mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-28 10:28:36 +00:00
feat: more openapi validation in v2 api (#11013)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché
GitHub
parent
cac7b21225
commit
fd5cfac9b4
15 changed files with 193 additions and 0 deletions
|
|
@ -8,6 +8,7 @@ import (
|
|||
|
||||
// MatchResources is used to specify resource and admission review request data for
|
||||
// which a policy rule is applicable.
|
||||
// +kubebuilder:not:={required:{any,all}}
|
||||
type MatchResources struct {
|
||||
// Any allows specifying resources which will be ORed
|
||||
// +optional
|
||||
|
|
|
|||
|
|
@ -348,6 +348,10 @@ spec:
|
|||
ExcludeResources defines when cleanuppolicy should not be applied. The exclude
|
||||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the name or role.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
@ -778,6 +782,10 @@ spec:
|
|||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the user name or role.
|
||||
At least one kind is required.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
@ -1603,6 +1611,10 @@ spec:
|
|||
ExcludeResources defines when cleanuppolicy should not be applied. The exclude
|
||||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the name or role.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
@ -2033,6 +2045,10 @@ spec:
|
|||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the user name or role.
|
||||
At least one kind is required.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
|
|||
|
|
@ -348,6 +348,10 @@ spec:
|
|||
ExcludeResources defines when cleanuppolicy should not be applied. The exclude
|
||||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the name or role.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
@ -778,6 +782,10 @@ spec:
|
|||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the user name or role.
|
||||
At least one kind is required.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
@ -1603,6 +1611,10 @@ spec:
|
|||
ExcludeResources defines when cleanuppolicy should not be applied. The exclude
|
||||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the name or role.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
@ -2033,6 +2045,10 @@ spec:
|
|||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the user name or role.
|
||||
At least one kind is required.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
|
|||
|
|
@ -10226,6 +10226,10 @@ spec:
|
|||
ExcludeResources defines when this policy rule should not be applied. The exclude
|
||||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the name or role.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will
|
||||
|
|
@ -11236,6 +11240,10 @@ spec:
|
|||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the user name or role.
|
||||
At least one kind is required.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will
|
||||
|
|
|
|||
|
|
@ -10229,6 +10229,10 @@ spec:
|
|||
ExcludeResources defines when this policy rule should not be applied. The exclude
|
||||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the name or role.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will
|
||||
|
|
@ -11239,6 +11243,10 @@ spec:
|
|||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the user name or role.
|
||||
At least one kind is required.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will
|
||||
|
|
|
|||
|
|
@ -175,6 +175,10 @@ spec:
|
|||
match:
|
||||
description: Match defines match clause used to check if a resource
|
||||
applies to the exception
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
@ -812,6 +816,10 @@ spec:
|
|||
match:
|
||||
description: Match defines match clause used to check if a resource
|
||||
applies to the exception
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
|
|||
|
|
@ -10220,6 +10220,10 @@ spec:
|
|||
ExcludeResources defines when this policy rule should not be applied. The exclude
|
||||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the name or role.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will
|
||||
|
|
@ -11230,6 +11234,10 @@ spec:
|
|||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the user name or role.
|
||||
At least one kind is required.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will
|
||||
|
|
|
|||
|
|
@ -10223,6 +10223,10 @@ spec:
|
|||
ExcludeResources defines when this policy rule should not be applied. The exclude
|
||||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the name or role.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will
|
||||
|
|
@ -11233,6 +11237,10 @@ spec:
|
|||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the user name or role.
|
||||
At least one kind is required.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will
|
||||
|
|
|
|||
|
|
@ -169,6 +169,10 @@ spec:
|
|||
match:
|
||||
description: Match defines match clause used to check if a resource
|
||||
applies to the exception
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
@ -806,6 +810,10 @@ spec:
|
|||
match:
|
||||
description: Match defines match clause used to check if a resource
|
||||
applies to the exception
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
|
|||
|
|
@ -342,6 +342,10 @@ spec:
|
|||
ExcludeResources defines when cleanuppolicy should not be applied. The exclude
|
||||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the name or role.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
@ -772,6 +776,10 @@ spec:
|
|||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the user name or role.
|
||||
At least one kind is required.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
@ -1597,6 +1605,10 @@ spec:
|
|||
ExcludeResources defines when cleanuppolicy should not be applied. The exclude
|
||||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the name or role.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
@ -2027,6 +2039,10 @@ spec:
|
|||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the user name or role.
|
||||
At least one kind is required.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
|
|||
|
|
@ -342,6 +342,10 @@ spec:
|
|||
ExcludeResources defines when cleanuppolicy should not be applied. The exclude
|
||||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the name or role.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
@ -772,6 +776,10 @@ spec:
|
|||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the user name or role.
|
||||
At least one kind is required.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
@ -1597,6 +1605,10 @@ spec:
|
|||
ExcludeResources defines when cleanuppolicy should not be applied. The exclude
|
||||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the name or role.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
@ -2027,6 +2039,10 @@ spec:
|
|||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the user name or role.
|
||||
At least one kind is required.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
|
|||
|
|
@ -10220,6 +10220,10 @@ spec:
|
|||
ExcludeResources defines when this policy rule should not be applied. The exclude
|
||||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the name or role.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will
|
||||
|
|
@ -11230,6 +11234,10 @@ spec:
|
|||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the user name or role.
|
||||
At least one kind is required.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will
|
||||
|
|
|
|||
|
|
@ -10223,6 +10223,10 @@ spec:
|
|||
ExcludeResources defines when this policy rule should not be applied. The exclude
|
||||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the name or role.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will
|
||||
|
|
@ -11233,6 +11237,10 @@ spec:
|
|||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the user name or role.
|
||||
At least one kind is required.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will
|
||||
|
|
|
|||
|
|
@ -169,6 +169,10 @@ spec:
|
|||
match:
|
||||
description: Match defines match clause used to check if a resource
|
||||
applies to the exception
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
@ -806,6 +810,10 @@ spec:
|
|||
match:
|
||||
description: Match defines match clause used to check if a resource
|
||||
applies to the exception
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
|
|||
|
|
@ -541,6 +541,10 @@ spec:
|
|||
ExcludeResources defines when cleanuppolicy should not be applied. The exclude
|
||||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the name or role.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
@ -971,6 +975,10 @@ spec:
|
|||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the user name or role.
|
||||
At least one kind is required.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
@ -1796,6 +1804,10 @@ spec:
|
|||
ExcludeResources defines when cleanuppolicy should not be applied. The exclude
|
||||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the name or role.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
@ -2226,6 +2238,10 @@ spec:
|
|||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the user name or role.
|
||||
At least one kind is required.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
@ -3077,6 +3093,10 @@ spec:
|
|||
ExcludeResources defines when cleanuppolicy should not be applied. The exclude
|
||||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the name or role.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
@ -3507,6 +3527,10 @@ spec:
|
|||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the user name or role.
|
||||
At least one kind is required.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
@ -4332,6 +4356,10 @@ spec:
|
|||
ExcludeResources defines when cleanuppolicy should not be applied. The exclude
|
||||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the name or role.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
@ -4762,6 +4790,10 @@ spec:
|
|||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the user name or role.
|
||||
At least one kind is required.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
@ -15491,6 +15523,10 @@ spec:
|
|||
ExcludeResources defines when this policy rule should not be applied. The exclude
|
||||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the name or role.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will
|
||||
|
|
@ -16501,6 +16537,10 @@ spec:
|
|||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the user name or role.
|
||||
At least one kind is required.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will
|
||||
|
|
@ -35180,6 +35220,10 @@ spec:
|
|||
ExcludeResources defines when this policy rule should not be applied. The exclude
|
||||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the name or role.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will
|
||||
|
|
@ -36190,6 +36234,10 @@ spec:
|
|||
criteria can include resource information (e.g. kind, name, namespace, labels)
|
||||
and admission review request information like the user name or role.
|
||||
At least one kind is required.
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will
|
||||
|
|
@ -44569,6 +44617,10 @@ spec:
|
|||
match:
|
||||
description: Match defines match clause used to check if a resource
|
||||
applies to the exception
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
@ -45206,6 +45258,10 @@ spec:
|
|||
match:
|
||||
description: Match defines match clause used to check if a resource
|
||||
applies to the exception
|
||||
not:
|
||||
required:
|
||||
- any
|
||||
- all
|
||||
properties:
|
||||
all:
|
||||
description: All allows specifying resources which will be ANDed
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue