mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-28 10:28:36 +00:00
Code Activity

feat: add rule openapi validation (#10990)

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2024-09-03 17:20:37 +02:00 committed by GitHub
parent 02a3c4afda
commit fb90636776
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 193 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
api/kyverno/v1/match_resources_types.go
View file

@ -7,6 +7,7 @@ import (
// MatchResources is used to specify resource and admission review request data for
// which a policy rule is applicable.
// +kubebuilder:not:={required:{any,all}}
type MatchResources struct {
// Any allows specifying resources which will be ORed
// +optional

24
charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_clusterpolicies.yaml
View file

@ -366,6 +366,10 @@ spec:
ExcludeResources defines when this policy rule should not be applied. The exclude
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the name or role.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -1557,6 +1561,10 @@ spec:
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the user name or role.
At least one kind is required.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -5128,6 +5136,10 @@ spec:
ExcludeResources defines when this policy rule should not be applied. The exclude
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the name or role.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -6334,6 +6346,10 @@ spec:
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the user name or role.
At least one kind is required.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -14509,6 +14525,10 @@ spec:
ExcludeResources defines when this policy rule should not be applied. The exclude
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the name or role.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -15715,6 +15735,10 @@ spec:
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the user name or role.
At least one kind is required.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will

24
charts/kyverno/charts/crds/templates/kyverno.io/kyverno.io_policies.yaml
View file

@ -367,6 +367,10 @@ spec:
ExcludeResources defines when this policy rule should not be applied. The exclude
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the name or role.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -1558,6 +1562,10 @@ spec:
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the user name or role.
At least one kind is required.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -5130,6 +5138,10 @@ spec:
ExcludeResources defines when this policy rule should not be applied. The exclude
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the name or role.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -6336,6 +6348,10 @@ spec:
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the user name or role.
At least one kind is required.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -14512,6 +14528,10 @@ spec:
ExcludeResources defines when this policy rule should not be applied. The exclude
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the name or role.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -15718,6 +15738,10 @@ spec:
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the user name or role.
At least one kind is required.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will

24
cmd/cli/kubectl-kyverno/data/crds/kyverno.io_clusterpolicies.yaml
View file

@ -360,6 +360,10 @@ spec:
ExcludeResources defines when this policy rule should not be applied. The exclude
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the name or role.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -1551,6 +1555,10 @@ spec:
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the user name or role.
At least one kind is required.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -5122,6 +5130,10 @@ spec:
ExcludeResources defines when this policy rule should not be applied. The exclude
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the name or role.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -6328,6 +6340,10 @@ spec:
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the user name or role.
At least one kind is required.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -14503,6 +14519,10 @@ spec:
ExcludeResources defines when this policy rule should not be applied. The exclude
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the name or role.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -15709,6 +15729,10 @@ spec:
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the user name or role.
At least one kind is required.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will

24
cmd/cli/kubectl-kyverno/data/crds/kyverno.io_policies.yaml
View file

@ -361,6 +361,10 @@ spec:
ExcludeResources defines when this policy rule should not be applied. The exclude
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the name or role.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -1552,6 +1556,10 @@ spec:
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the user name or role.
At least one kind is required.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -5124,6 +5132,10 @@ spec:
ExcludeResources defines when this policy rule should not be applied. The exclude
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the name or role.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -6330,6 +6342,10 @@ spec:
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the user name or role.
At least one kind is required.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -14506,6 +14522,10 @@ spec:
ExcludeResources defines when this policy rule should not be applied. The exclude
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the name or role.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -15712,6 +15732,10 @@ spec:
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the user name or role.
At least one kind is required.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will

24
config/crds/kyverno/kyverno.io_clusterpolicies.yaml
View file

@ -360,6 +360,10 @@ spec:
ExcludeResources defines when this policy rule should not be applied. The exclude
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the name or role.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -1551,6 +1555,10 @@ spec:
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the user name or role.
At least one kind is required.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -5122,6 +5130,10 @@ spec:
ExcludeResources defines when this policy rule should not be applied. The exclude
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the name or role.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -6328,6 +6340,10 @@ spec:
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the user name or role.
At least one kind is required.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -14503,6 +14519,10 @@ spec:
ExcludeResources defines when this policy rule should not be applied. The exclude
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the name or role.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -15709,6 +15729,10 @@ spec:
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the user name or role.
At least one kind is required.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will

24
config/crds/kyverno/kyverno.io_policies.yaml
View file

@ -361,6 +361,10 @@ spec:
ExcludeResources defines when this policy rule should not be applied. The exclude
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the name or role.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -1552,6 +1556,10 @@ spec:
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the user name or role.
At least one kind is required.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -5124,6 +5132,10 @@ spec:
ExcludeResources defines when this policy rule should not be applied. The exclude
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the name or role.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -6330,6 +6342,10 @@ spec:
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the user name or role.
At least one kind is required.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -14506,6 +14522,10 @@ spec:
ExcludeResources defines when this policy rule should not be applied. The exclude
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the name or role.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -15712,6 +15732,10 @@ spec:
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the user name or role.
At least one kind is required.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will

48
config/install-latest-testing.yaml
View file

@ -5515,6 +5515,10 @@ spec:
ExcludeResources defines when this policy rule should not be applied. The exclude
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the name or role.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -6706,6 +6710,10 @@ spec:
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the user name or role.
At least one kind is required.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -10277,6 +10285,10 @@ spec:
ExcludeResources defines when this policy rule should not be applied. The exclude
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the name or role.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -11483,6 +11495,10 @@ spec:
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the user name or role.
At least one kind is required.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -19658,6 +19674,10 @@ spec:
ExcludeResources defines when this policy rule should not be applied. The exclude
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the name or role.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -20864,6 +20884,10 @@ spec:
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the user name or role.
At least one kind is required.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -24810,6 +24834,10 @@ spec:
ExcludeResources defines when this policy rule should not be applied. The exclude
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the name or role.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -26001,6 +26029,10 @@ spec:
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the user name or role.
At least one kind is required.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -29573,6 +29605,10 @@ spec:
ExcludeResources defines when this policy rule should not be applied. The exclude
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the name or role.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -30779,6 +30815,10 @@ spec:
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the user name or role.
At least one kind is required.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -38955,6 +38995,10 @@ spec:
ExcludeResources defines when this policy rule should not be applied. The exclude
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the name or role.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will
@ -40161,6 +40205,10 @@ spec:
criteria can include resource information (e.g. kind, name, namespace, labels)
and admission review request information like the user name or role.
At least one kind is required.
not:
required:
- any
- all
properties:
all:
description: All allows specifying resources which will