format required - is the same format used by the `kubectl get --raw` command. + GET or POST request to the Kubernetes API server (e.g. + "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + The format required is the same format used by the `kubectl + get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: diff --git a/config/crds/kyverno.io_clustercleanuppolicies.yaml b/config/crds/kyverno.io_clustercleanuppolicies.yaml index c109cb65c7..ea7fddb30a 100644 --- a/config/crds/kyverno.io_clustercleanuppolicies.yaml +++ b/config/crds/kyverno.io_clustercleanuppolicies.yaml @@ -143,6 +143,23 @@ spec: server, or other JSON web service. The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent to the server. + items: + description: RequestData contains the HTTP POST data + properties: + key: + description: Key is a unique identifier for the data + value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response returned @@ -151,6 +168,13 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service properties: @@ -158,45 +182,20 @@ spec: description: CABundle is a PEM encoded CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data sent to the - server. - items: - description: RequestData contains the HTTP POST data - properties: - key: - description: Key is a unique identifier for the - data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type (GET or - POST). - enum: - - GET - - POST - type: string - urlPath: - description: URL is the JSON web service URL. The typical - format is `https://{service}.{namespace}:{port}/{path}`. + url: + description: URL is the JSON web service URL. A typical + form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used in the HTTP - GET request to the Kubernetes API server (e.g. "/api/v1/namespaces" - or "/apis/apps/v1/deployments"). The format required - is the same format used by the `kubectl get --raw` command. + GET or POST request to the Kubernetes API server (e.g. + "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + The format required is the same format used by the `kubectl + get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: diff --git a/config/crds/kyverno.io_clusterpolicies.yaml b/config/crds/kyverno.io_clusterpolicies.yaml index 0bef098a9b..e661fd1216 100644 --- a/config/crds/kyverno.io_clusterpolicies.yaml +++ b/config/crds/kyverno.io_clusterpolicies.yaml @@ -140,6 +140,25 @@ spec: is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent to + the server. + items: + description: RequestData contains the HTTP POST + data + properties: + key: + description: Key is a unique identifier for + the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response @@ -149,6 +168,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET + or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -157,47 +184,20 @@ spec: description: CABundle is a PEM encoded CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data sent - to the server. - items: - description: RequestData contains the HTTP POST - data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type (GET - or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service URL. - The typical format is `https://{service}.{namespace}:{port}/{path}`. + A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used in - the HTTP GET request to the Kubernetes API server - (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + the HTTP GET or POST request to the Kubernetes API + server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the - `kubectl get --raw` command. + `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -1799,6 +1799,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -1809,6 +1828,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -1818,49 +1845,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -2080,6 +2080,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -2090,6 +2109,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -2099,49 +2126,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -2284,6 +2284,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -2294,6 +2313,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -2303,49 +2330,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -3615,6 +3615,25 @@ spec: returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent + to the server. + items: + description: RequestData contains the HTTP POST + data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the @@ -3624,6 +3643,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET + or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -3633,47 +3660,20 @@ spec: bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data - sent to the server. - items: - description: RequestData contains the HTTP - POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type - (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service URL. - The typical format is `https://{service}.{namespace}:{port}/{path}`. + A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used - in the HTTP GET request to the Kubernetes API - server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + in the HTTP GET or POST request to the Kubernetes + API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -5348,6 +5348,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -5359,6 +5379,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -5368,51 +5396,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -5643,6 +5643,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -5654,6 +5674,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -5663,51 +5691,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -5858,6 +5858,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -5869,6 +5889,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -5878,51 +5906,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -7343,6 +7343,25 @@ spec: is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent to + the server. + items: + description: RequestData contains the HTTP POST + data + properties: + key: + description: Key is a unique identifier for + the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response @@ -7352,6 +7371,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET + or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -7360,47 +7387,20 @@ spec: description: CABundle is a PEM encoded CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data sent - to the server. - items: - description: RequestData contains the HTTP POST - data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type (GET - or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service URL. - The typical format is `https://{service}.{namespace}:{port}/{path}`. + A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used in - the HTTP GET request to the Kubernetes API server - (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + the HTTP GET or POST request to the Kubernetes API + server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the - `kubectl get --raw` command. + `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -8576,6 +8576,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -8586,6 +8605,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -8595,49 +8622,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -8857,6 +8857,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -8867,6 +8886,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -8876,49 +8903,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -9229,6 +9229,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -9239,6 +9258,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -9248,49 +9275,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -10520,6 +10520,25 @@ spec: returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent + to the server. + items: + description: RequestData contains the HTTP POST + data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the @@ -10529,6 +10548,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET + or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -10538,47 +10565,20 @@ spec: bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data - sent to the server. - items: - description: RequestData contains the HTTP - POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type - (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service URL. - The typical format is `https://{service}.