diff --git a/config.gatekeeper.sh/config_v1alpha1.json b/config.gatekeeper.sh/config_v1alpha1.json index fb72e1c9..96c60ddf 100644 --- a/config.gatekeeper.sh/config_v1alpha1.json +++ b/config.gatekeeper.sh/config_v1alpha1.json @@ -2,11 +2,11 @@ "description": "Config is the Schema for the configs API.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -21,8 +21,8 @@ "properties": { "excludedNamespaces": { "items": { - "description": "A string that supports globbing at its front or end. Ex: \"kube-*\" will match \"kube-system\" or \"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\". The asterisk is required for wildcard matching.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "A string that supports globbing at its front and end. Ex: \"kube-*\" will match \"kube-system\" or\n\"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\", \"*system*\" will\nmatch \"system-kube\" or \"kube-system\". The asterisk is required for wildcard matching.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "type": "array" diff --git a/expansion.gatekeeper.sh/expansiontemplate_v1alpha1.json b/expansion.gatekeeper.sh/expansiontemplate_v1alpha1.json index 325836a7..37f47851 100644 --- a/expansion.gatekeeper.sh/expansiontemplate_v1alpha1.json +++ b/expansion.gatekeeper.sh/expansiontemplate_v1alpha1.json @@ -2,23 +2,30 @@ "description": "ExpansionTemplate is the Schema for the ExpansionTemplate API.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "type": "object" + "properties": { + "name": { + "maxLength": 63, + "type": "string" + } + }, + "type": "object", + "additionalProperties": false }, "spec": { "description": "ExpansionTemplateSpec defines the desired state of ExpansionTemplate.", "properties": { "applyTo": { - "description": "ApplyTo lists the specific groups, versions and kinds of generator resources which will be expanded.", + "description": "ApplyTo lists the specific groups, versions and kinds of generator resources\nwhich will be expanded.", "items": { - "description": "ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed.", + "description": "ApplyTo determines what GVKs items the mutation should apply to.\nGlobs are not allowed.", "properties": { "groups": { "items": { @@ -45,11 +52,11 @@ "type": "array" }, "enforcementAction": { - "description": "EnforcementAction specifies the enforcement action to be used for resources matching the ExpansionTemplate. Specifying an empty value will use the enforcement action specified by the Constraint in violation.", + "description": "EnforcementAction specifies the enforcement action to be used for resources\nmatching the ExpansionTemplate. Specifying an empty value will use the\nenforcement action specified by the Constraint in violation.", "type": "string" }, "generatedGVK": { - "description": "GeneratedGVK specifies the GVK of the resources which the generator resource creates.", + "description": "GeneratedGVK specifies the GVK of the resources which the generator\nresource creates.", "properties": { "group": { "type": "string" @@ -65,12 +72,65 @@ "additionalProperties": false }, "templateSource": { - "description": "TemplateSource specifies the source field on the generator resource to use as the base for expanded resource. For Pod-creating generators, this is usually spec.template", + "description": "TemplateSource specifies the source field on the generator resource to\nuse as the base for expanded resource. For Pod-creating generators, this\nis usually spec.template", "type": "string" } }, "type": "object", "additionalProperties": false + }, + "status": { + "description": "ExpansionTemplateStatus defines the observed state of ExpansionTemplate.", + "properties": { + "byPod": { + "items": { + "description": "ExpansionTemplatePodStatusStatus defines the observed state of ExpansionTemplatePodStatus.", + "properties": { + "errors": { + "items": { + "properties": { + "message": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "id": { + "description": "Important: Run \"make\" to regenerate code after modifying this file", + "type": "string" + }, + "observedGeneration": { + "format": "int64", + "type": "integer" + }, + "operations": { + "items": { + "type": "string" + }, + "type": "array" + }, + "templateUID": { + "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false } }, "type": "object" diff --git a/expansion.gatekeeper.sh/expansiontemplate_v1beta1.json b/expansion.gatekeeper.sh/expansiontemplate_v1beta1.json new file mode 100644 index 00000000..97d8b62f --- /dev/null +++ b/expansion.gatekeeper.sh/expansiontemplate_v1beta1.json @@ -0,0 +1,131 @@ +{ + "description": "ExpansionTemplate is the Schema for the ExpansionTemplate API.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "description": "ExpansionTemplateSpec defines the desired state of ExpansionTemplate.", + "properties": { + "applyTo": { + "description": "ApplyTo lists the specific groups, versions and kinds of generator resources\nwhich will be expanded.", + "items": { + "description": "ApplyTo determines what GVKs items the mutation should apply to.\nGlobs are not allowed.", + "properties": { + "groups": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kinds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "versions": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "enforcementAction": { + "description": "EnforcementAction specifies the enforcement action to be used for resources\nmatching the ExpansionTemplate. Specifying an empty value will use the\nenforcement action specified by the Constraint in violation.", + "type": "string" + }, + "generatedGVK": { + "description": "GeneratedGVK specifies the GVK of the resources which the generator\nresource creates.", + "properties": { + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "templateSource": { + "description": "TemplateSource specifies the source field on the generator resource to\nuse as the base for expanded resource. For Pod-creating generators, this\nis usually spec.template", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "description": "ExpansionTemplateStatus defines the observed state of ExpansionTemplate.", + "properties": { + "byPod": { + "items": { + "description": "ExpansionTemplatePodStatusStatus defines the observed state of ExpansionTemplatePodStatus.", + "properties": { + "errors": { + "items": { + "properties": { + "message": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "id": { + "description": "Important: Run \"make\" to regenerate code after modifying this file", + "type": "string" + }, + "observedGeneration": { + "format": "int64", + "type": "integer" + }, + "operations": { + "items": { + "type": "string" + }, + "type": "array" + }, + "templateUID": { + "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" + } + \ No newline at end of file diff --git a/externaldata.gatekeeper.sh/provider_v1alpha1.json b/externaldata.gatekeeper.sh/provider_v1alpha1.json index 7aa48401..13a9e962 100644 --- a/externaldata.gatekeeper.sh/provider_v1alpha1.json +++ b/externaldata.gatekeeper.sh/provider_v1alpha1.json @@ -2,11 +2,11 @@ "description": "Provider is the Schema for the Provider API", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -16,7 +16,7 @@ "description": "Spec defines the Provider specifications.", "properties": { "caBundle": { - "description": "CABundle is a base64-encoded string that contains the TLS CA bundle in PEM format. It is used to verify the signature of the provider's certificate.", + "description": "CABundle is a base64-encoded string that contains the TLS CA bundle in PEM format.\nIt is used to verify the signature of the provider's certificate.", "type": "string" }, "timeout": { @@ -24,7 +24,7 @@ "type": "integer" }, "url": { - "description": "URL is the url for the provider. URL is prefixed with http:// or https://.", + "description": "URL is the url for the provider. URL is prefixed with https://.", "type": "string" } }, diff --git a/externaldata.gatekeeper.sh/provider_v1beta1.json b/externaldata.gatekeeper.sh/provider_v1beta1.json index 0a7647c9..bdbee406 100644 --- a/externaldata.gatekeeper.sh/provider_v1beta1.json +++ b/externaldata.gatekeeper.sh/provider_v1beta1.json @@ -2,11 +2,11 @@ "description": "Provider is the Schema for the providers API", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -16,7 +16,7 @@ "description": "Spec defines the Provider specifications.", "properties": { "caBundle": { - "description": "CABundle is a base64-encoded string that contains the TLS CA bundle in PEM format. It is used to verify the signature of the provider's certificate.", + "description": "CABundle is a base64-encoded string that contains the TLS CA bundle in PEM format.\nIt is used to verify the signature of the provider's certificate.", "type": "string" }, "timeout": { @@ -24,7 +24,7 @@ "type": "integer" }, "url": { - "description": "URL is the url for the provider. URL is prefixed with http:// or https://.", + "description": "URL is the url for the provider. URL is prefixed with https://.", "type": "string" } }, diff --git a/mutations.gatekeeper.sh/assign_v1.json b/mutations.gatekeeper.sh/assign_v1.json index b585513f..508a67c6 100644 --- a/mutations.gatekeeper.sh/assign_v1.json +++ b/mutations.gatekeeper.sh/assign_v1.json @@ -2,11 +2,11 @@ "description": "Assign is the Schema for the assign API.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -23,9 +23,9 @@ "description": "AssignSpec defines the desired state of Assign.", "properties": { "applyTo": { - "description": "ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs.", + "description": "ApplyTo lists the specific groups, versions and kinds a mutation will be applied to.\nThis is necessary because every mutation implies part of an object schema and object\nschemas are associated with specific GVKs.", "items": { - "description": "ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed.", + "description": "ApplyTo determines what GVKs items the mutation should apply to.\nGlobs are not allowed.", "properties": { "groups": { "items": { @@ -56,23 +56,23 @@ "type": "string" }, "match": { - "description": "Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything.", + "description": "Match allows the user to limit which resources get mutated.\nIndividual match criteria are AND-ed together. An undefined\nmatch criteria matches everything.", "properties": { "excludedNamespaces": { - "description": "ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.", + "description": "ExcludedNamespaces is a list of namespace names. If defined, a\nconstraint only applies to resources not in a listed namespace.\nExcludedNamespaces also supports a prefix or suffix based glob. For example,\n`excludedNamespaces: [kube-*]` matches both `kube-system` and\n`kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and\n`gatekeeper-system`.", "items": { - "description": "A string that supports globbing at its front or end. Ex: \"kube-*\" will match \"kube-system\" or \"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\". The asterisk is required for wildcard matching.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "A string that supports globbing at its front and end. Ex: \"kube-*\" will match \"kube-system\" or\n\"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\", \"*system*\" will\nmatch \"system-kube\" or \"kube-system\". The asterisk is required for wildcard matching.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "type": "array" }, "kinds": { "items": { - "description": "Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.", + "description": "Kinds accepts a list of objects with apiGroups and kinds fields\nthat list the groups/kinds of objects to which the mutation will apply.\nIf multiple groups/kinds objects are specified,\nonly one match is needed for the resource to be in scope.", "properties": { "apiGroups": { - "description": "APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.", + "description": "APIGroups is the API groups the resources belong to. '*' is all groups.\nIf '*' is present, the length of the slice must be one.\nRequired.", "items": { "type": "string" }, @@ -91,23 +91,23 @@ "type": "array" }, "labelSelector": { - "description": "LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.", + "description": "LabelSelector is the combination of two optional fields: `matchLabels`\nand `matchExpressions`. These two fields provide different methods of\nselecting or excluding k8s objects based on the label keys and values\nincluded in object metadata. All selection expressions from both\nsections are ANDed to determine if an object meets the cumulative\nrequirements of the selector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -127,36 +127,37 @@ "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "name": { - "description": "Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "Name is the name of an object. If defined, it will match against objects with the specified\nname. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match\nboth `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "namespaceSelector": { - "description": "NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace.", + "description": "NamespaceSelector is a label selector against an object's containing\nnamespace or the object itself, if the object is a namespace.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -176,28 +177,29 @@ "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "namespaces": { - "description": "Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.", + "description": "Namespaces is a list of namespace names. If defined, a constraint only\napplies to resources in a listed namespace. Namespaces also supports a\nprefix or suffix based glob. For example, `namespaces: [kube-*]` matches both\n`kube-system` and `kube-public`, and `namespaces: [*-system]` matches both\n`kube-system` and `gatekeeper-system`.", "items": { - "description": "A string that supports globbing at its front or end. Ex: \"kube-*\" will match \"kube-system\" or \"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\". The asterisk is required for wildcard matching.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "A string that supports globbing at its front and end. Ex: \"kube-*\" will match \"kube-system\" or\n\"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\", \"*system*\" will\nmatch \"system-kube\" or \"kube-system\". The asterisk is required for wildcard matching.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "type": "array" }, "scope": { - "description": "Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)", + "description": "Scope determines if cluster-scoped and/or namespaced-scoped resources\nare matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)", "type": "string" }, "source": { - "description": "Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources.", + "description": "Source determines whether generated or original resources are matched.\nAccepts `Generated`|`Original`|`All` (defaults to `All`). A value of\n`Generated` will only match generated resources, while `Original` will only\nmatch regular resources.", "enum": [ "All", "Generated", @@ -220,7 +222,7 @@ "properties": { "dataSource": { "default": "ValueAtLocation", - "description": "DataSource specifies where to extract the data that will be sent to the external data provider as parameters.", + "description": "DataSource specifies where to extract the data that will be sent\nto the external data provider as parameters.", "enum": [ "ValueAtLocation", "Username" @@ -228,12 +230,12 @@ "type": "string" }, "default": { - "description": "Default specifies the default value to use when the external data provider returns an error and the failure policy is set to \"UseDefault\".", + "description": "Default specifies the default value to use when the external data\nprovider returns an error and the failure policy is set to \"UseDefault\".", "type": "string" }, "failurePolicy": { "default": "Fail", - "description": "FailurePolicy specifies the policy to apply when the external data provider returns an error.", + "description": "FailurePolicy specifies the policy to apply when the external data\nprovider returns an error.", "enum": [ "UseDefault", "Ignore", @@ -270,7 +272,7 @@ }, "pathTests": { "items": { - "description": "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate.", + "description": "PathTest allows the user to customize how the mutation works if parent\npaths are missing. It traverses the list in order. All sub paths are\ntested against the provided condition, if the test fails, the mutation is\nnot applied. All `subPath` entries must be a prefix of `location`. Any\nglob characters will take on the same value as was used to\nexpand the matching glob in `location`.\n\n\nAvailable Tests:\n* MustExist - the path must exist or do not mutate\n* MustNotExist - the path must not exist or do not mutate.", "properties": { "condition": { "description": "Condition describes whether the path either MustExist or MustNotExist in the original object", @@ -315,7 +317,7 @@ "type": "string" }, "type": { - "description": "Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.", + "description": "Type indicates a specific class of error for use by controller code.\nIf not present, the error should be treated as not matching any known type.", "type": "string" } }, @@ -331,7 +333,7 @@ "type": "string" }, "mutatorUID": { - "description": "Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch", + "description": "Storing the mutator UID allows us to detect drift, such as\nwhen a mutator has been recreated after its CRD was deleted\nout from under it, interrupting the watch", "type": "string" }, "observedGeneration": { diff --git a/mutations.gatekeeper.sh/assign_v1alpha1.json b/mutations.gatekeeper.sh/assign_v1alpha1.json index ac1a5dd7..2d901528 100644 --- a/mutations.gatekeeper.sh/assign_v1alpha1.json +++ b/mutations.gatekeeper.sh/assign_v1alpha1.json @@ -2,11 +2,11 @@ "description": "Assign is the Schema for the assign API.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -16,9 +16,9 @@ "description": "AssignSpec defines the desired state of Assign.", "properties": { "applyTo": { - "description": "ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs.", + "description": "ApplyTo lists the specific groups, versions and kinds a mutation will be applied to.\nThis is necessary because every mutation implies part of an object schema and object\nschemas are associated with specific GVKs.", "items": { - "description": "ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed.", + "description": "ApplyTo determines what GVKs items the mutation should apply to.\nGlobs are not allowed.", "properties": { "groups": { "items": { @@ -49,23 +49,23 @@ "type": "string" }, "match": { - "description": "Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything.", + "description": "Match allows the user to limit which resources get mutated.\nIndividual match criteria are AND-ed together. An undefined\nmatch criteria matches everything.", "properties": { "excludedNamespaces": { - "description": "ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.", + "description": "ExcludedNamespaces is a list of namespace names. If defined, a\nconstraint only applies to resources not in a listed namespace.\nExcludedNamespaces also supports a prefix or suffix based glob. For example,\n`excludedNamespaces: [kube-*]` matches both `kube-system` and\n`kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and\n`gatekeeper-system`.", "items": { - "description": "A string that supports globbing at its front or end. Ex: \"kube-*\" will match \"kube-system\" or \"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\". The asterisk is required for wildcard matching.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "A string that supports globbing at its front and end. Ex: \"kube-*\" will match \"kube-system\" or\n\"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\", \"*system*\" will\nmatch \"system-kube\" or \"kube-system\". The asterisk is required for wildcard matching.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "type": "array" }, "kinds": { "items": { - "description": "Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.", + "description": "Kinds accepts a list of objects with apiGroups and kinds fields\nthat list the groups/kinds of objects to which the mutation will apply.\nIf multiple groups/kinds objects are specified,\nonly one match is needed for the resource to be in scope.", "properties": { "apiGroups": { - "description": "APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.", + "description": "APIGroups is the API groups the resources belong to. '*' is all groups.\nIf '*' is present, the length of the slice must be one.\nRequired.", "items": { "type": "string" }, @@ -84,23 +84,23 @@ "type": "array" }, "labelSelector": { - "description": "LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.", + "description": "LabelSelector is the combination of two optional fields: `matchLabels`\nand `matchExpressions`. These two fields provide different methods of\nselecting or excluding k8s objects based on the label keys and values\nincluded in object metadata. All selection expressions from both\nsections are ANDed to determine if an object meets the cumulative\nrequirements of the selector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -120,36 +120,37 @@ "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "name": { - "description": "Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "Name is the name of an object. If defined, it will match against objects with the specified\nname. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match\nboth `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "namespaceSelector": { - "description": "NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace.", + "description": "NamespaceSelector is a label selector against an object's containing\nnamespace or the object itself, if the object is a namespace.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -169,28 +170,29 @@ "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "namespaces": { - "description": "Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.", + "description": "Namespaces is a list of namespace names. If defined, a constraint only\napplies to resources in a listed namespace. Namespaces also supports a\nprefix or suffix based glob. For example, `namespaces: [kube-*]` matches both\n`kube-system` and `kube-public`, and `namespaces: [*-system]` matches both\n`kube-system` and `gatekeeper-system`.", "items": { - "description": "A string that supports globbing at its front or end. Ex: \"kube-*\" will match \"kube-system\" or \"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\". The asterisk is required for wildcard matching.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "A string that supports globbing at its front and end. Ex: \"kube-*\" will match \"kube-system\" or\n\"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\", \"*system*\" will\nmatch \"system-kube\" or \"kube-system\". The asterisk is required for wildcard matching.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "type": "array" }, "scope": { - "description": "Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)", + "description": "Scope determines if cluster-scoped and/or namespaced-scoped resources\nare matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)", "type": "string" }, "source": { - "description": "Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources.", + "description": "Source determines whether generated or original resources are matched.\nAccepts `Generated`|`Original`|`All` (defaults to `All`). A value of\n`Generated` will only match generated resources, while `Original` will only\nmatch regular resources.", "enum": [ "All", "Generated", @@ -213,7 +215,7 @@ "properties": { "dataSource": { "default": "ValueAtLocation", - "description": "DataSource specifies where to extract the data that will be sent to the external data provider as parameters.", + "description": "DataSource specifies where to extract the data that will be sent\nto the external data provider as parameters.", "enum": [ "ValueAtLocation", "Username" @@ -221,12 +223,12 @@ "type": "string" }, "default": { - "description": "Default specifies the default value to use when the external data provider returns an error and the failure policy is set to \"UseDefault\".", + "description": "Default specifies the default value to use when the external data\nprovider returns an error and the failure policy is set to \"UseDefault\".", "type": "string" }, "failurePolicy": { "default": "Fail", - "description": "FailurePolicy specifies the policy to apply when the external data provider returns an error.", + "description": "FailurePolicy specifies the policy to apply when the external data\nprovider returns an error.", "enum": [ "UseDefault", "Ignore", @@ -263,7 +265,7 @@ }, "pathTests": { "items": { - "description": "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate.", + "description": "PathTest allows the user to customize how the mutation works if parent\npaths are missing. It traverses the list in order. All sub paths are\ntested against the provided condition, if the test fails, the mutation is\nnot applied. All `subPath` entries must be a prefix of `location`. Any\nglob characters will take on the same value as was used to\nexpand the matching glob in `location`.\n\n\nAvailable Tests:\n* MustExist - the path must exist or do not mutate\n* MustNotExist - the path must not exist or do not mutate.", "properties": { "condition": { "description": "Condition describes whether the path either MustExist or MustNotExist in the original object", @@ -308,7 +310,7 @@ "type": "string" }, "type": { - "description": "Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.", + "description": "Type indicates a specific class of error for use by controller code.\nIf not present, the error should be treated as not matching any known type.", "type": "string" } }, @@ -324,7 +326,7 @@ "type": "string" }, "mutatorUID": { - "description": "Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch", + "description": "Storing the mutator UID allows us to detect drift, such as\nwhen a mutator has been recreated after its CRD was deleted\nout from under it, interrupting the watch", "type": "string" }, "observedGeneration": { diff --git a/mutations.gatekeeper.sh/assign_v1beta1.json b/mutations.gatekeeper.sh/assign_v1beta1.json index ac1a5dd7..2d901528 100644 --- a/mutations.gatekeeper.sh/assign_v1beta1.json +++ b/mutations.gatekeeper.sh/assign_v1beta1.json @@ -2,11 +2,11 @@ "description": "Assign is the Schema for the assign API.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -16,9 +16,9 @@ "description": "AssignSpec defines the desired state of Assign.", "properties": { "applyTo": { - "description": "ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs.", + "description": "ApplyTo lists the specific groups, versions and kinds a mutation will be applied to.\nThis is necessary because every mutation implies part of an object schema and object\nschemas are associated with specific GVKs.", "items": { - "description": "ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed.", + "description": "ApplyTo determines what GVKs items the mutation should apply to.\nGlobs are not allowed.", "properties": { "groups": { "items": { @@ -49,23 +49,23 @@ "type": "string" }, "match": { - "description": "Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything.", + "description": "Match allows the user to limit which resources get mutated.\nIndividual match criteria are AND-ed together. An undefined\nmatch criteria matches everything.", "properties": { "excludedNamespaces": { - "description": "ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.", + "description": "ExcludedNamespaces is a list of namespace names. If defined, a\nconstraint only applies to resources not in a listed namespace.\nExcludedNamespaces also supports a prefix or suffix based glob. For example,\n`excludedNamespaces: [kube-*]` matches both `kube-system` and\n`kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and\n`gatekeeper-system`.", "items": { - "description": "A string that supports globbing at its front or end. Ex: \"kube-*\" will match \"kube-system\" or \"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\". The asterisk is required for wildcard matching.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "A string that supports globbing at its front and end. Ex: \"kube-*\" will match \"kube-system\" or\n\"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\", \"*system*\" will\nmatch \"system-kube\" or \"kube-system\". The asterisk is required for wildcard matching.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "type": "array" }, "kinds": { "items": { - "description": "Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.", + "description": "Kinds accepts a list of objects with apiGroups and kinds fields\nthat list the groups/kinds of objects to which the mutation will apply.\nIf multiple groups/kinds objects are specified,\nonly one match is needed for the resource to be in scope.", "properties": { "apiGroups": { - "description": "APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.", + "description": "APIGroups is the API groups the resources belong to. '*' is all groups.\nIf '*' is present, the length of the slice must be one.\nRequired.", "items": { "type": "string" }, @@ -84,23 +84,23 @@ "type": "array" }, "labelSelector": { - "description": "LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.", + "description": "LabelSelector is the combination of two optional fields: `matchLabels`\nand `matchExpressions`. These two fields provide different methods of\nselecting or excluding k8s objects based on the label keys and values\nincluded in object metadata. All selection expressions from both\nsections are ANDed to determine if an object meets the cumulative\nrequirements of the selector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -120,36 +120,37 @@ "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "name": { - "description": "Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "Name is the name of an object. If defined, it will match against objects with the specified\nname. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match\nboth `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "namespaceSelector": { - "description": "NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace.", + "description": "NamespaceSelector is a label selector against an object's containing\nnamespace or the object itself, if the object is a namespace.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -169,28 +170,29 @@ "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "namespaces": { - "description": "Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.", + "description": "Namespaces is a list of namespace names. If defined, a constraint only\napplies to resources in a listed namespace. Namespaces also supports a\nprefix or suffix based glob. For example, `namespaces: [kube-*]` matches both\n`kube-system` and `kube-public`, and `namespaces: [*-system]` matches both\n`kube-system` and `gatekeeper-system`.", "items": { - "description": "A string that supports globbing at its front or end. Ex: \"kube-*\" will match \"kube-system\" or \"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\". The asterisk is required for wildcard matching.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "A string that supports globbing at its front and end. Ex: \"kube-*\" will match \"kube-system\" or\n\"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\", \"*system*\" will\nmatch \"system-kube\" or \"kube-system\". The asterisk is required for wildcard matching.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "type": "array" }, "scope": { - "description": "Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)", + "description": "Scope determines if cluster-scoped and/or namespaced-scoped resources\nare matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)", "type": "string" }, "source": { - "description": "Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources.", + "description": "Source determines whether generated or original resources are matched.\nAccepts `Generated`|`Original`|`All` (defaults to `All`). A value of\n`Generated` will only match generated resources, while `Original` will only\nmatch regular resources.", "enum": [ "All", "Generated", @@ -213,7 +215,7 @@ "properties": { "dataSource": { "default": "ValueAtLocation", - "description": "DataSource specifies where to extract the data that will be sent to the external data provider as parameters.", + "description": "DataSource specifies where to extract the data that will be sent\nto the external data provider as parameters.", "enum": [ "ValueAtLocation", "Username" @@ -221,12 +223,12 @@ "type": "string" }, "default": { - "description": "Default specifies the default value to use when the external data provider returns an error and the failure policy is set to \"UseDefault\".", + "description": "Default specifies the default value to use when the external data\nprovider returns an error and the failure policy is set to \"UseDefault\".", "type": "string" }, "failurePolicy": { "default": "Fail", - "description": "FailurePolicy specifies the policy to apply when the external data provider returns an error.", + "description": "FailurePolicy specifies the policy to apply when the external data\nprovider returns an error.", "enum": [ "UseDefault", "Ignore", @@ -263,7 +265,7 @@ }, "pathTests": { "items": { - "description": "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate.", + "description": "PathTest allows the user to customize how the mutation works if parent\npaths are missing. It traverses the list in order. All sub paths are\ntested against the provided condition, if the test fails, the mutation is\nnot applied. All `subPath` entries must be a prefix of `location`. Any\nglob characters will take on the same value as was used to\nexpand the matching glob in `location`.\n\n\nAvailable Tests:\n* MustExist - the path must exist or do not mutate\n* MustNotExist - the path must not exist or do not mutate.", "properties": { "condition": { "description": "Condition describes whether the path either MustExist or MustNotExist in the original object", @@ -308,7 +310,7 @@ "type": "string" }, "type": { - "description": "Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.", + "description": "Type indicates a specific class of error for use by controller code.\nIf not present, the error should be treated as not matching any known type.", "type": "string" } }, @@ -324,7 +326,7 @@ "type": "string" }, "mutatorUID": { - "description": "Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch", + "description": "Storing the mutator UID allows us to detect drift, such as\nwhen a mutator has been recreated after its CRD was deleted\nout from under it, interrupting the watch", "type": "string" }, "observedGeneration": { diff --git a/mutations.gatekeeper.sh/assignimage_v1alpha1.json b/mutations.gatekeeper.sh/assignimage_v1alpha1.json new file mode 100644 index 00000000..84e2f422 --- /dev/null +++ b/mutations.gatekeeper.sh/assignimage_v1alpha1.json @@ -0,0 +1,318 @@ +{ + "description": "AssignImage is the Schema for the assignimage API.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "properties": { + "name": { + "maxLength": 63, + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "spec": { + "description": "AssignImageSpec defines the desired state of AssignImage.", + "properties": { + "applyTo": { + "description": "ApplyTo lists the specific groups, versions and kinds a mutation will be applied to.\nThis is necessary because every mutation implies part of an object schema and object\nschemas are associated with specific GVKs.", + "items": { + "description": "ApplyTo determines what GVKs items the mutation should apply to.\nGlobs are not allowed.", + "properties": { + "groups": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kinds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "versions": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "location": { + "description": "Location describes the path to be mutated, for example: `spec.containers[name: main].image`.", + "type": "string" + }, + "match": { + "description": "Match allows the user to limit which resources get mutated.\nIndividual match criteria are AND-ed together. An undefined\nmatch criteria matches everything.", + "properties": { + "excludedNamespaces": { + "description": "ExcludedNamespaces is a list of namespace names. If defined, a\nconstraint only applies to resources not in a listed namespace.\nExcludedNamespaces also supports a prefix or suffix based glob. For example,\n`excludedNamespaces: [kube-*]` matches both `kube-system` and\n`kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and\n`gatekeeper-system`.", + "items": { + "description": "A string that supports globbing at its front and end. Ex: \"kube-*\" will match \"kube-system\" or\n\"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\", \"*system*\" will\nmatch \"system-kube\" or \"kube-system\". The asterisk is required for wildcard matching.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", + "type": "string" + }, + "type": "array" + }, + "kinds": { + "items": { + "description": "Kinds accepts a list of objects with apiGroups and kinds fields\nthat list the groups/kinds of objects to which the mutation will apply.\nIf multiple groups/kinds objects are specified,\nonly one match is needed for the resource to be in scope.", + "properties": { + "apiGroups": { + "description": "APIGroups is the API groups the resources belong to. '*' is all groups.\nIf '*' is present, the length of the slice must be one.\nRequired.", + "items": { + "type": "string" + }, + "type": "array" + }, + "kinds": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "labelSelector": { + "description": "LabelSelector is the combination of two optional fields: `matchLabels`\nand `matchExpressions`. These two fields provide different methods of\nselecting or excluding k8s objects based on the label keys and values\nincluded in object metadata. All selection expressions from both\nsections are ANDed to determine if an object meets the cumulative\nrequirements of the selector.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "name": { + "description": "Name is the name of an object. If defined, it will match against objects with the specified\nname. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match\nboth `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", + "type": "string" + }, + "namespaceSelector": { + "description": "NamespaceSelector is a label selector against an object's containing\nnamespace or the object itself, if the object is a namespace.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "namespaces": { + "description": "Namespaces is a list of namespace names. If defined, a constraint only\napplies to resources in a listed namespace. Namespaces also supports a\nprefix or suffix based glob. For example, `namespaces: [kube-*]` matches both\n`kube-system` and `kube-public`, and `namespaces: [*-system]` matches both\n`kube-system` and `gatekeeper-system`.", + "items": { + "description": "A string that supports globbing at its front and end. Ex: \"kube-*\" will match \"kube-system\" or\n\"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\", \"*system*\" will\nmatch \"system-kube\" or \"kube-system\". The asterisk is required for wildcard matching.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", + "type": "string" + }, + "type": "array" + }, + "scope": { + "description": "Scope determines if cluster-scoped and/or namespaced-scoped resources\nare matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)", + "type": "string" + }, + "source": { + "description": "Source determines whether generated or original resources are matched.\nAccepts `Generated`|`Original`|`All` (defaults to `All`). A value of\n`Generated` will only match generated resources, while `Original` will only\nmatch regular resources.", + "enum": [ + "All", + "Generated", + "Original" + ], + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "parameters": { + "description": "Parameters define the behavior of the mutator.", + "properties": { + "assignDomain": { + "description": "AssignDomain sets the domain component on an image string. The trailing\nslash should not be included.", + "type": "string" + }, + "assignPath": { + "description": "AssignPath sets the domain component on an image string.", + "type": "string" + }, + "assignTag": { + "description": "AssignImage sets the image component on an image string. It must start\nwith a `:` or `@`.", + "type": "string" + }, + "pathTests": { + "items": { + "description": "PathTest allows the user to customize how the mutation works if parent\npaths are missing. It traverses the list in order. All sub paths are\ntested against the provided condition, if the test fails, the mutation is\nnot applied. All `subPath` entries must be a prefix of `location`. Any\nglob characters will take on the same value as was used to\nexpand the matching glob in `location`.\n\n\nAvailable Tests:\n* MustExist - the path must exist or do not mutate\n* MustNotExist - the path must not exist or do not mutate.", + "properties": { + "condition": { + "description": "Condition describes whether the path either MustExist or MustNotExist in the original object", + "enum": [ + "MustExist", + "MustNotExist" + ], + "type": "string" + }, + "subPath": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "description": "AssignImageStatus defines the observed state of AssignImage.", + "properties": { + "byPod": { + "items": { + "description": "MutatorPodStatusStatus defines the observed state of MutatorPodStatus.", + "properties": { + "enforced": { + "type": "boolean" + }, + "errors": { + "items": { + "description": "MutatorError represents a single error caught while adding a mutator to a system.", + "properties": { + "message": { + "type": "string" + }, + "type": { + "description": "Type indicates a specific class of error for use by controller code.\nIf not present, the error should be treated as not matching any known type.", + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "id": { + "type": "string" + }, + "mutatorUID": { + "description": "Storing the mutator UID allows us to detect drift, such as\nwhen a mutator has been recreated after its CRD was deleted\nout from under it, interrupting the watch", + "type": "string" + }, + "observedGeneration": { + "format": "int64", + "type": "integer" + }, + "operations": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" + } + \ No newline at end of file diff --git a/mutations.gatekeeper.sh/assignmetadata_v1.json b/mutations.gatekeeper.sh/assignmetadata_v1.json index b4572853..5f6d50be 100644 --- a/mutations.gatekeeper.sh/assignmetadata_v1.json +++ b/mutations.gatekeeper.sh/assignmetadata_v1.json @@ -2,11 +2,11 @@ "description": "AssignMetadata is the Schema for the assignmetadata API.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -26,23 +26,23 @@ "type": "string" }, "match": { - "description": "Match selects objects to apply mutations to.", + "description": "Match selects which objects are in scope.", "properties": { "excludedNamespaces": { - "description": "ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.", + "description": "ExcludedNamespaces is a list of namespace names. If defined, a\nconstraint only applies to resources not in a listed namespace.\nExcludedNamespaces also supports a prefix or suffix based glob. For example,\n`excludedNamespaces: [kube-*]` matches both `kube-system` and\n`kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and\n`gatekeeper-system`.", "items": { - "description": "A string that supports globbing at its front or end. Ex: \"kube-*\" will match \"kube-system\" or \"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\". The asterisk is required for wildcard matching.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "A string that supports globbing at its front and end. Ex: \"kube-*\" will match \"kube-system\" or\n\"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\", \"*system*\" will\nmatch \"system-kube\" or \"kube-system\". The asterisk is required for wildcard matching.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "type": "array" }, "kinds": { "items": { - "description": "Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.", + "description": "Kinds accepts a list of objects with apiGroups and kinds fields\nthat list the groups/kinds of objects to which the mutation will apply.\nIf multiple groups/kinds objects are specified,\nonly one match is needed for the resource to be in scope.", "properties": { "apiGroups": { - "description": "APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.", + "description": "APIGroups is the API groups the resources belong to. '*' is all groups.\nIf '*' is present, the length of the slice must be one.\nRequired.", "items": { "type": "string" }, @@ -61,23 +61,23 @@ "type": "array" }, "labelSelector": { - "description": "LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.", + "description": "LabelSelector is the combination of two optional fields: `matchLabels`\nand `matchExpressions`. These two fields provide different methods of\nselecting or excluding k8s objects based on the label keys and values\nincluded in object metadata. All selection expressions from both\nsections are ANDed to determine if an object meets the cumulative\nrequirements of the selector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -97,36 +97,37 @@ "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "name": { - "description": "Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "Name is the name of an object. If defined, it will match against objects with the specified\nname. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match\nboth `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "namespaceSelector": { - "description": "NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace.", + "description": "NamespaceSelector is a label selector against an object's containing\nnamespace or the object itself, if the object is a namespace.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -146,28 +147,29 @@ "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "namespaces": { - "description": "Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.", + "description": "Namespaces is a list of namespace names. If defined, a constraint only\napplies to resources in a listed namespace. Namespaces also supports a\nprefix or suffix based glob. For example, `namespaces: [kube-*]` matches both\n`kube-system` and `kube-public`, and `namespaces: [*-system]` matches both\n`kube-system` and `gatekeeper-system`.", "items": { - "description": "A string that supports globbing at its front or end. Ex: \"kube-*\" will match \"kube-system\" or \"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\". The asterisk is required for wildcard matching.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "A string that supports globbing at its front and end. Ex: \"kube-*\" will match \"kube-system\" or\n\"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\", \"*system*\" will\nmatch \"system-kube\" or \"kube-system\". The asterisk is required for wildcard matching.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "type": "array" }, "scope": { - "description": "Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)", + "description": "Scope determines if cluster-scoped and/or namespaced-scoped resources\nare matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)", "type": "string" }, "source": { - "description": "Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources.", + "description": "Source determines whether generated or original resources are matched.\nAccepts `Generated`|`Original`|`All` (defaults to `All`). A value of\n`Generated` will only match generated resources, while `Original` will only\nmatch regular resources.", "enum": [ "All", "Generated", @@ -189,7 +191,7 @@ "properties": { "dataSource": { "default": "ValueAtLocation", - "description": "DataSource specifies where to extract the data that will be sent to the external data provider as parameters.", + "description": "DataSource specifies where to extract the data that will be sent\nto the external data provider as parameters.", "enum": [ "ValueAtLocation", "Username" @@ -197,12 +199,12 @@ "type": "string" }, "default": { - "description": "Default specifies the default value to use when the external data provider returns an error and the failure policy is set to \"UseDefault\".", + "description": "Default specifies the default value to use when the external data\nprovider returns an error and the failure policy is set to \"UseDefault\".", "type": "string" }, "failurePolicy": { "default": "Fail", - "description": "FailurePolicy specifies the policy to apply when the external data provider returns an error.", + "description": "FailurePolicy specifies the policy to apply when the external data\nprovider returns an error.", "enum": [ "UseDefault", "Ignore", @@ -249,7 +251,7 @@ "description": "AssignMetadataStatus defines the observed state of AssignMetadata.", "properties": { "byPod": { - "description": "INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run \"make\" to regenerate code after modifying this file", + "description": "INSERT ADDITIONAL STATUS FIELD - define observed state of cluster\nImportant: Run \"make\" to regenerate code after modifying this file", "items": { "description": "MutatorPodStatusStatus defines the observed state of MutatorPodStatus.", "properties": { @@ -264,7 +266,7 @@ "type": "string" }, "type": { - "description": "Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.", + "description": "Type indicates a specific class of error for use by controller code.\nIf not present, the error should be treated as not matching any known type.", "type": "string" } }, @@ -280,7 +282,7 @@ "type": "string" }, "mutatorUID": { - "description": "Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch", + "description": "Storing the mutator UID allows us to detect drift, such as\nwhen a mutator has been recreated after its CRD was deleted\nout from under it, interrupting the watch", "type": "string" }, "observedGeneration": { diff --git a/mutations.gatekeeper.sh/assignmetadata_v1alpha1.json b/mutations.gatekeeper.sh/assignmetadata_v1alpha1.json index cb1d8ac1..2833d1af 100644 --- a/mutations.gatekeeper.sh/assignmetadata_v1alpha1.json +++ b/mutations.gatekeeper.sh/assignmetadata_v1alpha1.json @@ -2,11 +2,11 @@ "description": "AssignMetadata is the Schema for the assignmetadata API.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -19,23 +19,23 @@ "type": "string" }, "match": { - "description": "Match selects objects to apply mutations to.", + "description": "Match selects which objects are in scope.", "properties": { "excludedNamespaces": { - "description": "ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.", + "description": "ExcludedNamespaces is a list of namespace names. If defined, a\nconstraint only applies to resources not in a listed namespace.\nExcludedNamespaces also supports a prefix or suffix based glob. For example,\n`excludedNamespaces: [kube-*]` matches both `kube-system` and\n`kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and\n`gatekeeper-system`.", "items": { - "description": "A string that supports globbing at its front or end. Ex: \"kube-*\" will match \"kube-system\" or \"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\". The asterisk is required for wildcard matching.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "A string that supports globbing at its front and end. Ex: \"kube-*\" will match \"kube-system\" or\n\"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\", \"*system*\" will\nmatch \"system-kube\" or \"kube-system\". The asterisk is required for wildcard matching.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "type": "array" }, "kinds": { "items": { - "description": "Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.", + "description": "Kinds accepts a list of objects with apiGroups and kinds fields\nthat list the groups/kinds of objects to which the mutation will apply.\nIf multiple groups/kinds objects are specified,\nonly one match is needed for the resource to be in scope.", "properties": { "apiGroups": { - "description": "APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.", + "description": "APIGroups is the API groups the resources belong to. '*' is all groups.\nIf '*' is present, the length of the slice must be one.\nRequired.", "items": { "type": "string" }, @@ -54,23 +54,23 @@ "type": "array" }, "labelSelector": { - "description": "LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.", + "description": "LabelSelector is the combination of two optional fields: `matchLabels`\nand `matchExpressions`. These two fields provide different methods of\nselecting or excluding k8s objects based on the label keys and values\nincluded in object metadata. All selection expressions from both\nsections are ANDed to determine if an object meets the cumulative\nrequirements of the selector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -90,36 +90,37 @@ "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "name": { - "description": "Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "Name is the name of an object. If defined, it will match against objects with the specified\nname. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match\nboth `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "namespaceSelector": { - "description": "NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace.", + "description": "NamespaceSelector is a label selector against an object's containing\nnamespace or the object itself, if the object is a namespace.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -139,28 +140,29 @@ "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "namespaces": { - "description": "Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.", + "description": "Namespaces is a list of namespace names. If defined, a constraint only\napplies to resources in a listed namespace. Namespaces also supports a\nprefix or suffix based glob. For example, `namespaces: [kube-*]` matches both\n`kube-system` and `kube-public`, and `namespaces: [*-system]` matches both\n`kube-system` and `gatekeeper-system`.", "items": { - "description": "A string that supports globbing at its front or end. Ex: \"kube-*\" will match \"kube-system\" or \"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\". The asterisk is required for wildcard matching.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "A string that supports globbing at its front and end. Ex: \"kube-*\" will match \"kube-system\" or\n\"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\", \"*system*\" will\nmatch \"system-kube\" or \"kube-system\". The asterisk is required for wildcard matching.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "type": "array" }, "scope": { - "description": "Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)", + "description": "Scope determines if cluster-scoped and/or namespaced-scoped resources\nare matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)", "type": "string" }, "source": { - "description": "Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources.", + "description": "Source determines whether generated or original resources are matched.\nAccepts `Generated`|`Original`|`All` (defaults to `All`). A value of\n`Generated` will only match generated resources, while `Original` will only\nmatch regular resources.", "enum": [ "All", "Generated", @@ -182,7 +184,7 @@ "properties": { "dataSource": { "default": "ValueAtLocation", - "description": "DataSource specifies where to extract the data that will be sent to the external data provider as parameters.", + "description": "DataSource specifies where to extract the data that will be sent\nto the external data provider as parameters.", "enum": [ "ValueAtLocation", "Username" @@ -190,12 +192,12 @@ "type": "string" }, "default": { - "description": "Default specifies the default value to use when the external data provider returns an error and the failure policy is set to \"UseDefault\".", + "description": "Default specifies the default value to use when the external data\nprovider returns an error and the failure policy is set to \"UseDefault\".", "type": "string" }, "failurePolicy": { "default": "Fail", - "description": "FailurePolicy specifies the policy to apply when the external data provider returns an error.", + "description": "FailurePolicy specifies the policy to apply when the external data\nprovider returns an error.", "enum": [ "UseDefault", "Ignore", @@ -242,7 +244,7 @@ "description": "AssignMetadataStatus defines the observed state of AssignMetadata.", "properties": { "byPod": { - "description": "INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run \"make\" to regenerate code after modifying this file", + "description": "INSERT ADDITIONAL STATUS FIELD - define observed state of cluster\nImportant: Run \"make\" to regenerate code after modifying this file", "items": { "description": "MutatorPodStatusStatus defines the observed state of MutatorPodStatus.", "properties": { @@ -257,7 +259,7 @@ "type": "string" }, "type": { - "description": "Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.", + "description": "Type indicates a specific class of error for use by controller code.\nIf not present, the error should be treated as not matching any known type.", "type": "string" } }, @@ -273,7 +275,7 @@ "type": "string" }, "mutatorUID": { - "description": "Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch", + "description": "Storing the mutator UID allows us to detect drift, such as\nwhen a mutator has been recreated after its CRD was deleted\nout from under it, interrupting the watch", "type": "string" }, "observedGeneration": { diff --git a/mutations.gatekeeper.sh/assignmetadata_v1beta1.json b/mutations.gatekeeper.sh/assignmetadata_v1beta1.json index cb1d8ac1..2833d1af 100644 --- a/mutations.gatekeeper.sh/assignmetadata_v1beta1.json +++ b/mutations.gatekeeper.sh/assignmetadata_v1beta1.json @@ -2,11 +2,11 @@ "description": "AssignMetadata is the Schema for the assignmetadata API.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -19,23 +19,23 @@ "type": "string" }, "match": { - "description": "Match selects objects to apply mutations to.", + "description": "Match selects which objects are in scope.", "properties": { "excludedNamespaces": { - "description": "ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.", + "description": "ExcludedNamespaces is a list of namespace names. If defined, a\nconstraint only applies to resources not in a listed namespace.\nExcludedNamespaces also supports a prefix or suffix based glob. For example,\n`excludedNamespaces: [kube-*]` matches both `kube-system` and\n`kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and\n`gatekeeper-system`.", "items": { - "description": "A string that supports globbing at its front or end. Ex: \"kube-*\" will match \"kube-system\" or \"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\". The asterisk is required for wildcard matching.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "A string that supports globbing at its front and end. Ex: \"kube-*\" will match \"kube-system\" or\n\"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\", \"*system*\" will\nmatch \"system-kube\" or \"kube-system\". The asterisk is required for wildcard matching.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "type": "array" }, "kinds": { "items": { - "description": "Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.", + "description": "Kinds accepts a list of objects with apiGroups and kinds fields\nthat list the groups/kinds of objects to which the mutation will apply.\nIf multiple groups/kinds objects are specified,\nonly one match is needed for the resource to be in scope.", "properties": { "apiGroups": { - "description": "APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.", + "description": "APIGroups is the API groups the resources belong to. '*' is all groups.\nIf '*' is present, the length of the slice must be one.\nRequired.", "items": { "type": "string" }, @@ -54,23 +54,23 @@ "type": "array" }, "labelSelector": { - "description": "LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.", + "description": "LabelSelector is the combination of two optional fields: `matchLabels`\nand `matchExpressions`. These two fields provide different methods of\nselecting or excluding k8s objects based on the label keys and values\nincluded in object metadata. All selection expressions from both\nsections are ANDed to determine if an object meets the cumulative\nrequirements of the selector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -90,36 +90,37 @@ "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "name": { - "description": "Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "Name is the name of an object. If defined, it will match against objects with the specified\nname. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match\nboth `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "namespaceSelector": { - "description": "NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace.", + "description": "NamespaceSelector is a label selector against an object's containing\nnamespace or the object itself, if the object is a namespace.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -139,28 +140,29 @@ "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "namespaces": { - "description": "Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.", + "description": "Namespaces is a list of namespace names. If defined, a constraint only\napplies to resources in a listed namespace. Namespaces also supports a\nprefix or suffix based glob. For example, `namespaces: [kube-*]` matches both\n`kube-system` and `kube-public`, and `namespaces: [*-system]` matches both\n`kube-system` and `gatekeeper-system`.", "items": { - "description": "A string that supports globbing at its front or end. Ex: \"kube-*\" will match \"kube-system\" or \"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\". The asterisk is required for wildcard matching.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "A string that supports globbing at its front and end. Ex: \"kube-*\" will match \"kube-system\" or\n\"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\", \"*system*\" will\nmatch \"system-kube\" or \"kube-system\". The asterisk is required for wildcard matching.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "type": "array" }, "scope": { - "description": "Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)", + "description": "Scope determines if cluster-scoped and/or namespaced-scoped resources\nare matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)", "type": "string" }, "source": { - "description": "Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources.", + "description": "Source determines whether generated or original resources are matched.\nAccepts `Generated`|`Original`|`All` (defaults to `All`). A value of\n`Generated` will only match generated resources, while `Original` will only\nmatch regular resources.", "enum": [ "All", "Generated", @@ -182,7 +184,7 @@ "properties": { "dataSource": { "default": "ValueAtLocation", - "description": "DataSource specifies where to extract the data that will be sent to the external data provider as parameters.", + "description": "DataSource specifies where to extract the data that will be sent\nto the external data provider as parameters.", "enum": [ "ValueAtLocation", "Username" @@ -190,12 +192,12 @@ "type": "string" }, "default": { - "description": "Default specifies the default value to use when the external data provider returns an error and the failure policy is set to \"UseDefault\".", + "description": "Default specifies the default value to use when the external data\nprovider returns an error and the failure policy is set to \"UseDefault\".", "type": "string" }, "failurePolicy": { "default": "Fail", - "description": "FailurePolicy specifies the policy to apply when the external data provider returns an error.", + "description": "FailurePolicy specifies the policy to apply when the external data\nprovider returns an error.", "enum": [ "UseDefault", "Ignore", @@ -242,7 +244,7 @@ "description": "AssignMetadataStatus defines the observed state of AssignMetadata.", "properties": { "byPod": { - "description": "INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run \"make\" to regenerate code after modifying this file", + "description": "INSERT ADDITIONAL STATUS FIELD - define observed state of cluster\nImportant: Run \"make\" to regenerate code after modifying this file", "items": { "description": "MutatorPodStatusStatus defines the observed state of MutatorPodStatus.", "properties": { @@ -257,7 +259,7 @@ "type": "string" }, "type": { - "description": "Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.", + "description": "Type indicates a specific class of error for use by controller code.\nIf not present, the error should be treated as not matching any known type.", "type": "string" } }, @@ -273,7 +275,7 @@ "type": "string" }, "mutatorUID": { - "description": "Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch", + "description": "Storing the mutator UID allows us to detect drift, such as\nwhen a mutator has been recreated after its CRD was deleted\nout from under it, interrupting the watch", "type": "string" }, "observedGeneration": { diff --git a/mutations.gatekeeper.sh/modifyset_v1.json b/mutations.gatekeeper.sh/modifyset_v1.json index 4e03d682..44871a88 100644 --- a/mutations.gatekeeper.sh/modifyset_v1.json +++ b/mutations.gatekeeper.sh/modifyset_v1.json @@ -1,12 +1,12 @@ { - "description": "ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container.", + "description": "ModifySet allows the user to modify non-keyed lists, such as\nthe list of arguments to a container.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -23,9 +23,9 @@ "description": "ModifySetSpec defines the desired state of ModifySet.", "properties": { "applyTo": { - "description": "ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs.", + "description": "ApplyTo lists the specific groups, versions and kinds a mutation will be applied to.\nThis is necessary because every mutation implies part of an object schema and object\nschemas are associated with specific GVKs.", "items": { - "description": "ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed.", + "description": "ApplyTo determines what GVKs items the mutation should apply to.\nGlobs are not allowed.", "properties": { "groups": { "items": { @@ -56,23 +56,23 @@ "type": "string" }, "match": { - "description": "Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything.", + "description": "Match allows the user to limit which resources get mutated.\nIndividual match criteria are AND-ed together. An undefined\nmatch criteria matches everything.", "properties": { "excludedNamespaces": { - "description": "ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.", + "description": "ExcludedNamespaces is a list of namespace names. If defined, a\nconstraint only applies to resources not in a listed namespace.\nExcludedNamespaces also supports a prefix or suffix based glob. For example,\n`excludedNamespaces: [kube-*]` matches both `kube-system` and\n`kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and\n`gatekeeper-system`.", "items": { - "description": "A string that supports globbing at its front or end. Ex: \"kube-*\" will match \"kube-system\" or \"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\". The asterisk is required for wildcard matching.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "A string that supports globbing at its front and end. Ex: \"kube-*\" will match \"kube-system\" or\n\"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\", \"*system*\" will\nmatch \"system-kube\" or \"kube-system\". The asterisk is required for wildcard matching.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "type": "array" }, "kinds": { "items": { - "description": "Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.", + "description": "Kinds accepts a list of objects with apiGroups and kinds fields\nthat list the groups/kinds of objects to which the mutation will apply.\nIf multiple groups/kinds objects are specified,\nonly one match is needed for the resource to be in scope.", "properties": { "apiGroups": { - "description": "APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.", + "description": "APIGroups is the API groups the resources belong to. '*' is all groups.\nIf '*' is present, the length of the slice must be one.\nRequired.", "items": { "type": "string" }, @@ -91,23 +91,23 @@ "type": "array" }, "labelSelector": { - "description": "LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.", + "description": "LabelSelector is the combination of two optional fields: `matchLabels`\nand `matchExpressions`. These two fields provide different methods of\nselecting or excluding k8s objects based on the label keys and values\nincluded in object metadata. All selection expressions from both\nsections are ANDed to determine if an object meets the cumulative\nrequirements of the selector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -127,36 +127,37 @@ "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "name": { - "description": "Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "Name is the name of an object. If defined, it will match against objects with the specified\nname. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match\nboth `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "namespaceSelector": { - "description": "NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace.", + "description": "NamespaceSelector is a label selector against an object's containing\nnamespace or the object itself, if the object is a namespace.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -176,28 +177,29 @@ "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "namespaces": { - "description": "Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.", + "description": "Namespaces is a list of namespace names. If defined, a constraint only\napplies to resources in a listed namespace. Namespaces also supports a\nprefix or suffix based glob. For example, `namespaces: [kube-*]` matches both\n`kube-system` and `kube-public`, and `namespaces: [*-system]` matches both\n`kube-system` and `gatekeeper-system`.", "items": { - "description": "A string that supports globbing at its front or end. Ex: \"kube-*\" will match \"kube-system\" or \"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\". The asterisk is required for wildcard matching.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "A string that supports globbing at its front and end. Ex: \"kube-*\" will match \"kube-system\" or\n\"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\", \"*system*\" will\nmatch \"system-kube\" or \"kube-system\". The asterisk is required for wildcard matching.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "type": "array" }, "scope": { - "description": "Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)", + "description": "Scope determines if cluster-scoped and/or namespaced-scoped resources\nare matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)", "type": "string" }, "source": { - "description": "Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources.", + "description": "Source determines whether generated or original resources are matched.\nAccepts `Generated`|`Original`|`All` (defaults to `All`). A value of\n`Generated` will only match generated resources, while `Original` will only\nmatch regular resources.", "enum": [ "All", "Generated", @@ -222,9 +224,9 @@ "type": "string" }, "pathTests": { - "description": "PathTests are a series of existence tests that can be checked before a mutation is applied", + "description": "PathTests are a series of existence tests that can be checked\nbefore a mutation is applied", "items": { - "description": "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate.", + "description": "PathTest allows the user to customize how the mutation works if parent\npaths are missing. It traverses the list in order. All sub paths are\ntested against the provided condition, if the test fails, the mutation is\nnot applied. All `subPath` entries must be a prefix of `location`. Any\nglob characters will take on the same value as was used to\nexpand the matching glob in `location`.\n\n\nAvailable Tests:\n* MustExist - the path must exist or do not mutate\n* MustNotExist - the path must not exist or do not mutate.", "properties": { "condition": { "description": "Condition describes whether the path either MustExist or MustNotExist in the original object", @@ -274,7 +276,7 @@ "type": "string" }, "type": { - "description": "Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.", + "description": "Type indicates a specific class of error for use by controller code.\nIf not present, the error should be treated as not matching any known type.", "type": "string" } }, @@ -290,7 +292,7 @@ "type": "string" }, "mutatorUID": { - "description": "Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch", + "description": "Storing the mutator UID allows us to detect drift, such as\nwhen a mutator has been recreated after its CRD was deleted\nout from under it, interrupting the watch", "type": "string" }, "observedGeneration": { diff --git a/mutations.gatekeeper.sh/modifyset_v1alpha1.json b/mutations.gatekeeper.sh/modifyset_v1alpha1.json index bb2cb6e5..c44a64e5 100644 --- a/mutations.gatekeeper.sh/modifyset_v1alpha1.json +++ b/mutations.gatekeeper.sh/modifyset_v1alpha1.json @@ -1,12 +1,12 @@ { - "description": "ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container.", + "description": "ModifySet allows the user to modify non-keyed lists, such as\nthe list of arguments to a container.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -16,9 +16,9 @@ "description": "ModifySetSpec defines the desired state of ModifySet.", "properties": { "applyTo": { - "description": "ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs.", + "description": "ApplyTo lists the specific groups, versions and kinds a mutation will be applied to.\nThis is necessary because every mutation implies part of an object schema and object\nschemas are associated with specific GVKs.", "items": { - "description": "ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed.", + "description": "ApplyTo determines what GVKs items the mutation should apply to.\nGlobs are not allowed.", "properties": { "groups": { "items": { @@ -49,23 +49,23 @@ "type": "string" }, "match": { - "description": "Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything.", + "description": "Match allows the user to limit which resources get mutated.\nIndividual match criteria are AND-ed together. An undefined\nmatch criteria matches everything.", "properties": { "excludedNamespaces": { - "description": "ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.", + "description": "ExcludedNamespaces is a list of namespace names. If defined, a\nconstraint only applies to resources not in a listed namespace.\nExcludedNamespaces also supports a prefix or suffix based glob. For example,\n`excludedNamespaces: [kube-*]` matches both `kube-system` and\n`kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and\n`gatekeeper-system`.", "items": { - "description": "A string that supports globbing at its front or end. Ex: \"kube-*\" will match \"kube-system\" or \"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\". The asterisk is required for wildcard matching.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "A string that supports globbing at its front and end. Ex: \"kube-*\" will match \"kube-system\" or\n\"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\", \"*system*\" will\nmatch \"system-kube\" or \"kube-system\". The asterisk is required for wildcard matching.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "type": "array" }, "kinds": { "items": { - "description": "Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.", + "description": "Kinds accepts a list of objects with apiGroups and kinds fields\nthat list the groups/kinds of objects to which the mutation will apply.\nIf multiple groups/kinds objects are specified,\nonly one match is needed for the resource to be in scope.", "properties": { "apiGroups": { - "description": "APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.", + "description": "APIGroups is the API groups the resources belong to. '*' is all groups.\nIf '*' is present, the length of the slice must be one.\nRequired.", "items": { "type": "string" }, @@ -84,23 +84,23 @@ "type": "array" }, "labelSelector": { - "description": "LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.", + "description": "LabelSelector is the combination of two optional fields: `matchLabels`\nand `matchExpressions`. These two fields provide different methods of\nselecting or excluding k8s objects based on the label keys and values\nincluded in object metadata. All selection expressions from both\nsections are ANDed to determine if an object meets the cumulative\nrequirements of the selector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -120,36 +120,37 @@ "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "name": { - "description": "Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "Name is the name of an object. If defined, it will match against objects with the specified\nname. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match\nboth `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "namespaceSelector": { - "description": "NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace.", + "description": "NamespaceSelector is a label selector against an object's containing\nnamespace or the object itself, if the object is a namespace.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -169,28 +170,29 @@ "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "namespaces": { - "description": "Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.", + "description": "Namespaces is a list of namespace names. If defined, a constraint only\napplies to resources in a listed namespace. Namespaces also supports a\nprefix or suffix based glob. For example, `namespaces: [kube-*]` matches both\n`kube-system` and `kube-public`, and `namespaces: [*-system]` matches both\n`kube-system` and `gatekeeper-system`.", "items": { - "description": "A string that supports globbing at its front or end. Ex: \"kube-*\" will match \"kube-system\" or \"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\". The asterisk is required for wildcard matching.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "A string that supports globbing at its front and end. Ex: \"kube-*\" will match \"kube-system\" or\n\"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\", \"*system*\" will\nmatch \"system-kube\" or \"kube-system\". The asterisk is required for wildcard matching.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "type": "array" }, "scope": { - "description": "Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)", + "description": "Scope determines if cluster-scoped and/or namespaced-scoped resources\nare matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)", "type": "string" }, "source": { - "description": "Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources.", + "description": "Source determines whether generated or original resources are matched.\nAccepts `Generated`|`Original`|`All` (defaults to `All`). A value of\n`Generated` will only match generated resources, while `Original` will only\nmatch regular resources.", "enum": [ "All", "Generated", @@ -215,9 +217,9 @@ "type": "string" }, "pathTests": { - "description": "PathTests are a series of existence tests that can be checked before a mutation is applied", + "description": "PathTests are a series of existence tests that can be checked\nbefore a mutation is applied", "items": { - "description": "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate.", + "description": "PathTest allows the user to customize how the mutation works if parent\npaths are missing. It traverses the list in order. All sub paths are\ntested against the provided condition, if the test fails, the mutation is\nnot applied. All `subPath` entries must be a prefix of `location`. Any\nglob characters will take on the same value as was used to\nexpand the matching glob in `location`.\n\n\nAvailable Tests:\n* MustExist - the path must exist or do not mutate\n* MustNotExist - the path must not exist or do not mutate.", "properties": { "condition": { "description": "Condition describes whether the path either MustExist or MustNotExist in the original object", @@ -267,7 +269,7 @@ "type": "string" }, "type": { - "description": "Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.", + "description": "Type indicates a specific class of error for use by controller code.\nIf not present, the error should be treated as not matching any known type.", "type": "string" } }, @@ -283,7 +285,7 @@ "type": "string" }, "mutatorUID": { - "description": "Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch", + "description": "Storing the mutator UID allows us to detect drift, such as\nwhen a mutator has been recreated after its CRD was deleted\nout from under it, interrupting the watch", "type": "string" }, "observedGeneration": { diff --git a/mutations.gatekeeper.sh/modifyset_v1beta1.json b/mutations.gatekeeper.sh/modifyset_v1beta1.json index bb2cb6e5..c44a64e5 100644 --- a/mutations.gatekeeper.sh/modifyset_v1beta1.json +++ b/mutations.gatekeeper.sh/modifyset_v1beta1.json @@ -1,12 +1,12 @@ { - "description": "ModifySet allows the user to modify non-keyed lists, such as the list of arguments to a container.", + "description": "ModifySet allows the user to modify non-keyed lists, such as\nthe list of arguments to a container.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -16,9 +16,9 @@ "description": "ModifySetSpec defines the desired state of ModifySet.", "properties": { "applyTo": { - "description": "ApplyTo lists the specific groups, versions and kinds a mutation will be applied to. This is necessary because every mutation implies part of an object schema and object schemas are associated with specific GVKs.", + "description": "ApplyTo lists the specific groups, versions and kinds a mutation will be applied to.\nThis is necessary because every mutation implies part of an object schema and object\nschemas are associated with specific GVKs.", "items": { - "description": "ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed.", + "description": "ApplyTo determines what GVKs items the mutation should apply to.\nGlobs are not allowed.", "properties": { "groups": { "items": { @@ -49,23 +49,23 @@ "type": "string" }, "match": { - "description": "Match allows the user to limit which resources get mutated. Individual match criteria are AND-ed together. An undefined match criteria matches everything.", + "description": "Match allows the user to limit which resources get mutated.\nIndividual match criteria are AND-ed together. An undefined\nmatch criteria matches everything.", "properties": { "excludedNamespaces": { - "description": "ExcludedNamespaces is a list of namespace names. If defined, a constraint only applies to resources not in a listed namespace. ExcludedNamespaces also supports a prefix or suffix based glob. For example, `excludedNamespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.", + "description": "ExcludedNamespaces is a list of namespace names. If defined, a\nconstraint only applies to resources not in a listed namespace.\nExcludedNamespaces also supports a prefix or suffix based glob. For example,\n`excludedNamespaces: [kube-*]` matches both `kube-system` and\n`kube-public`, and `excludedNamespaces: [*-system]` matches both `kube-system` and\n`gatekeeper-system`.", "items": { - "description": "A string that supports globbing at its front or end. Ex: \"kube-*\" will match \"kube-system\" or \"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\". The asterisk is required for wildcard matching.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "A string that supports globbing at its front and end. Ex: \"kube-*\" will match \"kube-system\" or\n\"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\", \"*system*\" will\nmatch \"system-kube\" or \"kube-system\". The asterisk is required for wildcard matching.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "type": "array" }, "kinds": { "items": { - "description": "Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.", + "description": "Kinds accepts a list of objects with apiGroups and kinds fields\nthat list the groups/kinds of objects to which the mutation will apply.\nIf multiple groups/kinds objects are specified,\nonly one match is needed for the resource to be in scope.", "properties": { "apiGroups": { - "description": "APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.", + "description": "APIGroups is the API groups the resources belong to. '*' is all groups.\nIf '*' is present, the length of the slice must be one.\nRequired.", "items": { "type": "string" }, @@ -84,23 +84,23 @@ "type": "array" }, "labelSelector": { - "description": "LabelSelector is the combination of two optional fields: `matchLabels` and `matchExpressions`. These two fields provide different methods of selecting or excluding k8s objects based on the label keys and values included in object metadata. All selection expressions from both sections are ANDed to determine if an object meets the cumulative requirements of the selector.", + "description": "LabelSelector is the combination of two optional fields: `matchLabels`\nand `matchExpressions`. These two fields provide different methods of\nselecting or excluding k8s objects based on the label keys and values\nincluded in object metadata. All selection expressions from both\nsections are ANDed to determine if an object meets the cumulative\nrequirements of the selector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -120,36 +120,37 @@ "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "name": { - "description": "Name is the name of an object. If defined, it will match against objects with the specified name. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match both `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "Name is the name of an object. If defined, it will match against objects with the specified\nname. Name also supports a prefix or suffix glob. For example, `name: pod-*` would match\nboth `pod-a` and `pod-b`, and `name: *-pod` would match both `a-pod` and `b-pod`.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "namespaceSelector": { - "description": "NamespaceSelector is a label selector against an object's containing namespace or the object itself, if the object is a namespace.", + "description": "NamespaceSelector is a label selector against an object's containing\nnamespace or the object itself, if the object is a namespace.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, @@ -169,28 +170,29 @@ "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "namespaces": { - "description": "Namespaces is a list of namespace names. If defined, a constraint only applies to resources in a listed namespace. Namespaces also supports a prefix or suffix based glob. For example, `namespaces: [kube-*]` matches both `kube-system` and `kube-public`, and `namespaces: [*-system]` matches both `kube-system` and `gatekeeper-system`.", + "description": "Namespaces is a list of namespace names. If defined, a constraint only\napplies to resources in a listed namespace. Namespaces also supports a\nprefix or suffix based glob. For example, `namespaces: [kube-*]` matches both\n`kube-system` and `kube-public`, and `namespaces: [*-system]` matches both\n`kube-system` and `gatekeeper-system`.", "items": { - "description": "A string that supports globbing at its front or end. Ex: \"kube-*\" will match \"kube-system\" or \"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\". The asterisk is required for wildcard matching.", - "pattern": "^(\\*|\\*-)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\*|-\\*)?$", + "description": "A string that supports globbing at its front and end. Ex: \"kube-*\" will match \"kube-system\" or\n\"kube-public\", \"*-system\" will match \"kube-system\" or \"gatekeeper-system\", \"*system*\" will\nmatch \"system-kube\" or \"kube-system\". The asterisk is required for wildcard matching.", + "pattern": "^\\*?[-:a-z0-9]*\\*?$", "type": "string" }, "type": "array" }, "scope": { - "description": "Scope determines if cluster-scoped and/or namespaced-scoped resources are matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)", + "description": "Scope determines if cluster-scoped and/or namespaced-scoped resources\nare matched. Accepts `*`, `Cluster`, or `Namespaced`. (defaults to `*`)", "type": "string" }, "source": { - "description": "Source determines whether generated or original resources are matched. Accepts `Generated`|`Original`|`All` (defaults to `All`). A value of `Generated` will only match generated resources, while `Original` will only match regular resources.", + "description": "Source determines whether generated or original resources are matched.\nAccepts `Generated`|`Original`|`All` (defaults to `All`). A value of\n`Generated` will only match generated resources, while `Original` will only\nmatch regular resources.", "enum": [ "All", "Generated", @@ -215,9 +217,9 @@ "type": "string" }, "pathTests": { - "description": "PathTests are a series of existence tests that can be checked before a mutation is applied", + "description": "PathTests are a series of existence tests that can be checked\nbefore a mutation is applied", "items": { - "description": "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate.", + "description": "PathTest allows the user to customize how the mutation works if parent\npaths are missing. It traverses the list in order. All sub paths are\ntested against the provided condition, if the test fails, the mutation is\nnot applied. All `subPath` entries must be a prefix of `location`. Any\nglob characters will take on the same value as was used to\nexpand the matching glob in `location`.\n\n\nAvailable Tests:\n* MustExist - the path must exist or do not mutate\n* MustNotExist - the path must not exist or do not mutate.", "properties": { "condition": { "description": "Condition describes whether the path either MustExist or MustNotExist in the original object", @@ -267,7 +269,7 @@ "type": "string" }, "type": { - "description": "Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.", + "description": "Type indicates a specific class of error for use by controller code.\nIf not present, the error should be treated as not matching any known type.", "type": "string" } }, @@ -283,7 +285,7 @@ "type": "string" }, "mutatorUID": { - "description": "Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch", + "description": "Storing the mutator UID allows us to detect drift, such as\nwhen a mutator has been recreated after its CRD was deleted\nout from under it, interrupting the watch", "type": "string" }, "observedGeneration": { diff --git a/status.gatekeeper.sh/constraintpodstatus_v1beta1.json b/status.gatekeeper.sh/constraintpodstatus_v1beta1.json index 189c6c91..6f5c2187 100644 --- a/status.gatekeeper.sh/constraintpodstatus_v1beta1.json +++ b/status.gatekeeper.sh/constraintpodstatus_v1beta1.json @@ -2,11 +2,11 @@ "description": "ConstraintPodStatus is the Schema for the constraintpodstatuses API.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -16,7 +16,7 @@ "description": "ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus.", "properties": { "constraintUID": { - "description": "Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch", + "description": "Storing the constraint UID allows us to detect drift, such as\nwhen a constraint has been recreated after its CRD was deleted\nout from under it, interrupting the watch", "type": "string" }, "enforced": { @@ -24,7 +24,7 @@ }, "errors": { "items": { - "description": "Error represents a single error caught while adding a constraint to OPA.", + "description": "Error represents a single error caught while adding a constraint to engine.", "properties": { "code": { "type": "string" diff --git a/status.gatekeeper.sh/constrainttemplatepodstatus_v1beta1.json b/status.gatekeeper.sh/constrainttemplatepodstatus_v1beta1.json index aa4e44e5..80929004 100644 --- a/status.gatekeeper.sh/constrainttemplatepodstatus_v1beta1.json +++ b/status.gatekeeper.sh/constrainttemplatepodstatus_v1beta1.json @@ -2,11 +2,11 @@ "description": "ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -53,7 +53,7 @@ "type": "array" }, "templateUID": { - "description": "UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated.", + "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", "type": "string" } }, diff --git a/status.gatekeeper.sh/expansiontemplatepodstatus_v1beta1.json b/status.gatekeeper.sh/expansiontemplatepodstatus_v1beta1.json new file mode 100644 index 00000000..e6344e0b --- /dev/null +++ b/status.gatekeeper.sh/expansiontemplatepodstatus_v1beta1.json @@ -0,0 +1,61 @@ +{ + "description": "ExpansionTemplatePodStatus is the Schema for the expansiontemplatepodstatuses API.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "status": { + "description": "ExpansionTemplatePodStatusStatus defines the observed state of ExpansionTemplatePodStatus.", + "properties": { + "errors": { + "items": { + "properties": { + "message": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "id": { + "description": "Important: Run \"make\" to regenerate code after modifying this file", + "type": "string" + }, + "observedGeneration": { + "format": "int64", + "type": "integer" + }, + "operations": { + "items": { + "type": "string" + }, + "type": "array" + }, + "templateUID": { + "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" + } + \ No newline at end of file diff --git a/status.gatekeeper.sh/mutatorpodstatus_v1beta1.json b/status.gatekeeper.sh/mutatorpodstatus_v1beta1.json index adb6bb84..40174c00 100644 --- a/status.gatekeeper.sh/mutatorpodstatus_v1beta1.json +++ b/status.gatekeeper.sh/mutatorpodstatus_v1beta1.json @@ -2,11 +2,11 @@ "description": "MutatorPodStatus is the Schema for the mutationpodstatuses API.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -26,7 +26,7 @@ "type": "string" }, "type": { - "description": "Type indicates a specific class of error for use by controller code. If not present, the error should be treated as not matching any known type.", + "description": "Type indicates a specific class of error for use by controller code.\nIf not present, the error should be treated as not matching any known type.", "type": "string" } }, @@ -42,7 +42,7 @@ "type": "string" }, "mutatorUID": { - "description": "Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch", + "description": "Storing the mutator UID allows us to detect drift, such as\nwhen a mutator has been recreated after its CRD was deleted\nout from under it, interrupting the watch", "type": "string" }, "observedGeneration": { diff --git a/syncset.gatekeeper.sh/syncset_v1alpha1.json b/syncset.gatekeeper.sh/syncset_v1alpha1.json new file mode 100644 index 00000000..6d5bbef4 --- /dev/null +++ b/syncset.gatekeeper.sh/syncset_v1alpha1.json @@ -0,0 +1,49 @@ +{ + "description": "SyncSet defines which resources Gatekeeper will cache. The union of all SyncSets plus the syncOnly field of Gatekeeper's Config resource defines the sets of resources that will be synced.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "properties": { + "name": { + "maxLength": 63, + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "spec": { + "properties": { + "gvks": { + "items": { + "properties": { + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" + } + \ No newline at end of file diff --git a/templates.gatekeeper.sh/constrainttemplate_v1.json b/templates.gatekeeper.sh/constrainttemplate_v1.json index 97c1e626..168c959d 100644 --- a/templates.gatekeeper.sh/constrainttemplate_v1.json +++ b/templates.gatekeeper.sh/constrainttemplate_v1.json @@ -2,11 +2,11 @@ "description": "ConstraintTemplate is the Schema for the constrainttemplates API", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -62,6 +62,32 @@ "targets": { "items": { "properties": { + "code": { + "description": "The source code options for the constraint template. \"Rego\" can only\nbe specified in one place (either here or in the \"rego\" field)", + "items": { + "properties": { + "engine": { + "description": "The engine used to evaluate the code. Example: \"Rego\". Required.", + "type": "string" + }, + "source": { + "description": "The source code for the template. Required.", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "required": [ + "engine", + "source" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "engine" + ], + "x-kubernetes-list-type": "map" + }, "libs": { "items": { "type": "string" @@ -89,7 +115,7 @@ "properties": { "byPod": { "items": { - "description": "ByPodStatus defines the observed state of ConstraintTemplate as seen by an individual controller", + "description": "ByPodStatus defines the observed state of ConstraintTemplate as seen by\nan individual controller", "properties": { "errors": { "items": { diff --git a/templates.gatekeeper.sh/constrainttemplate_v1alpha1.json b/templates.gatekeeper.sh/constrainttemplate_v1alpha1.json index 96290495..51dff02a 100644 --- a/templates.gatekeeper.sh/constrainttemplate_v1alpha1.json +++ b/templates.gatekeeper.sh/constrainttemplate_v1alpha1.json @@ -2,11 +2,11 @@ "description": "ConstraintTemplate is the Schema for the constrainttemplates API", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -62,6 +62,32 @@ "targets": { "items": { "properties": { + "code": { + "description": "The source code options for the constraint template. \"Rego\" can only\nbe specified in one place (either here or in the \"rego\" field)", + "items": { + "properties": { + "engine": { + "description": "The engine used to evaluate the code. Example: \"Rego\". Required.", + "type": "string" + }, + "source": { + "description": "The source code for the template. Required.", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "required": [ + "engine", + "source" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "engine" + ], + "x-kubernetes-list-type": "map" + }, "libs": { "items": { "type": "string" @@ -89,7 +115,7 @@ "properties": { "byPod": { "items": { - "description": "ByPodStatus defines the observed state of ConstraintTemplate as seen by an individual controller", + "description": "ByPodStatus defines the observed state of ConstraintTemplate as seen by\nan individual controller", "properties": { "errors": { "items": { diff --git a/templates.gatekeeper.sh/constrainttemplate_v1beta1.json b/templates.gatekeeper.sh/constrainttemplate_v1beta1.json index 96290495..51dff02a 100644 --- a/templates.gatekeeper.sh/constrainttemplate_v1beta1.json +++ b/templates.gatekeeper.sh/constrainttemplate_v1beta1.json @@ -2,11 +2,11 @@ "description": "ConstraintTemplate is the Schema for the constrainttemplates API", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -62,6 +62,32 @@ "targets": { "items": { "properties": { + "code": { + "description": "The source code options for the constraint template. \"Rego\" can only\nbe specified in one place (either here or in the \"rego\" field)", + "items": { + "properties": { + "engine": { + "description": "The engine used to evaluate the code. Example: \"Rego\". Required.", + "type": "string" + }, + "source": { + "description": "The source code for the template. Required.", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "required": [ + "engine", + "source" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "engine" + ], + "x-kubernetes-list-type": "map" + }, "libs": { "items": { "type": "string" @@ -89,7 +115,7 @@ "properties": { "byPod": { "items": { - "description": "ByPodStatus defines the observed state of ConstraintTemplate as seen by an individual controller", + "description": "ByPodStatus defines the observed state of ConstraintTemplate as seen by\nan individual controller", "properties": { "errors": { "items": {