mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-29 02:45:06 +00:00
fix: list operators in deny conditions (#1641)
* fix: list operators in deny conditions Signed-off-by: Arsh Sharma <arshsharma461@gmail.com> * fix: regenerated YAMLs Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>
This commit is contained in:
Arsh Sharma
GitHub
parent
f438e0d5e6
commit
a0d28f0b16
6 changed files with 57 additions and 27 deletions
|
|
@ -106,7 +106,7 @@ spec:
|
|||
description: Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character).
|
||||
type: string
|
||||
namespaceSelector:
|
||||
description: 'NamespaceSelector is a label selector for namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
|
||||
description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
||||
|
|
@ -256,7 +256,7 @@ spec:
|
|||
description: Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character).
|
||||
type: string
|
||||
namespaceSelector:
|
||||
description: 'NamespaceSelector is a label selector for namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
|
||||
description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
||||
|
|
@ -382,6 +382,7 @@ spec:
|
|||
type: object
|
||||
name:
|
||||
description: Name is a label to identify the rule, It must be unique within the policy.
|
||||
maxLength: 63
|
||||
type: string
|
||||
preconditions:
|
||||
description: Conditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation.
|
||||
|
|
@ -392,13 +393,14 @@ spec:
|
|||
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
operator:
|
||||
description: Operator is the operation to perform.
|
||||
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
|
||||
enum:
|
||||
- Equals
|
||||
- NotEquals
|
||||
- In
|
||||
- NotIn
|
||||
type: string
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
value:
|
||||
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
|
|
@ -422,13 +424,14 @@ spec:
|
|||
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
operator:
|
||||
description: Operator is the operation to perform.
|
||||
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
|
||||
enum:
|
||||
- Equals
|
||||
- NotEquals
|
||||
- In
|
||||
- NotIn
|
||||
type: string
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
value:
|
||||
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
|
|
@ -1285,7 +1288,7 @@ spec:
|
|||
description: Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character).
|
||||
type: string
|
||||
namespaceSelector:
|
||||
description: 'NamespaceSelector is a label selector for namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
|
||||
description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
||||
|
|
@ -1435,7 +1438,7 @@ spec:
|
|||
description: Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character).
|
||||
type: string
|
||||
namespaceSelector:
|
||||
description: 'NamespaceSelector is a label selector for namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
|
||||
description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
||||
|
|
@ -1561,6 +1564,7 @@ spec:
|
|||
type: object
|
||||
name:
|
||||
description: Name is a label to identify the rule, It must be unique within the policy.
|
||||
maxLength: 63
|
||||
type: string
|
||||
preconditions:
|
||||
description: Conditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation.
|
||||
|
|
@ -1571,13 +1575,14 @@ spec:
|
|||
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
operator:
|
||||
description: Operator is the operation to perform.
|
||||
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
|
||||
enum:
|
||||
- Equals
|
||||
- NotEquals
|
||||
- In
|
||||
- NotIn
|
||||
type: string
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
value:
|
||||
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
|
|
@ -1601,13 +1606,14 @@ spec:
|
|||
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
operator:
|
||||
description: Operator is the operation to perform.
|
||||
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
|
||||
enum:
|
||||
- Equals
|
||||
- NotEquals
|
||||
- In
|
||||
- NotIn
|
||||
type: string
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
value:
|
||||
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
|
|
|
|||
|
|
@ -596,13 +596,15 @@ spec:
|
|||
for conditional rule evaluation.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
operator:
|
||||
description: Operator is the operation to perform.
|
||||
description: Operator is the operation to perform. Valid
|
||||
operators are Equals, NotEquals, In and NotIn.
|
||||
enum:
|
||||
- Equals
|
||||
- NotEquals
|
||||
- In
|
||||
- NotIn
|
||||
type: string
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
value:
|
||||
description: Value is the conditional value, or set of
|
||||
values. The values can be fixed set or can be variables
|
||||
|
|
@ -634,12 +636,15 @@ spec:
|
|||
x-kubernetes-preserve-unknown-fields: true
|
||||
operator:
|
||||
description: Operator is the operation to perform.
|
||||
Valid operators are Equals, NotEquals, In and
|
||||
NotIn.
|
||||
enum:
|
||||
- Equals
|
||||
- NotEquals
|
||||
- In
|
||||
- NotIn
|
||||
type: string
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
value:
|
||||
description: Value is the conditional value, or
|
||||
set of values. The values can be fixed set or
|
||||
|
|
|
|||
|
|
@ -597,13 +597,15 @@ spec:
|
|||
for conditional rule evaluation.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
operator:
|
||||
description: Operator is the operation to perform.
|
||||
description: Operator is the operation to perform. Valid
|
||||
operators are Equals, NotEquals, In and NotIn.
|
||||
enum:
|
||||
- Equals
|
||||
- NotEquals
|
||||
- In
|
||||
- NotIn
|
||||
type: string
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
value:
|
||||
description: Value is the conditional value, or set of
|
||||
values. The values can be fixed set or can be variables
|
||||
|
|
@ -635,12 +637,15 @@ spec:
|
|||
x-kubernetes-preserve-unknown-fields: true
|
||||
operator:
|
||||
description: Operator is the operation to perform.
|
||||
Valid operators are Equals, NotEquals, In and
|
||||
NotIn.
|
||||
enum:
|
||||
- Equals
|
||||
- NotEquals
|
||||
- In
|
||||
- NotIn
|
||||
type: string
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
value:
|
||||
description: Value is the conditional value, or
|
||||
set of values. The values can be fixed set or
|
||||
|
|
|
|||
|
|
@ -111,7 +111,7 @@ spec:
|
|||
description: Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character).
|
||||
type: string
|
||||
namespaceSelector:
|
||||
description: 'NamespaceSelector is a label selector for namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
|
||||
description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
||||
|
|
@ -261,7 +261,7 @@ spec:
|
|||
description: Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character).
|
||||
type: string
|
||||
namespaceSelector:
|
||||
description: 'NamespaceSelector is a label selector for namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
|
||||
description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
||||
|
|
@ -387,6 +387,7 @@ spec:
|
|||
type: object
|
||||
name:
|
||||
description: Name is a label to identify the rule, It must be unique within the policy.
|
||||
maxLength: 63
|
||||
type: string
|
||||
preconditions:
|
||||
description: Conditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation.
|
||||
|
|
@ -397,13 +398,14 @@ spec:
|
|||
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
operator:
|
||||
description: Operator is the operation to perform.
|
||||
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
|
||||
enum:
|
||||
- Equals
|
||||
- NotEquals
|
||||
- In
|
||||
- NotIn
|
||||
type: string
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
value:
|
||||
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
|
|
@ -427,13 +429,14 @@ spec:
|
|||
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
operator:
|
||||
description: Operator is the operation to perform.
|
||||
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
|
||||
enum:
|
||||
- Equals
|
||||
- NotEquals
|
||||
- In
|
||||
- NotIn
|
||||
type: string
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
value:
|
||||
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
|
|
@ -1290,7 +1293,7 @@ spec:
|
|||
description: Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character).
|
||||
type: string
|
||||
namespaceSelector:
|
||||
description: 'NamespaceSelector is a label selector for namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
|
||||
description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
||||
|
|
@ -1440,7 +1443,7 @@ spec:
|
|||
description: Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character).
|
||||
type: string
|
||||
namespaceSelector:
|
||||
description: 'NamespaceSelector is a label selector for namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
|
||||
description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
||||
|
|
@ -1566,6 +1569,7 @@ spec:
|
|||
type: object
|
||||
name:
|
||||
description: Name is a label to identify the rule, It must be unique within the policy.
|
||||
maxLength: 63
|
||||
type: string
|
||||
preconditions:
|
||||
description: Conditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation.
|
||||
|
|
@ -1576,13 +1580,14 @@ spec:
|
|||
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
operator:
|
||||
description: Operator is the operation to perform.
|
||||
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
|
||||
enum:
|
||||
- Equals
|
||||
- NotEquals
|
||||
- In
|
||||
- NotIn
|
||||
type: string
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
value:
|
||||
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
|
|
@ -1606,13 +1611,14 @@ spec:
|
|||
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
operator:
|
||||
description: Operator is the operation to perform.
