169 lines
9.2 KiB
Go
169 lines
9.2 KiB
Go
/*
|
|
Copyright The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
// Code generated by applyconfiguration-gen. DO NOT EDIT.
|
|
|
|
package v1beta1
|
|
|
|
import (
|
|
admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
|
|
)
|
|
|
|
// ValidatingAdmissionPolicySpecApplyConfiguration represents a declarative configuration of the ValidatingAdmissionPolicySpec type for use
|
|
// with apply.
|
|
//
|
|
// ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.
|
|
type ValidatingAdmissionPolicySpecApplyConfiguration struct {
|
|
// ParamKind specifies the kind of resources used to parameterize this policy.
|
|
// If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions.
|
|
// If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied.
|
|
// If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.
|
|
ParamKind *ParamKindApplyConfiguration `json:"paramKind,omitempty"`
|
|
// MatchConstraints specifies what resources this policy is designed to validate.
|
|
// The AdmissionPolicy cares about a request if it matches _all_ Constraints.
|
|
// However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API
|
|
// ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding.
|
|
// Required.
|
|
MatchConstraints *MatchResourcesApplyConfiguration `json:"matchConstraints,omitempty"`
|
|
// Validations contain CEL expressions which is used to apply the validation.
|
|
// Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is
|
|
// required.
|
|
Validations []ValidationApplyConfiguration `json:"validations,omitempty"`
|
|
// failurePolicy defines how to handle failures for the admission policy. Failures can
|
|
// occur from CEL expression parse errors, type check errors, runtime errors and invalid
|
|
// or mis-configured policy definitions or bindings.
|
|
//
|
|
// A policy is invalid if spec.paramKind refers to a non-existent Kind.
|
|
// A binding is invalid if spec.paramRef.name refers to a non-existent resource.
|
|
//
|
|
// failurePolicy does not define how validations that evaluate to false are handled.
|
|
//
|
|
// When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions
|
|
// define how failures are enforced.
|
|
//
|
|
// Allowed values are Ignore or Fail. Defaults to Fail.
|
|
FailurePolicy *admissionregistrationv1beta1.FailurePolicyType `json:"failurePolicy,omitempty"`
|
|
// auditAnnotations contains CEL expressions which are used to produce audit
|
|
// annotations for the audit event of the API request.
|
|
// validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is
|
|
// required.
|
|
AuditAnnotations []AuditAnnotationApplyConfiguration `json:"auditAnnotations,omitempty"`
|
|
// MatchConditions is a list of conditions that must be met for a request to be validated.
|
|
// Match conditions filter requests that have already been matched by the rules,
|
|
// namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests.
|
|
// There are a maximum of 64 match conditions allowed.
|
|
//
|
|
// If a parameter object is provided, it can be accessed via the `params` handle in the same
|
|
// manner as validation expressions.
|
|
//
|
|
// The exact matching logic is (in order):
|
|
// 1. If ANY matchCondition evaluates to FALSE, the policy is skipped.
|
|
// 2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.
|
|
// 3. If any matchCondition evaluates to an error (but none are FALSE):
|
|
// - If failurePolicy=Fail, reject the request
|
|
// - If failurePolicy=Ignore, the policy is skipped
|
|
MatchConditions []MatchConditionApplyConfiguration `json:"matchConditions,omitempty"`
|
|
// Variables contain definitions of variables that can be used in composition of other expressions.
|
|
// Each variable is defined as a named CEL expression.
|
|
// The variables defined here will be available under `variables` in other expressions of the policy
|
|
// except MatchConditions because MatchConditions are evaluated before the rest of the policy.
|
|
//
|
|
// The expression of a variable can refer to other variables defined earlier in the list but not those after.
|
|
// Thus, Variables must be sorted by the order of first appearance and acyclic.
|
|
Variables []VariableApplyConfiguration `json:"variables,omitempty"`
|
|
}
|
|
|
|
// ValidatingAdmissionPolicySpecApplyConfiguration constructs a declarative configuration of the ValidatingAdmissionPolicySpec type for use with
|
|
// apply.
