Skip to content

Commit

Permalink
Merge pull request kyverno#1352 from kyverno/1332_wildcards_in_labels
Browse files Browse the repository at this point in the history 
1332 wildcards in labels and annotations
  • Loading branch information
@JimBugwadia
JimBugwadia authored Dec 3, 2020
2 parents 733cd06 + 981bb1c commit 9cae63e
Show file tree
Hide file tree
Showing 13 changed files with 1,218 additions and 3,007 deletions.
1,283 changes: 310 additions & 973 deletions charts/kyverno/crds/crds.yaml
View file

Large diffs are not rendered by default.

72 changes: 48 additions & 24 deletions definitions/crds/kyverno.io_clusterpolicies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,13 +54,16 @@ spec:
name).
type: boolean
rules:
description: Rules is a list of Rule instances
description: Rules is a list of Rule instances. A Policy contains
multiple rules and each rule can validate, mutate, or generate resources.
items:
description: Rule defines a validation, mutation, or generation
control for matching resources.
control for matching resources. Each rules contains a match declaration
to select resources, and an optional exclude declaration to specify
which resources to exclude.
properties:
context:
description: Context defines data sources and variables that
description: Context defines variables and data sources that
can be used during rule execution.
items:
description: ContextEntry adds variables and data sources
Expand All @@ -79,8 +82,10 @@ spec:
type: object
type: array
exclude:
description: ExcludeResources selects resources to which the
policy rule should not be applied.
description: ExcludeResources defines when this policy rule
should not be applied. The exclude criteria can include resource
information (e.g. kind, name, namespace, labels) and admission
review request information like the name or role.
properties:
clusterRoles:
description: ClusterRoles is the list of cluster-wide role
Expand All @@ -95,10 +100,11 @@ spec:
annotations:
additionalProperties:
type: string
description: Annotations is a map of annotations (string
key-value pairs). Annotation values supports wildcard
characters "*" (matches zero or many characters) and
"?" (at least one character).
description: Annotations is a map of annotations (key-value
pairs of type string). Annotation keys and values
support the wildcard characters "*" (matches zero
or many characters) and "?" (matches at least one
character).
type: object
kinds:
description: Kinds is a list of resource kinds.
Expand All @@ -118,7 +124,13 @@ spec:
type: string
type: array
selector:
description: Selector is a label selector.
description: 'Selector is a label selector. Label keys
and values in `matchLabels` support the wildcard characters
`*` (matches zero or many characters) and `?` (matches
one character). Wildcards allows writing label selectors
like ["storage.k8s.io/*": "*"]. Note that using ["*"
: "*"] matches any key and value but does not match
an empty label set.'
properties:
matchExpressions:
description: matchExpressions is a list of label
Expand Down Expand Up @@ -208,7 +220,7 @@ spec:
type: array
type: object
generate:
description: Generation creates new resources.
description: Generation is used to create new resources.
properties:
apiVersion:
description: APIVersion specifies resource apiVersion.
Expand Down Expand Up @@ -246,8 +258,11 @@ spec:
type: boolean
type: object
match:
description: MatchResources selects resources to which the policy
rule should be applied. At least one kind is required.
description: MatchResources defines when this policy rule should
be applied. The match criteria can include resource information
(e.g. kind, name, namespace, labels) and admission review
request information like the user name or role. At least one
kind is required.
properties:
clusterRoles:
description: ClusterRoles is the list of cluster-wide role
Expand All @@ -262,10 +277,11 @@ spec:
annotations:
additionalProperties:
type: string
description: Annotations is a map of annotations (string
key-value pairs). Annotation values supports wildcard
characters "*" (matches zero or many characters) and
"?" (at least one character).
description: Annotations is a map of annotations (key-value
pairs of type string). Annotation keys and values
support the wildcard characters "*" (matches zero
or many characters) and "?" (matches at least one
character).
type: object
kinds:
description: Kinds is a list of resource kinds.
Expand All @@ -285,7 +301,13 @@ spec:
type: string
type: array
selector:
description: Selector is a label selector.
description: 'Selector is a label selector. Label keys
and values in `matchLabels` support the wildcard characters
`*` (matches zero or many characters) and `?` (matches
one character). Wildcards allows writing label selectors
like ["storage.k8s.io/*": "*"]. Note that using ["*"
: "*"] matches any key and value but does not match
an empty label set.'
properties:
matchExpressions:
description: matchExpressions is a list of label
Expand Down Expand Up @@ -375,7 +397,7 @@ spec:
type: array
type: object
mutate:
description: Mutation modifies matching resources.
description: Mutation is used to modify matching resources.
properties:
overlay:
description: Overlay specifies an overlay pattern to modify
Expand Down Expand Up @@ -415,12 +437,14 @@ spec:
type: string
type: object
name:
description: Name is a label to identify the rule, Must be unique
within the policy.
description: Name is a label to identify the rule, It must be
unique within the policy.
type: string
preconditions:
description: Conditions enabled variable-based conditional rule
execution.
description: Conditions enable variable-based conditional rule
execution. This is useful for finer control of when an rule
is applied. A condition can reference object data using JMESPath
notation.
items:
description: Condition defines variable-based conditional
criteria for rule execution.
Expand All @@ -445,7 +469,7 @@ spec:
type: object
type: array
validate:
description: Validation checks matching resources.
description: Validation is used to validate matching resources.
properties:
anyPattern:
description: AnyPattern specifies list of validation patterns.
Expand Down
76 changes: 50 additions & 26 deletions definitions/crds/kyverno.io_policies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ spec:
metadata:
type: object
spec:
description: Spec declares policy behaviors.
description: Spec defines policy behaviors and contains one or rules.
properties:
background:
description: Background controls if rules are applied to existing
Expand All @@ -55,13 +55,16 @@ spec:
name).
type: boolean
rules:
description: Rules is a list of Rule instances
description: Rules is a list of Rule instances. A Policy contains
multiple rules and each rule can validate, mutate, or generate resources.
items:
description: Rule defines a validation, mutation, or generation
control for matching resources.
control for matching resources. Each rules contains a match declaration
to select resources, and an optional exclude declaration to specify
which resources to exclude.
properties:
context:
description: Context defines data sources and variables that
description: Context defines variables and data sources that
can be used during rule execution.
items:
description: ContextEntry adds variables and data sources
Expand All @@ -80,8 +83,10 @@ spec:
type: object
type: array
exclude:
description: ExcludeResources selects resources to which the
policy rule should not be applied.
description: ExcludeResources defines when this policy rule
should not be applied. The exclude criteria can include resource
information (e.g. kind, name, namespace, labels) and admission
review request information like the name or role.
properties:
clusterRoles:
description: ClusterRoles is the list of cluster-wide role
Expand All @@ -96,10 +101,11 @@ spec:
annotations:
additionalProperties:
type: string
description: Annotations is a map of annotations (string
key-value pairs). Annotation values supports wildcard
characters "*" (matches zero or many characters) and
"?" (at least one character).
description: Annotations is a map of annotations (key-value
pairs of type string). Annotation keys and values
support the wildcard characters "*" (matches zero
or many characters) and "?" (matches at least one
character).
type: object
kinds:
description: Kinds is a list of resource kinds.
Expand All @@ -119,7 +125,13 @@ spec:
type: string
type: array
selector:
description: Selector is a label selector.
description: 'Selector is a label selector. Label keys
and values in `matchLabels` support the wildcard characters
`*` (matches zero or many characters) and `?` (matches
one character). Wildcards allows writing label selectors
like ["storage.k8s.io/*": "*"]. Note that using ["*"
: "*"] matches any key and value but does not match
an empty label set.'
properties:
matchExpressions:
description: matchExpressions is a list of label
Expand Down Expand Up @@ -209,7 +221,7 @@ spec:
type: array
type: object
generate:
description: Generation creates new resources.
description: Generation is used to create new resources.
properties:
apiVersion:
description: APIVersion specifies resource apiVersion.
Expand Down Expand Up @@ -247,8 +259,11 @@ spec:
type: boolean
type: object
match:
description: MatchResources selects resources to which the policy
rule should be applied. At least one kind is required.
description: MatchResources defines when this policy rule should
be applied. The match criteria can include resource information
(e.g. kind, name, namespace, labels) and admission review
request information like the user name or role. At least one
kind is required.
properties:
clusterRoles:
description: ClusterRoles is the list of cluster-wide role
Expand All @@ -263,10 +278,11 @@ spec:
annotations:
additionalProperties:
type: string
description: Annotations is a map of annotations (string
key-value pairs). Annotation values supports wildcard
characters "*" (matches zero or many characters) and
"?" (at least one character).
description: Annotations is a map of annotations (key-value
pairs of type string). Annotation keys and values
support the wildcard characters "*" (matches zero
or many characters) and "?" (matches at least one
character).
type: object
kinds:
description: Kinds is a list of resource kinds.
Expand All @@ -286,7 +302,13 @@ spec:
type: string
type: array
selector:
description: Selector is a label selector.
description: 'Selector is a label selector. Label keys
and values in `matchLabels` support the wildcard characters
`*` (matches zero or many characters) and `?` (matches
one character). Wildcards allows writing label selectors
like ["storage.k8s.io/*": "*"]. Note that using ["*"
: "*"] matches any key and value but does not match
an empty label set.'
properties:
matchExpressions:
description: matchExpressions is a list of label
Expand Down Expand Up @@ -376,7 +398,7 @@ spec:
type: array
type: object
mutate:
description: Mutation modifies matching resources.
description: Mutation is used to modify matching resources.
properties:
overlay:
description: Overlay specifies an overlay pattern to modify
Expand Down Expand Up @@ -416,12 +438,14 @@ spec:
type: string
type: object
name:
description: Name is a label to identify the rule, Must be unique
within the policy.
description: Name is a label to identify the rule, It must be
unique within the policy.
type: string
preconditions:
description: Conditions enabled variable-based conditional rule
execution.
description: Conditions enable variable-based conditional rule
execution. This is useful for finer control of when an rule
is applied. A condition can reference object data using JMESPath
notation.
items:
description: Condition defines variable-based conditional
criteria for rule execution.
Expand All @@ -446,7 +470,7 @@ spec:
type: object
type: array
validate:
description: Validation checks matching resources.
description: Validation is used to validate matching resources.
properties:
anyPattern:
description: AnyPattern specifies list of validation patterns.
Expand Down Expand Up @@ -502,7 +526,7 @@ spec:
type: string
type: object
status:
description: Status contains policy runtime data.
description: Status contains policy runtime information.
properties:
averageExecutionTime:
description: AvgExecutionTime is the average time taken to process
Expand Down
Loading

0 comments on commit 9cae63e

Please sign in to comment.