{namespace}:{port}/{path}`. + A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used - in the HTTP GET request to the Kubernetes API - server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + in the HTTP GET or POST request to the Kubernetes + API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -12253,6 +12253,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -12264,6 +12284,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -12273,51 +12301,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -12548,6 +12548,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -12559,6 +12579,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -12568,51 +12596,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -12763,6 +12763,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -12774,6 +12794,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -12783,51 +12811,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: diff --git a/config/crds/kyverno.io_policies.yaml b/config/crds/kyverno.io_policies.yaml index a4b3f2998a..43563d745d 100644 --- a/config/crds/kyverno.io_policies.yaml +++ b/config/crds/kyverno.io_policies.yaml @@ -141,6 +141,25 @@ spec: is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent to + the server. + items: + description: RequestData contains the HTTP POST + data + properties: + key: + description: Key is a unique identifier for + the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response @@ -150,6 +169,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET + or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -158,47 +185,20 @@ spec: description: CABundle is a PEM encoded CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data sent - to the server. - items: - description: RequestData contains the HTTP POST - data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type (GET - or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service URL. - The typical format is `https://{service}.{namespace}:{port}/{path}`. + A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used in - the HTTP GET request to the Kubernetes API server - (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + the HTTP GET or POST request to the Kubernetes API + server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the - `kubectl get --raw` command. + `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -1800,6 +1800,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -1810,6 +1829,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -1819,49 +1846,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -2081,6 +2081,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -2091,6 +2110,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -2100,49 +2127,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -2285,6 +2285,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -2295,6 +2314,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -2304,49 +2331,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -3617,6 +3617,25 @@ spec: returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent + to the server. + items: + description: RequestData contains the HTTP POST + data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the @@ -3626,6 +3645,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET + or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -3635,47 +3662,20 @@ spec: bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data - sent to the server. - items: - description: RequestData contains the HTTP - POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type - (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service URL. - The typical format is `https://{service}.{namespace}:{port}/{path}`. + A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used - in the HTTP GET request to the Kubernetes API - server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + in the HTTP GET or POST request to the Kubernetes + API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -5350,6 +5350,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -5361,6 +5381,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -5370,51 +5398,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -5645,6 +5645,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -5656,6 +5676,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -5665,51 +5693,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -5860,6 +5860,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -5871,6 +5891,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -5880,51 +5908,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -7346,6 +7346,25 @@ spec: is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent to + the server. + items: + description: RequestData contains the HTTP POST + data + properties: + key: + description: Key is a unique identifier for + the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response @@ -7355,6 +7374,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET + or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -7363,47 +7390,20 @@ spec: description: CABundle is a PEM encoded CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data sent - to the server. - items: - description: RequestData contains the HTTP POST - data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type (GET - or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service URL. - The typical format is `https://{service}.{namespace}:{port}/{path}`. + A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used in - the HTTP GET request to the Kubernetes API server - (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + the HTTP GET or POST request to the Kubernetes API + server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the - `kubectl get --raw` command. + `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -8579,6 +8579,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -8589,6 +8608,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -8598,49 +8625,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -8860,6 +8860,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -8870,6 +8889,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -8879,49 +8906,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -9232,6 +9232,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -9242,6 +9261,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -9251,49 +9278,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -10523,6 +10523,25 @@ spec: returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent + to the server. + items: + description: RequestData contains the HTTP POST + data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the @@ -10532,6 +10551,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET + or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -10541,47 +10568,20 @@ spec: bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data - sent to the server. - items: - description: RequestData contains the HTTP - POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type - (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service URL. - The typical format is `https://{service}.{namespace}:{port}/{path}`. + A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used - in the HTTP GET request to the Kubernetes API - server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + in the HTTP GET or POST request to the Kubernetes + API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -12256,6 +12256,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -12267,6 +12287,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -12276,51 +12304,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -12551,6 +12551,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -12562,6 +12582,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -12571,51 +12599,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -12766,6 +12766,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -12777,6 +12797,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -12786,51 +12814,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: diff --git a/config/install-latest-testing.yaml b/config/install-latest-testing.yaml index 94b0323e12..3d78e09b6f 100644 --- a/config/install-latest-testing.yaml +++ b/config/install-latest-testing.yaml @@ -993,6 +993,23 @@ spec: server, or other JSON web service. The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent to the server. + items: + description: RequestData contains the HTTP POST data + properties: + key: + description: Key is a unique identifier for the data + value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response returned @@ -1001,6 +1018,13 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service properties: @@ -1008,45 +1032,20 @@ spec: description: CABundle is a PEM encoded CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data sent to the - server. - items: - description: RequestData contains the HTTP POST data - properties: - key: - description: Key is a unique identifier for the - data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type (GET or - POST). - enum: - - GET - - POST - type: string - urlPath: - description: URL is the JSON web service URL. The typical - format is `https://{service}.{namespace}:{port}/{path}`. + url: + description: URL is the JSON web service URL. A typical + form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used in the HTTP - GET request to the Kubernetes API server (e.g. "/api/v1/namespaces" - or "/apis/apps/v1/deployments"). The format required - is the same format used by the `kubectl get --raw` command. + GET or POST request to the Kubernetes API server (e.g. + "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + The format required is the same format used by the `kubectl + get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -2863,6 +2862,23 @@ spec: server, or other JSON web service. The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent to the server. + items: + description: RequestData contains the HTTP POST data + properties: + key: + description: Key is a unique identifier for the data + value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response returned @@ -2871,6 +2887,13 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service properties: @@ -2878,45 +2901,20 @@ spec: description: CABundle is a PEM encoded CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data sent to the - server. - items: - description: RequestData contains the HTTP POST data - properties: - key: - description: Key is a unique identifier for the - data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type (GET or - POST). - enum: - - GET - - POST - type: string - urlPath: - description: URL is the JSON web service URL. The typical - format is `https://{service}.