cue.dev/x/kyverno@v0.4.0

globalcontextentry/v2alpha1/schema.cue raw

  1package v2alpha1
  2
  3import (
  4	"time"
  5	"strings"
  6)
  7
  8// GlobalContextEntry declares resources to be cached.
  9#GlobalContextEntry: {
 10	_embeddedResource
 11
 12	// APIVersion defines the versioned schema of this representation
 13	// of an object.
 14	// Servers should convert recognized schemas to the latest
 15	// internal value, and
 16	// may reject unrecognized values.
 17	// More info:
 18	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
 19	"apiVersion"?: string
 20
 21	// Kind is a string value representing the REST resource this
 22	// object represents.
 23	// Servers may infer this from the endpoint the client submits
 24	// requests to.
 25	// Cannot be updated.
 26	// In CamelCase.
 27	// More info:
 28	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 29	"kind"?: string
 30	"metadata"?: {}
 31
 32	// Spec declares policy exception behaviors.
 33	"spec"!: matchN(1, [{
 34		"kubernetesResource"!: _
 35	}, {
 36		"apiCall"!: _
 37	}]) & {
 38		// Stores results from an API call which will be cached.
 39		// Mutually exclusive with KubernetesResource.
 40		// This can be used to make calls to external (non-Kubernetes API
 41		// server) services.
 42		// It can also be used to make calls to the Kubernetes API server
 43		// in such cases:
 44		// 1. A POST is needed to create a resource.
 45		// 2. Finer-grained control is needed. Example: To restrict the
 46		// number of resources cached.
 47		"apiCall"?: {
 48			// The data object specifies the POST data sent to the server.
 49			// Only applicable when the method field is set to POST.
 50			"data"?: [...{
 51				// Key is a unique identifier for the data value
 52				"key"!: string
 53
 54				// Value is the data value
 55				"value"!: null | bool | number | string | [...] | {
 56					...
 57				}
 58			}]
 59
 60			// Method is the HTTP request type (GET or POST). Defaults to GET.
 61			"method"?: "GET" | "POST"
 62
 63			// RefreshInterval defines the interval in duration at which to
 64			// poll the APICall.
 65			// The duration is a sequence of decimal numbers, each with
 66			// optional fraction and a unit suffix,
 67			// such as "300ms", "1.5h" or "2h45m". Valid time units are "ns",
 68			// "us" (or "µs"), "ms", "s", "m", "h".
 69			"refreshInterval"?: string
 70
 71			// RetryLimit defines the number of times the APICall should be
 72			// retried in case of failure.
 73			"retryLimit"?: int & >=1
 74
 75			// Service is an API call to a JSON web service.
 76			// This is used for non-Kubernetes API server calls.
 77			// It's mutually exclusive with the URLPath field.
 78			"service"?: {
 79				// CABundle is a PEM encoded CA bundle which will be used to
 80				// validate
 81				// the server certificate.
 82				"caBundle"?: string
 83
 84				// Headers is a list of optional HTTP headers to be included in
 85				// the request.
 86				"headers"?: [...{
 87					// Key is the header key
 88					"key"!: string
 89
 90					// Value is the header value
 91					"value"!: string
 92				}]
 93
 94				// URL is the JSON web service URL. A typical form is
 95				// `https://{service}.{namespace}:{port}/{path}`.
 96				"url"!: string
 97			}
 98
 99			// URLPath is the URL path to be used in the HTTP GET or POST
100			// request to the
101			// Kubernetes API server (e.g. "/api/v1/namespaces" or
102			// "/apis/apps/v1/deployments").
103			// The format required is the same format used by the `kubectl get
104			// --raw` command.
105			// See
106			// https://kyverno.io/docs/writing-policies/external-data-sources/#variables-from-kubernetes-api-server-calls
107			// for details.
108			// It's mutually exclusive with the Service field.
109			"urlPath"?: string
110		}
111
112		// Stores a list of Kubernetes resources which will be cached.
113		// Mutually exclusive with APICall.
114		"kubernetesResource"?: {
115			// Group defines the group of the resource.
116			"group"?: string
117
118			// Namespace defines the namespace of the resource. Leave empty
119			// for cluster scoped resources.
120			// If left empty for namespaced resources, all resources from all
121			// namespaces will be cached.
122			"namespace"?: string
123
124			// Resource defines the type of the resource.
125			// Requires the pluralized form of the resource kind in lowercase.
126			// (Ex., "deployments")
127			"resource"!: string
128
129			// Version defines the version of the resource.
130			"version"!: string
131		}
132	}
133
134	// Status contains globalcontextentry runtime data.
135	"status"?: {
136		"conditions"?: [...{
137			// lastTransitionTime is the last time the condition transitioned
138			// from one status to another.
139			// This should be when the underlying condition changed. If that
140			// is not known, then using the time when the API field changed
141			// is acceptable.
142			"lastTransitionTime"!: time.Time
143
144			// message is a human readable message indicating details about
145			// the transition.
146			// This may be an empty string.
147			"message"!: strings.MaxRunes(
148					32768)
149
150			// observedGeneration represents the .metadata.generation that the
151			// condition was set based upon.
152			// For instance, if .metadata.generation is currently 12, but the
153			// .status.conditions[x].observedGeneration is 9, the condition
154			// is out of date
155			// with respect to the current state of the instance.
156			"observedGeneration"?: int64 & int & >=0
157
158			// reason contains a programmatic identifier indicating the reason
159			// for the condition's last transition.
160			// Producers of specific condition types may define expected
161			// values and meanings for this field,
162			// and whether the values are considered a guaranteed API.
163			// The value should be a CamelCase string.
164			// This field may not be empty.
165			"reason"!: strings.MaxRunes(
166					1024) & strings.MinRunes(
167					1) & =~"^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$"
168
169			// status of the condition, one of True, False, Unknown.
170			"status"!: "True" | "False" | "Unknown"
171
172			// type of condition in CamelCase or in foo.example.com/CamelCase.
173			"type"!: strings.MaxRunes(
174					316) & =~"^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$"
175		}]
176
177		// Indicates the time when the globalcontextentry was last
178		// refreshed successfully for the API Call
179		"lastRefreshTime"?: time.Time
180
181		// Deprecated in favor of Conditions
182		"ready"?: bool
183	}
184
185	_embeddedResource: {
186		"apiVersion"!: string
187		"kind"!:       string
188		"metadata"?: {
189			...
190		}
191	}
192	apiVersion: "kyverno.io/v2alpha1"
193	kind:       "GlobalContextEntry"
194	metadata!: {
195		"name"!:      string
196		"namespace"?: string
197		"labels"?: {
198			[string]: string
199		}
200		"annotations"?: {
201			[string]: string
202		}
203		...
204	}
205}