|
|
func ValidatingAdmissionPolicySpec() *ValidatingAdmissionPolicySpecApplyConfiguration {
|
|
return &ValidatingAdmissionPolicySpecApplyConfiguration{}
|
|
}
|
|
|
|
// WithParamKind sets the ParamKind field in the declarative configuration to the given value
|
|
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
|
|
// If called multiple times, the ParamKind field is set to the value of the last call.
|
|
func (b *ValidatingAdmissionPolicySpecApplyConfiguration) WithParamKind(value *ParamKindApplyConfiguration) *ValidatingAdmissionPolicySpecApplyConfiguration {
|
|
b.ParamKind = value
|
|
return b
|
|
}
|
|
|
|
// WithMatchConstraints sets the MatchConstraints field in the declarative configuration to the given value
|
|
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
|
|
// If called multiple times, the MatchConstraints field is set to the value of the last call.
|
|
func (b *ValidatingAdmissionPolicySpecApplyConfiguration) WithMatchConstraints(value *MatchResourcesApplyConfiguration) *ValidatingAdmissionPolicySpecApplyConfiguration {
|
|
b.MatchConstraints = value
|
|
return b
|
|
}
|
|
|
|
// WithValidations adds the given value to the Validations field in the declarative configuration
|
|
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
|
|
// If called multiple times, values provided by each call will be appended to the Validations field.
|
|
func (b *ValidatingAdmissionPolicySpecApplyConfiguration) WithValidations(values ...*ValidationApplyConfiguration) *ValidatingAdmissionPolicySpecApplyConfiguration {
|
|
for i := range values {
|
|
if values[i] == nil {
|
|
panic("nil value passed to WithValidations")
|
|
}
|
|
b.Validations = append(b.Validations, *values[i])
|
|
}
|
|
return b
|
|
}
|
|
|
|
// WithFailurePolicy sets the FailurePolicy field in the declarative configuration to the given value
|
|
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
|
|
// If called multiple times, the FailurePolicy field is set to the value of the last call.
|
|
func (b *ValidatingAdmissionPolicySpecApplyConfiguration) WithFailurePolicy(value admissionregistrationv1beta1.FailurePolicyType) *ValidatingAdmissionPolicySpecApplyConfiguration {
|
|
b.FailurePolicy = &value
|
|
return b
|
|
}
|
|
|
|
// WithAuditAnnotations adds the given value to the AuditAnnotations field in the declarative configuration
|
|
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
|
|
// If called multiple times, values provided by each call will be appended to the AuditAnnotations field.
|
|
func (b *ValidatingAdmissionPolicySpecApplyConfiguration) WithAuditAnnotations(values ...*AuditAnnotationApplyConfiguration) *ValidatingAdmissionPolicySpecApplyConfiguration {
|
|
for i := range values {
|
|
if values[i] == nil {
|
|
panic("nil value passed to WithAuditAnnotations")
|
|
}
|
|
b.AuditAnnotations = append(b.AuditAnnotations, *values[i])
|
|
}
|
|
return b
|
|
}
|
|
|
|
// WithMatchConditions adds the given value to the MatchConditions field in the declarative configuration
|
|
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
|
|
// If called multiple times, values provided by each call will be appended to the MatchConditions field.
|
|
func (b *ValidatingAdmissionPolicySpecApplyConfiguration) WithMatchConditions(values ...*MatchConditionApplyConfiguration) *ValidatingAdmissionPolicySpecApplyConfiguration {
|
|
for i := range values {
|
|
if values[i] == nil {
|
|
panic("nil value passed to WithMatchConditions")
|
|
}
|
|
b.MatchConditions = append(b.MatchConditions, *values[i])
|
|
}
|
|
return b
|
|
}
|
|
|
|
// WithVariables adds the given value to the Variables field in the declarative configuration
|
|
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
|
|
// If called multiple times, values provided by each call will be appended to the Variables field.
|
|
func (b *ValidatingAdmissionPolicySpecApplyConfiguration) WithVariables(values ...*VariableApplyConfiguration) *ValidatingAdmissionPolicySpecApplyConfiguration {
|
|
for i := range values {
|
|
if values[i] == nil {
|
|
panic("nil value passed to WithVariables")
|
|
}
|
|
b.Variables = append(b.Variables, *values[i])
|
|
}
|
|
return b
|
|
}
|