{namespace}:{port}/{path}`. + url: + description: URL is the JSON web service URL. A typical + form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used in the HTTP - GET request to the Kubernetes API server (e.g. "/api/v1/namespaces" - or "/apis/apps/v1/deployments"). The format required - is the same format used by the `kubectl get --raw` command. + GET or POST request to the Kubernetes API server (e.g. + "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + The format required is the same format used by the `kubectl + get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -4087,6 +4085,25 @@ spec: is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent to + the server. + items: + description: RequestData contains the HTTP POST + data + properties: + key: + description: Key is a unique identifier for + the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response @@ -4096,6 +4113,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET + or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -4104,47 +4129,20 @@ spec: description: CABundle is a PEM encoded CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data sent - to the server. - items: - description: RequestData contains the HTTP POST - data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type (GET - or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service URL. - The typical format is `https://{service}.{namespace}:{port}/{path}`. + A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used in - the HTTP GET request to the Kubernetes API server - (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + the HTTP GET or POST request to the Kubernetes API + server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the - `kubectl get --raw` command. + `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -5746,6 +5744,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -5756,6 +5773,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -5765,49 +5790,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -6027,6 +6025,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -6037,6 +6054,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -6046,49 +6071,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -6231,6 +6229,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -6241,6 +6258,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -6250,49 +6275,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -7562,6 +7560,25 @@ spec: returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent + to the server. + items: + description: RequestData contains the HTTP POST + data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the @@ -7571,6 +7588,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET + or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -7580,47 +7605,20 @@ spec: bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data - sent to the server. - items: - description: RequestData contains the HTTP - POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type - (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service URL. - The typical format is `https://{service}.{namespace}:{port}/{path}`. + A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used - in the HTTP GET request to the Kubernetes API - server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + in the HTTP GET or POST request to the Kubernetes + API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -9295,6 +9293,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -9306,6 +9324,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -9315,51 +9341,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -9590,6 +9588,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -9601,6 +9619,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -9610,51 +9636,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -9805,6 +9803,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -9816,6 +9834,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -9825,51 +9851,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -11290,6 +11288,25 @@ spec: is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent to + the server. + items: + description: RequestData contains the HTTP POST + data + properties: + key: + description: Key is a unique identifier for + the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response @@ -11299,6 +11316,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET + or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -11307,47 +11332,20 @@ spec: description: CABundle is a PEM encoded CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data sent - to the server. - items: - description: RequestData contains the HTTP POST - data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type (GET - or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service URL. - The typical format is `https://{service}.{namespace}:{port}/{path}`. + A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used in - the HTTP GET request to the Kubernetes API server - (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + the HTTP GET or POST request to the Kubernetes API + server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the - `kubectl get --raw` command. + `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -12523,6 +12521,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -12533,6 +12550,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -12542,49 +12567,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -12804,6 +12802,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -12814,6 +12831,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -12823,49 +12848,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -13176,6 +13174,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -13186,6 +13203,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -13195,49 +13220,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -14467,6 +14465,25 @@ spec: returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent + to the server. + items: + description: RequestData contains the HTTP POST + data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the @@ -14476,6 +14493,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET + or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -14485,47 +14510,20 @@ spec: bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data - sent to the server. - items: - description: RequestData contains the HTTP - POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type - (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service URL. - The typical format is `https://{service}.{namespace}:{port}/{path}`. + A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used - in the HTTP GET request to the Kubernetes API - server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + in the HTTP GET or POST request to the Kubernetes + API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -16200,6 +16198,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -16211,6 +16229,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -16220,51 +16246,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -16495,6 +16493,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -16506,6 +16524,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -16515,51 +16541,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -16710,6 +16708,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -16721,6 +16739,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -16730,51 +16756,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -18222,6 +18220,25 @@ spec: is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent to + the server. + items: + description: RequestData contains the HTTP POST + data + properties: + key: + description: Key is a unique identifier for + the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response @@ -18231,6 +18248,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET + or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -18239,47 +18264,20 @@ spec: description: CABundle is a PEM encoded CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data sent - to the server. - items: - description: RequestData contains the HTTP POST - data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type (GET - or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service URL. - The typical format is `https://{service}.{namespace}:{port}/{path}`. + A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used in - the HTTP GET request to the Kubernetes API server - (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + the HTTP GET or POST request to the Kubernetes API + server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the - `kubectl get --raw` command. + `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -19881,6 +19879,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -19891,6 +19908,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -19900,49 +19925,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -20162,6 +20160,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -20172,6 +20189,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -20181,49 +20206,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -20366,6 +20364,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -20376,6 +20393,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -20385,49 +20410,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -21698,6 +21696,25 @@ spec: returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent + to the server. + items: + description: RequestData contains the HTTP POST + data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the @@ -21707,6 +21724,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET + or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -21716,47 +21741,20 @@ spec: bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data - sent to the server. - items: - description: RequestData contains the HTTP - POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type - (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service URL. - The typical format is `https://{service}.{namespace}:{port}/{path}`. + A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used - in the HTTP GET request to the Kubernetes API - server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + in the HTTP GET or POST request to the Kubernetes + API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -23431,6 +23429,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -23442,6 +23460,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -23451,51 +23477,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -23726,6 +23724,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -23737,6 +23755,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -23746,51 +23772,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -23941,6 +23939,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -23952,6 +23970,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -23961,51 +23987,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -25427,6 +25425,25 @@ spec: is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent to + the server. + items: + description: RequestData contains the HTTP POST + data + properties: + key: + description: Key is a unique identifier for + the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the JSON response @@ -25436,6 +25453,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET + or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -25444,47 +25469,20 @@ spec: description: CABundle is a PEM encoded CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data sent - to the server. - items: - description: RequestData contains the HTTP POST - data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type (GET - or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service URL. - The typical format is `https://{service}.{namespace}:{port}/{path}`. + A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used in - the HTTP GET request to the Kubernetes API server - (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + the HTTP GET or POST request to the Kubernetes API + server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the - `kubectl get --raw` command. + `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -26660,6 +26658,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -26670,6 +26687,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -26679,49 +26704,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -26941,6 +26939,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -26951,6 +26968,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -26960,49 +26985,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -27313,6 +27311,25 @@ spec: The data returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data + sent to the server. + items: + description: RequestData contains the + HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform @@ -27323,6 +27340,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -27332,49 +27357,22 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST - data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data - value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request - type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service - URL. The typical format is `https://{service}.{namespace}:{port}/{path}`. + URL. A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to - be used in the HTTP GET request to the - Kubernetes API server (e.g. "/api/v1/namespaces" + be used in the HTTP GET or POST request + to the Kubernetes API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See + https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -28604,6 +28602,25 @@ spec: returned is stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST data sent + to the server. + items: + description: RequestData contains the HTTP POST + data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be used to transform the @@ -28613,6 +28630,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request type (GET + or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -28622,47 +28647,20 @@ spec: bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the POST data - sent to the server. - items: - description: RequestData contains the HTTP - POST data - properties: - key: - description: Key is a unique identifier - for the data value - type: string - value: - description: Value is the data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP request type - (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web service URL. - The typical format is `https://{service}.{namespace}:{port}/{path}`. + A typical form is `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path to be used - in the HTTP GET request to the Kubernetes API - server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + in the HTTP GET or POST request to the Kubernetes + API server (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used - by the `kubectl get --raw` command. + by the `kubectl get --raw` command. See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -30337,6 +30335,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -30348,6 +30366,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -30357,51 +30383,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -30632,6 +30630,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -30643,6 +30661,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -30652,51 +30678,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: @@ -30847,6 +30845,26 @@ spec: stored in the context with the name for the context entry. properties: + data: + description: Data specifies the POST + data sent to the server. + items: + description: RequestData contains + the HTTP POST data + properties: + key: + description: Key is a unique identifier + for the data value + type: string + value: + description: Value is the data + value + x-kubernetes-preserve-unknown-fields: true + required: + - key + - value + type: object + type: array jmesPath: description: JMESPath is an optional JSON Match Expression that can be @@ -30858,6 +30876,14 @@ spec: will return the total count of deployments across all namespaces. type: string + method: + default: GET + description: Method is the HTTP request + type (GET or POST). + enum: + - GET + - POST + type: string service: description: Service is an API call to a JSON web service @@ -30867,51 +30893,23 @@ spec: CA bundle which will be used to validate the server certificate. type: string - data: - description: Data specifies the - POST data sent to the server. - items: - description: RequestData contains - the HTTP POST data - properties: - key: - description: Key is a unique - identifier for the data - value - type: string - value: - description: Value is the - data value - x-kubernetes-preserve-unknown-fields: true - required: - - key - - value - type: object - type: array - requestType: - default: GET - description: Method is the HTTP - request type (GET or POST). - enum: - - GET - - POST - type: string - urlPath: + url: description: URL is the JSON web - service URL. The typical format - is `https://{service}.{namespace}:{port}/{path}`. + service URL. A typical form is + `https://{service}.{namespace}:{port}/{path}`. type: string required: - - requestType - - urlPath + - url type: object urlPath: description: URLPath is the URL path - to be used in the HTTP GET request - to the Kubernetes API server (e.g. - "/api/v1/namespaces" or "/apis/apps/v1/deployments"). + to be used in the HTTP GET or POST + request to the Kubernetes API server + (e.g. "/api/v1/namespaces" or "/apis/apps/v1/deployments"). The format required is the same format used by the `kubectl get --raw` command. + See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls + for details. type: string type: object configMap: diff --git a/docs/user/crd/index.html b/docs/user/crd/index.html index 2837f1b7e2..0cc256abb6 100644 --- a/docs/user/crd/index.html +++ b/docs/user/crd/index.html @@ -545,9 +545,37 @@ string -

URLPath is the URL path to be used in the HTTP GET request to the +

URLPath is the URL path to be used in the HTTP GET or POST request to the Kubernetes API server (e.g. “/api/v1/namespaces” or “/apis/apps/v1/deployments”). -The format required is the same format used by the kubectl get --raw command.

+The format required is the same format used by the kubectl get --raw command. +See https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls +for details.

+ + + + +method
+ + +Method + + + + +

Method is the HTTP request type (GET or POST).

+ + + + +data
+ + +[]RequestData + + + + +

Data specifies the POST data sent to the server.

@@ -2274,7 +2302,7 @@ Please specify under “any” or “all” instead.

(string alias)

(Appears on: -ServiceCall) +APICall)

Method is a HTTP request type.

@@ -2587,7 +2615,7 @@ RuleCountStatus

(Appears on: -ServiceCall) +APICall)

RequestData contains the HTTP POST data

@@ -3178,14 +3206,14 @@ string -urlPath
+url
string -

URL is the JSON web service URL. -The typical format is https://{service}.{namespace}:{port}/{path}.

+

URL is the JSON web service URL. A typical form is +https://{service}.{namespace}:{port}/{path}.

@@ -3200,32 +3228,6 @@ string the server certificate.

- - -requestType
- - -Method - - - - -

Method is the HTTP request type (GET or POST).

- - - - -data
- - -[]RequestData - - - - -

Data specifies the POST data sent to the server.

- -
diff --git a/pkg/clients/dclient/client.go b/pkg/clients/dclient/client.go index f5ae08c41f..1cf0e079e0 100644 --- a/pkg/clients/dclient/client.go +++ b/pkg/clients/dclient/client.go @@ -4,6 +4,7 @@ import ( "context" "errors" "fmt" + "io" "time" kubeutils "github.com/kyverno/kyverno/pkg/utils/kube" @@ -31,7 +32,7 @@ type Interface interface { // SetDiscovery sets the discovery client implementation SetDiscovery(discoveryClient IDiscovery) // RawAbsPath performs a raw call to the kubernetes API - RawAbsPath(ctx context.Context, path string) ([]byte, error) + RawAbsPath(ctx context.Context, path string, method string, dataReader io.Reader) ([]byte, error) // GetResource returns the resource in unstructured/json format GetResource(ctx context.Context, apiVersion string, kind string, namespace string, name string, subresources ...string) (*unstructured.Unstructured, error) // PatchResource patches the resource @@ -141,11 +142,20 @@ func (c *client) GetResource(ctx context.Context, apiVersion string, kind string } // RawAbsPath performs a raw call to the kubernetes API -func (c *client) RawAbsPath(ctx context.Context, path string) ([]byte, error) { +func (c *client) RawAbsPath(ctx context.Context, path string, method string, dataReader io.Reader) ([]byte, error) { if c.rest == nil { return nil, errors.New("rest client not supported") } - return c.rest.Get().RequestURI(path).DoRaw(ctx) + + switch method { + case "GET": + return c.rest.Get().RequestURI(path).DoRaw(ctx) + case "POST": + return c.rest.Post().Body(dataReader).RequestURI(path).DoRaw(ctx) + + default: + return nil, fmt.Errorf("method not supported: %s", method) + } } // PatchResource patches the resource diff --git a/pkg/engine/apicall/apiCall.go b/pkg/engine/apicall/apiCall.go index fc91229a6e..cb68201a78 100644 --- a/pkg/engine/apicall/apiCall.go +++ b/pkg/engine/apicall/apiCall.go @@ -69,33 +69,38 @@ func (a *apiCall) Execute(ctx context.Context) ([]byte, error) { func (a *apiCall) execute(ctx context.Context, call *kyvernov1.APICall) ([]byte, error) { if call.URLPath != "" { - return a.executeK8sAPICall(ctx, call.URLPath) + return a.executeK8sAPICall(ctx, call.URLPath, call.Method, call.Data) } - return a.executeServiceCall(ctx, call.Service) + return a.executeServiceCall(ctx, call) } -func (a *apiCall) executeK8sAPICall(ctx context.Context, path string) ([]byte, error) { - jsonData, err := a.client.RawAbsPath(ctx, path) - if err != nil { - return nil, fmt.Errorf("failed to get resource with raw url\n: %s: %v", path, err) - } - - a.logger.V(4).Info("executed APICall", "name", a.entry.Name, "len", len(jsonData)) - return jsonData, nil -} - -func (a *apiCall) executeServiceCall(ctx context.Context, service *kyvernov1.ServiceCall) ([]byte, error) { - if service == nil { - return nil, fmt.Errorf("missing service for APICall %s", a.entry.Name) - } - - client, err := a.buildHTTPClient(service) +func (a *apiCall) executeK8sAPICall(ctx context.Context, path string, method kyvernov1.Method, data []kyvernov1.RequestData) ([]byte, error) { + requestData, err := a.buildRequestData(data) if err != nil { return nil, err } - req, err := a.buildHTTPRequest(ctx, service) + jsonData, err := a.client.RawAbsPath(ctx, path, string(method), requestData) + if err != nil { + return nil, fmt.Errorf("failed to %v resource with raw url\n: %s: %v", method, path, err) + } + + a.logger.V(4).Info("executed APICall", "name", a.entry.Name, "path", path, "method", method, "len", len(jsonData)) + return jsonData, nil +} + +func (a *apiCall) executeServiceCall(ctx context.Context, apiCall *kyvernov1.APICall) ([]byte, error) { + if apiCall.Service == nil { + return nil, fmt.Errorf("missing service for APICall %s", a.entry.Name) + } + + client, err := a.buildHTTPClient(apiCall.Service) + if err != nil { + return nil, err + } + + req, err := a.buildHTTPRequest(ctx, apiCall) if err != nil { return nil, fmt.Errorf("failed to build HTTP request for APICall %s: %w", a.entry.Name, err) } @@ -124,7 +129,11 @@ func (a *apiCall) executeServiceCall(ctx context.Context, service *kyvernov1.Ser return body, nil } -func (a *apiCall) buildHTTPRequest(ctx context.Context, service *kyvernov1.ServiceCall) (req *http.Request, err error) { +func (a *apiCall) buildHTTPRequest(ctx context.Context, apiCall *kyvernov1.APICall) (req *http.Request, err error) { + if apiCall.Service == nil { + return nil, fmt.Errorf("missing service") + } + token := a.getToken() defer func() { if token != "" && req != nil { @@ -132,22 +141,22 @@ func (a *apiCall) buildHTTPRequest(ctx context.Context, service *kyvernov1.Servi } }() - if service.Method == "GET" { - req, err = http.NewRequestWithContext(ctx, "GET", service.URL, nil) + if apiCall.Method == "GET" { + req, err = http.NewRequestWithContext(ctx, "GET", apiCall.Service.URL, nil) return } - if service.Method == "POST" { - data, dataErr := a.buildPostData(service.Data) + if apiCall.Method == "POST" { + data, dataErr := a.buildRequestData(apiCall.Data) if dataErr != nil { return nil, dataErr } - req, err = http.NewRequest("POST", service.URL, data) + req, err = http.NewRequest("POST", apiCall.Service.URL, data) return } - return nil, fmt.Errorf("invalid request type %s for APICall %s", service.Method, a.entry.Name) + return nil, fmt.Errorf("invalid request type %s for APICall %s", apiCall.Method, a.entry.Name) } func (a *apiCall) getToken() string { @@ -162,7 +171,7 @@ func (a *apiCall) getToken() string { } func (a *apiCall) buildHTTPClient(service *kyvernov1.ServiceCall) (*http.Client, error) { - if service.CABundle == "" { + if service == nil || service.CABundle == "" { return http.DefaultClient, nil } caCertPool := x509.NewCertPool() @@ -180,7 +189,7 @@ func (a *apiCall) buildHTTPClient(service *kyvernov1.ServiceCall) (*http.Client, }, nil } -func (a *apiCall) buildPostData(data []kyvernov1.RequestData) (io.Reader, error) { +func (a *apiCall) buildRequestData(data []kyvernov1.RequestData) (io.Reader, error) { dataMap := make(map[string]interface{}) for _, d := range data { dataMap[d.Key] = d.Value diff --git a/pkg/engine/apicall/apiCall_test.go b/pkg/engine/apicall/apiCall_test.go index 217adb9ee4..60df70a41a 100644 --- a/pkg/engine/apicall/apiCall_test.go +++ b/pkg/engine/apicall/apiCall_test.go @@ -59,7 +59,7 @@ func Test_serviceGetRequest(t *testing.T) { _, err = call.Execute(context.TODO()) assert.ErrorContains(t, err, "invalid request type") - entry.APICall.Service.Method = "GET" + entry.APICall.Method = "GET" call, err = New(logr.Discard(), jp, entry, ctx, nil) assert.NilError(t, err) _, err = call.Execute(context.TODO()) @@ -83,9 +83,9 @@ func Test_servicePostRequest(t *testing.T) { entry := kyvernov1.ContextEntry{ Name: "test", APICall: &kyvernov1.APICall{ + Method: "POST", Service: &kyvernov1.ServiceCall{ - URL: s.URL + "/resource", - Method: "POST", + URL: s.URL + "/resource", }, }, } @@ -130,7 +130,7 @@ func Test_servicePostRequest(t *testing.T) { err = ctx.AddContextEntry("images", []byte(imageData)) assert.NilError(t, err) - entry.APICall.Service.Data = []kyvernov1.RequestData{ + entry.APICall.Data = []kyvernov1.RequestData{ { Key: "images", Value: &apiextensionsv1.JSON{ diff --git a/pkg/policy/validate.go b/pkg/policy/validate.go index 71b0bbc711..66c57d7ba3 100644 --- a/pkg/policy/validate.go +++ b/pkg/policy/validate.go @@ -379,7 +379,11 @@ func Validate(policy, oldPolicy kyvernov1.PolicyInterface, client dclient.Interf allKinds = append(allKinds, matchKinds...) allKinds = append(allKinds, excludeKinds...) if rule.HasValidate() { - validationJson, err := json.Marshal(rule.Validation) + validationElem := rule.Validation.DeepCopy() + if validationElem.Deny != nil { + validationElem.Deny.RawAnyAllConditions = nil + } + validationJson, err := json.Marshal(validationElem) if err != nil { return nil, err } @@ -1062,8 +1066,18 @@ func validateConfigMap(entry kyvernov1.ContextEntry) error { } func validateAPICall(entry kyvernov1.ContextEntry) error { - // If JMESPath contains variables, the validation will fail because it's not possible to infer which value - // will be inserted by the variable + if entry.APICall == nil { + return nil + } + + if entry.APICall.URLPath != "" { + if entry.APICall.Service != nil { + return fmt.Errorf("a URLPath cannot be used for service API calls") + } + } + + // If JMESPath contains variables, the validation will fail because it's not + // possible to infer which value will be inserted by the variable // Skip validation if a variable is detected jmesPath := variables.ReplaceAllVars(entry.APICall.JMESPath, func(s string) string { return "kyvernojmespathvariable" }) diff --git a/test/conformance/kuttl/validate/clusterpolicy/standard/apicalls/subjectaccessreview/01-assert.yaml b/test/conformance/kuttl/validate/clusterpolicy/standard/apicalls/subjectaccessreview/01-assert.yaml new file mode 100644 index 0000000000..6fe832672c --- /dev/null +++ b/test/conformance/kuttl/validate/clusterpolicy/standard/apicalls/subjectaccessreview/01-assert.yaml @@ -0,0 +1,9 @@ +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: check-subjectaccessreview +status: + conditions: + - reason: Succeeded + status: "True" + type: Ready diff --git a/test/conformance/kuttl/validate/clusterpolicy/standard/apicalls/subjectaccessreview/01-manifests.yaml b/test/conformance/kuttl/validate/clusterpolicy/standard/apicalls/subjectaccessreview/01-manifests.yaml new file mode 100644 index 0000000000..9251b58028 --- /dev/null +++ b/test/conformance/kuttl/validate/clusterpolicy/standard/apicalls/subjectaccessreview/01-manifests.yaml @@ -0,0 +1,81 @@ + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: admission-controller + app.kubernetes.io/instance: kyverno + app.kubernetes.io/part-of: kyverno + name: kyverno:subjectaccessreviews +rules: +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: admission-controller + app.kubernetes.io/instance: kyverno + app.kubernetes.io/part-of: kyverno + name: kyverno:namespace-delete +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - delete + resourceNames: + - test-sar +--- +apiVersion: v1 +kind: Namespace +metadata: + name: test-sar +--- +apiVersion: kyverno.io/v2beta1 +kind: ClusterPolicy +metadata: + name: check-subjectaccessreview +spec: + validationFailureAction: Enforce + background: false + rules: + - name: check-sar + match: + any: + - resources: + kinds: + - ConfigMap + context: + - name: subjectaccessreview + apiCall: + urlPath: /apis/authorization.k8s.io/v1/subjectaccessreviews + method: POST + data: + - key: kind + value: SubjectAccessReview + - key: apiVersion + value: authorization.k8s.io/v1 + - key: spec + value: + resourceAttributes: + resource: namespaces + name: "{{ request.namespace }}" + verb: "delete" + group: "" + #user: "{{ request.userInfo.username }}" + user: "system:serviceaccount:kyverno:kyverno-admission-controller" + validate: + message: "User is not authorized." + deny: + conditions: + any: + - key: "{{ subjectaccessreview.status.allowed }}" + operator: NotEquals + value: true diff --git a/test/conformance/kuttl/validate/clusterpolicy/standard/apicalls/subjectaccessreview/02-teststep.yaml b/test/conformance/kuttl/validate/clusterpolicy/standard/apicalls/subjectaccessreview/02-teststep.yaml new file mode 100644 index 0000000000..a2537772c5 --- /dev/null +++ b/test/conformance/kuttl/validate/clusterpolicy/standard/apicalls/subjectaccessreview/02-teststep.yaml @@ -0,0 +1,7 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +apply: + - file: cm-default-ns.yaml + shouldFail: true + - file: cm-test-ns.yaml + shouldFail: false \ No newline at end of file diff --git a/test/conformance/kuttl/validate/clusterpolicy/standard/apicalls/subjectaccessreview/README.md b/test/conformance/kuttl/validate/clusterpolicy/standard/apicalls/subjectaccessreview/README.md new file mode 100644 index 0000000000..262855246f --- /dev/null +++ b/test/conformance/kuttl/validate/clusterpolicy/standard/apicalls/subjectaccessreview/README.md @@ -0,0 +1,13 @@ +## Description + +This test checks a POST operation to the Kubernetes API server for a SubjectAccessReview. It checks for delete access to the namespace of the request, and allows or denies the request. + +## Expected Behavior + +The test resource should be allowed to be created in the test namespace but not in the `default` namespace, as Kyverno cannot delete it. + +## Reference Issues + +https://github.com/kyverno/kyverno/issues/1717 + +https://github.com/kyverno/kyverno/issues/6857 diff --git a/test/conformance/kuttl/validate/clusterpolicy/standard/apicalls/subjectaccessreview/cm-default-ns.yaml b/test/conformance/kuttl/validate/clusterpolicy/standard/apicalls/subjectaccessreview/cm-default-ns.yaml new file mode 100644 index 0000000000..0b9be553e2 --- /dev/null +++ b/test/conformance/kuttl/validate/clusterpolicy/standard/apicalls/subjectaccessreview/cm-default-ns.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cm + namespace: default +data: {} \ No newline at end of file diff --git a/test/conformance/kuttl/validate/clusterpolicy/standard/apicalls/subjectaccessreview/cm-test-ns.yaml b/test/conformance/kuttl/validate/clusterpolicy/standard/apicalls/subjectaccessreview/cm-test-ns.yaml new file mode 100644 index 0000000000..424fd590aa --- /dev/null +++ b/test/conformance/kuttl/validate/clusterpolicy/standard/apicalls/subjectaccessreview/cm-test-ns.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cm + namespace: test-sar +data: {} \ No newline at end of file