|
||||
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
|
||||
enum:
|
||||
- Equals
|
||||
- NotEquals
|
||||
- In
|
||||
- NotIn
|
||||
type: string
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
value:
|
||||
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
|
|
|
|||
|
|
@ -111,7 +111,7 @@ spec:
|
|||
description: Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character).
|
||||
type: string
|
||||
namespaceSelector:
|
||||
description: 'NamespaceSelector is a label selector for namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
|
||||
description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
||||
|
|
@ -261,7 +261,7 @@ spec:
|
|||
description: Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character).
|
||||
type: string
|
||||
namespaceSelector:
|
||||
description: 'NamespaceSelector is a label selector for namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
|
||||
description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
||||
|
|
@ -387,6 +387,7 @@ spec:
|
|||
type: object
|
||||
name:
|
||||
description: Name is a label to identify the rule, It must be unique within the policy.
|
||||
maxLength: 63
|
||||
type: string
|
||||
preconditions:
|
||||
description: Conditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation.
|
||||
|
|
@ -397,13 +398,14 @@ spec:
|
|||
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
operator:
|
||||
description: Operator is the operation to perform.
|
||||
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
|
||||
enum:
|
||||
- Equals
|
||||
- NotEquals
|
||||
- In
|
||||
- NotIn
|
||||
type: string
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
value:
|
||||
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
|
|
@ -427,13 +429,14 @@ spec:
|
|||
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
operator:
|
||||
description: Operator is the operation to perform.
|
||||
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
|
||||
enum:
|
||||
- Equals
|
||||
- NotEquals
|
||||
- In
|
||||
- NotIn
|
||||
type: string
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
value:
|
||||
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
|
|
@ -1290,7 +1293,7 @@ spec:
|
|||
description: Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character).
|
||||
type: string
|
||||
namespaceSelector:
|
||||
description: 'NamespaceSelector is a label selector for namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
|
||||
description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
||||
|
|
@ -1440,7 +1443,7 @@ spec:
|
|||
description: Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character).
|
||||
type: string
|
||||
namespaceSelector:
|
||||
description: 'NamespaceSelector is a label selector for namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character). Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
|
||||
description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.'
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
||||
|
|
@ -1566,6 +1569,7 @@ spec:
|
|||
type: object
|
||||
name:
|
||||
description: Name is a label to identify the rule, It must be unique within the policy.
|
||||
maxLength: 63
|
||||
type: string
|
||||
preconditions:
|
||||
description: Conditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation.
|
||||
|
|
@ -1576,13 +1580,14 @@ spec:
|
|||
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
operator:
|
||||
description: Operator is the operation to perform.
|
||||
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
|
||||
enum:
|
||||
- Equals
|
||||
- NotEquals
|
||||
- In
|
||||
- NotIn
|
||||
type: string
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
value:
|
||||
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
|
|
@ -1606,13 +1611,14 @@ spec:
|
|||
description: Key is the context entry (using JMESPath) for conditional rule evaluation.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
operator:
|
||||
description: Operator is the operation to perform.
|
||||
description: Operator is the operation to perform. Valid operators are Equals, NotEquals, In and NotIn.
|
||||
enum:
|
||||
- Equals
|
||||
- NotEquals
|
||||
- In
|
||||
- NotIn
|
||||
type: string
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
value:
|
||||
description: Value is the conditional value, or set of values. The values can be fixed set or can be variables declared using using JMESPath.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
|
|
|
|||
|
|
@ -150,7 +150,9 @@ type Condition struct {
|
|||
// +kubebuilder:validation:XPreserveUnknownFields
|
||||
Key apiextensions.JSON `json:"key,omitempty" yaml:"key,omitempty"`
|
||||
|
||||
// Operator is the operation to perform.
|
||||
// Operator is the operation to perform. Valid operators
|
||||
// are Equals, NotEquals, In and NotIn.
|
||||
// +kubebuilder:validation:XPreserveUnknownFields
|
||||
Operator ConditionOperator `json:"operator,omitempty" yaml:"operator,omitempty"`
|
||||
|
||||
// Value is the conditional value, or set of values. The values can be fixed set
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue