feat: add evaluation mode to api (#12262)

Signed-off-by: ShutingZhao <shuting@nirmata.com>

api/policies.kyverno.io/v1alpha1/validating_spec_types.go

@@ -91,7 +91,7 @@ type ValidatingPolicySpec struct {
 
 	// EvaluationConfiguration defines the configuration for the policy evaluation.
 	// +optional
-	EvaluationConfiguration *EvaluationConfiguration `json:"evaluationConfiguration,omitempty"`
+	EvaluationConfiguration *EvaluationConfiguration `json:"evaluation,omitempty"`
 }
 
 // AdmissionEnabled checks if admission is set to true
@@ -110,6 +110,14 @@ func (s ValidatingPolicySpec) BackgroundEnabled() bool {
 	return *s.EvaluationConfiguration.Background.Enabled
 }
 
+// EvaluationMode returns the evaluation mode of the policy.
+func (s ValidatingPolicySpec) EvaluationMode() EvaluationMode {
+	if s.EvaluationConfiguration == nil || s.EvaluationConfiguration.Mode == "" {
+		return EvaluationModeKubernetes
+	}
+	return s.EvaluationConfiguration.Mode
+}
+
 type WebhookConfiguration struct {
 	// TimeoutSeconds specifies the maximum time in seconds allowed to apply this policy.
 	// After the configured time expires, the admission request may fail, or may simply ignore the policy results,
@@ -118,6 +126,12 @@ type WebhookConfiguration struct {
 }
 
 type EvaluationConfiguration struct {
+	// Mode is the mode of policy evaluation.
+	// Allowed values are "Kubernetes" or "JSON".
+	// Optional. Default value is "Kubernetes".
+	// +optional
+	Mode EvaluationMode `json:"mode,omitempty"`
+
 	// Admission controls policy evaluation during admission.
 	// +optional
 	Admission *AdmissionConfiguration `json:"admission,omitempty"`
@@ -143,3 +157,10 @@ type BackgroundConfiguration struct {
 	// +kubebuilder:default=true
 	Enabled *bool `json:"enabled,omitempty"`
 }
+
+type EvaluationMode string
+
+const (
+	EvaluationModeKubernetes EvaluationMode = "Kubernetes"
+	EvaluationModeJSON       EvaluationMode = "JSON"
+)

charts/kyverno/charts/crds/templates/policies.kyverno.io/policies.kyverno.io_validatingpolicies.yaml

@@ -108,7 +108,7 @@ spec:
                   type: object
                 type: array
                 x-kubernetes-list-type: atomic
-              evaluationConfiguration:
+              evaluation:
                 description: EvaluationConfiguration defines the configuration for
                   the policy evaluation.
                 properties:
@@ -134,6 +134,12 @@ spec:
                           uses variables that are only available in the admission review request (e.g. user name).
                         type: boolean
                     type: object
+                  mode:
+                    description: |-
+                      Mode is the mode of policy evaluation.
+                      Allowed values are "Kubernetes" or "JSON".
+                      Optional. Default value is "Kubernetes".
+                    type: string
                 type: object
               failurePolicy:
                 description: |-

cmd/cli/kubectl-kyverno/data/crds/policies.kyverno.io_validatingpolicies.yaml

@@ -102,7 +102,7 @@ spec:
                   type: object
                 type: array
                 x-kubernetes-list-type: atomic
-              evaluationConfiguration:
+              evaluation:
                 description: EvaluationConfiguration defines the configuration for
                   the policy evaluation.
                 properties:
@@ -128,6 +128,12 @@ spec:
                           uses variables that are only available in the admission review request (e.g. user name).
                         type: boolean
                     type: object
+                  mode:
+                    description: |-
+                      Mode is the mode of policy evaluation.
+                      Allowed values are "Kubernetes" or "JSON".
+                      Optional. Default value is "Kubernetes".
+                    type: string
                 type: object
               failurePolicy:
                 description: |-

config/crds/policies.kyverno.io/policies.kyverno.io_validatingpolicies.yaml

@@ -102,7 +102,7 @@ spec:
                   type: object
                 type: array
                 x-kubernetes-list-type: atomic
-              evaluationConfiguration:
+              evaluation:
                 description: EvaluationConfiguration defines the configuration for
                   the policy evaluation.
                 properties:
@@ -128,6 +128,12 @@ spec:
                           uses variables that are only available in the admission review request (e.g. user name).
                         type: boolean
                     type: object
+                  mode:
+                    description: |-
+                      Mode is the mode of policy evaluation.
+                      Allowed values are "Kubernetes" or "JSON".
+                      Optional. Default value is "Kubernetes".
+                    type: string
                 type: object
               failurePolicy:
                 description: |-

config/install-latest-testing.yaml

@@ -48650,7 +48650,7 @@ spec:
                   type: object
                 type: array
                 x-kubernetes-list-type: atomic
-              evaluationConfiguration:
+              evaluation:
                 description: EvaluationConfiguration defines the configuration for
                   the policy evaluation.
                 properties:
@@ -48676,6 +48676,12 @@ spec:
                           uses variables that are only available in the admission review request (e.g. user name).
                         type: boolean
                     type: object
+                  mode:
+                    description: |-
+                      Mode is the mode of policy evaluation.
+                      Allowed values are "Kubernetes" or "JSON".
+                      Optional. Default value is "Kubernetes".
+                    type: string
                 type: object
               failurePolicy:
                 description: |-

docs/user/crd/index.html

@@ -10840,7 +10840,7 @@ WebhookConfiguration
 </tr>
 <tr>
 <td>
-<code>evaluationConfiguration</code><br/>
+<code>evaluation</code><br/>
 <em>
 <a href="#policies.kyverno.io/v1alpha1.EvaluationConfiguration">
 EvaluationConfiguration
@@ -11560,6 +11560,22 @@ Secrets must live in the Kyverno namespace.</p>
 <tbody>
 <tr>
 <td>
+<code>mode</code><br/>
+<em>
+<a href="#policies.kyverno.io/v1alpha1.EvaluationMode">
+EvaluationMode
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Mode is the mode of policy evaluation.
+Allowed values are &ldquo;Kubernetes&rdquo; or &ldquo;JSON&rdquo;.
+Optional. Default value is &ldquo;Kubernetes&rdquo;.</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>admission</code><br/>
 <em>
 <a href="#policies.kyverno.io/v1alpha1.AdmissionConfiguration">
@@ -11589,6 +11605,14 @@ BackgroundConfiguration
 </tbody>
 </table>
 <hr />
+<h3 id="policies.kyverno.io/v1alpha1.EvaluationMode">EvaluationMode
+(<code>string</code> alias)</p></h3>
+<p>
+(<em>Appears on:</em>
+<a href="#policies.kyverno.io/v1alpha1.EvaluationConfiguration">EvaluationConfiguration</a>)
+</p>
+<p>
+</p>
 <h3 id="policies.kyverno.io/v1alpha1.GenericPolicy">GenericPolicy
 </h3>
 <p>
@@ -12706,7 +12730,7 @@ WebhookConfiguration
 </tr>
 <tr>
 <td>
-<code>evaluationConfiguration</code><br/>
+<code>evaluation</code><br/>
 <em>
 <a href="#policies.kyverno.io/v1alpha1.EvaluationConfiguration">
 EvaluationConfiguration