v1

package
v4.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 21, 2024 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuditAnnotation added in v4.11.0 

type AuditAnnotation struct {
	// key specifies the audit annotation key. The audit annotation keys of a ValidatingAdmissionPolicy must be unique. The key must be a qualified name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.
	//
	// The key is combined with the resource name of the ValidatingAdmissionPolicy to construct an audit annotation key: "{ValidatingAdmissionPolicy name}/{key}".
	//
	// If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy and the same audit annotation key, the annotation key will be identical. In this case, the first annotation written with the key will be included in the audit event and all subsequent annotations with the same key will be discarded.
	//
	// Required.
	Key string `pulumi:"key"`
	// valueExpression represents the expression which is evaluated by CEL to produce an audit annotation value. The expression must evaluate to either a string or null value. If the expression evaluates to a string, the audit annotation is included with the string value. If the expression evaluates to null or empty string the audit annotation will be omitted. The valueExpression may be no longer than 5kb in length. If the result of the valueExpression is more than 10kb in length, it will be truncated to 10kb.
	//
	// If multiple ValidatingAdmissionPolicyBinding resources match an API request, then the valueExpression will be evaluated for each binding. All unique values produced by the valueExpressions will be joined together in a comma-separated list.
	//
	// Required.
	ValueExpression string `pulumi:"valueExpression"`
}

AuditAnnotation describes how to produce an audit annotation for an API request.

type AuditAnnotationArgs added in v4.11.0 

type AuditAnnotationArgs struct {
	// key specifies the audit annotation key. The audit annotation keys of a ValidatingAdmissionPolicy must be unique. The key must be a qualified name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.
	//
	// The key is combined with the resource name of the ValidatingAdmissionPolicy to construct an audit annotation key: "{ValidatingAdmissionPolicy name}/{key}".
	//
	// If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy and the same audit annotation key, the annotation key will be identical. In this case, the first annotation written with the key will be included in the audit event and all subsequent annotations with the same key will be discarded.
	//
	// Required.
	Key pulumi.StringInput `pulumi:"key"`
	// valueExpression represents the expression which is evaluated by CEL to produce an audit annotation value. The expression must evaluate to either a string or null value. If the expression evaluates to a string, the audit annotation is included with the string value. If the expression evaluates to null or empty string the audit annotation will be omitted. The valueExpression may be no longer than 5kb in length. If the result of the valueExpression is more than 10kb in length, it will be truncated to 10kb.
	//
	// If multiple ValidatingAdmissionPolicyBinding resources match an API request, then the valueExpression will be evaluated for each binding. All unique values produced by the valueExpressions will be joined together in a comma-separated list.
	//
	// Required.
	ValueExpression pulumi.StringInput `pulumi:"valueExpression"`
}

AuditAnnotation describes how to produce an audit annotation for an API request.

func (AuditAnnotationArgs) ElementType added in v4.11.0 

func (AuditAnnotationArgs) ElementType() reflect.Type

func (AuditAnnotationArgs) ToAuditAnnotationOutput added in v4.11.0 

func (i AuditAnnotationArgs) ToAuditAnnotationOutput() AuditAnnotationOutput

func (AuditAnnotationArgs) ToAuditAnnotationOutputWithContext added in v4.11.0 

func (i AuditAnnotationArgs) ToAuditAnnotationOutputWithContext(ctx context.Context) AuditAnnotationOutput

type AuditAnnotationArray added in v4.11.0 

type AuditAnnotationArray []AuditAnnotationInput

func (AuditAnnotationArray) ElementType added in v4.11.0 

func (AuditAnnotationArray) ElementType() reflect.Type

func (AuditAnnotationArray) ToAuditAnnotationArrayOutput added in v4.11.0 

func (i AuditAnnotationArray) ToAuditAnnotationArrayOutput() AuditAnnotationArrayOutput

func (AuditAnnotationArray) ToAuditAnnotationArrayOutputWithContext added in v4.11.0 

func (i AuditAnnotationArray) ToAuditAnnotationArrayOutputWithContext(ctx context.Context) AuditAnnotationArrayOutput

type AuditAnnotationArrayInput added in v4.11.0 

type AuditAnnotationArrayInput interface {
	pulumi.Input

	ToAuditAnnotationArrayOutput() AuditAnnotationArrayOutput
	ToAuditAnnotationArrayOutputWithContext(context.Context) AuditAnnotationArrayOutput
}

AuditAnnotationArrayInput is an input type that accepts AuditAnnotationArray and AuditAnnotationArrayOutput values. You can construct a concrete instance of `AuditAnnotationArrayInput` via: 

AuditAnnotationArray{ AuditAnnotationArgs{...} }

type AuditAnnotationArrayOutput added in v4.11.0 

type AuditAnnotationArrayOutput struct{ *pulumi.OutputState }

func (AuditAnnotationArrayOutput) ElementType added in v4.11.0 

func (AuditAnnotationArrayOutput) ElementType() reflect.Type

func (AuditAnnotationArrayOutput) Index added in v4.11.0 

func (o AuditAnnotationArrayOutput) Index(i pulumi.IntInput) AuditAnnotationOutput

func (AuditAnnotationArrayOutput) ToAuditAnnotationArrayOutput added in v4.11.0 

func (o AuditAnnotationArrayOutput) ToAuditAnnotationArrayOutput() AuditAnnotationArrayOutput

func (AuditAnnotationArrayOutput) ToAuditAnnotationArrayOutputWithContext added in v4.11.0 

func (o AuditAnnotationArrayOutput) ToAuditAnnotationArrayOutputWithContext(ctx context.Context) AuditAnnotationArrayOutput

type AuditAnnotationInput added in v4.11.0 

type AuditAnnotationInput interface {
	pulumi.Input

	ToAuditAnnotationOutput() AuditAnnotationOutput
	ToAuditAnnotationOutputWithContext(context.Context) AuditAnnotationOutput
}

AuditAnnotationInput is an input type that accepts AuditAnnotationArgs and AuditAnnotationOutput values. You can construct a concrete instance of `AuditAnnotationInput` via: 

AuditAnnotationArgs{...}

type AuditAnnotationOutput added in v4.11.0 

type AuditAnnotationOutput struct{ *pulumi.OutputState }

AuditAnnotation describes how to produce an audit annotation for an API request.

func (AuditAnnotationOutput) ElementType added in v4.11.0 

func (AuditAnnotationOutput) ElementType() reflect.Type

func (AuditAnnotationOutput) Key added in v4.11.0 

func (o AuditAnnotationOutput) Key() pulumi.StringOutput

key specifies the audit annotation key. The audit annotation keys of a ValidatingAdmissionPolicy must be unique. The key must be a qualified name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.

The key is combined with the resource name of the ValidatingAdmissionPolicy to construct an audit annotation key: "{ValidatingAdmissionPolicy name}/{key}".

If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy and the same audit annotation key, the annotation key will be identical. In this case, the first annotation written with the key will be included in the audit event and all subsequent annotations with the same key will be discarded.

Required.

func (AuditAnnotationOutput) ToAuditAnnotationOutput added in v4.11.0 

func (o AuditAnnotationOutput) ToAuditAnnotationOutput() AuditAnnotationOutput

func (AuditAnnotationOutput) ToAuditAnnotationOutputWithContext added in v4.11.0 

func (o AuditAnnotationOutput) ToAuditAnnotationOutputWithContext(ctx context.Context) AuditAnnotationOutput

func (AuditAnnotationOutput) ValueExpression added in v4.11.0 

func (o AuditAnnotationOutput) ValueExpression() pulumi.StringOutput

valueExpression represents the expression which is evaluated by CEL to produce an audit annotation value. The expression must evaluate to either a string or null value. If the expression evaluates to a string, the audit annotation is included with the string value. If the expression evaluates to null or empty string the audit annotation will be omitted. The valueExpression may be no longer than 5kb in length. If the result of the valueExpression is more than 10kb in length, it will be truncated to 10kb.

If multiple ValidatingAdmissionPolicyBinding resources match an API request, then the valueExpression will be evaluated for each binding. All unique values produced by the valueExpressions will be joined together in a comma-separated list.

Required.

type AuditAnnotationPatch added in v4.11.0 

type AuditAnnotationPatch struct {
	// key specifies the audit annotation key. The audit annotation keys of a ValidatingAdmissionPolicy must be unique. The key must be a qualified name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.
	//
	// The key is combined with the resource name of the ValidatingAdmissionPolicy to construct an audit annotation key: "{ValidatingAdmissionPolicy name}/{key}".
	//
	// If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy and the same audit annotation key, the annotation key will be identical. In this case, the first annotation written with the key will be included in the audit event and all subsequent annotations with the same key will be discarded.
	//
	// Required.
	Key *string `pulumi:"key"`
	// valueExpression represents the expression which is evaluated by CEL to produce an audit annotation value. The expression must evaluate to either a string or null value. If the expression evaluates to a string, the audit annotation is included with the string value. If the expression evaluates to null or empty string the audit annotation will be omitted. The valueExpression may be no longer than 5kb in length. If the result of the valueExpression is more than 10kb in length, it will be truncated to 10kb.
	//
	// If multiple ValidatingAdmissionPolicyBinding resources match an API request, then the valueExpression will be evaluated for each binding. All unique values produced by the valueExpressions will be joined together in a comma-separated list.
	//
	// Required.
	ValueExpression *string `pulumi:"valueExpression"`
}

AuditAnnotation describes how to produce an audit annotation for an API request.

type AuditAnnotationPatchArgs added in v4.11.0 

type AuditAnnotationPatchArgs struct {
	// key specifies the audit annotation key. The audit annotation keys of a ValidatingAdmissionPolicy must be unique. The key must be a qualified name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.
	//
	// The key is combined with the resource name of the ValidatingAdmissionPolicy to construct an audit annotation key: "{ValidatingAdmissionPolicy name}/{key}".
	//
	// If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy and the same audit annotation key, the annotation key will be identical. In this case, the first annotation written with the key will be included in the audit event and all subsequent annotations with the same key will be discarded.
	//
	// Required.
	Key pulumi.StringPtrInput `pulumi:"key"`
	// valueExpression represents the expression which is evaluated by CEL to produce an audit annotation value. The expression must evaluate to either a string or null value. If the expression evaluates to a string, the audit annotation is included with the string value. If the expression evaluates to null or empty string the audit annotation will be omitted. The valueExpression may be no longer than 5kb in length. If the result of the valueExpression is more than 10kb in length, it will be truncated to 10kb.
	//
	// If multiple ValidatingAdmissionPolicyBinding resources match an API request, then the valueExpression will be evaluated for each binding. All unique values produced by the valueExpressions will be joined together in a comma-separated list.
	//
	// Required.
	ValueExpression pulumi.StringPtrInput `pulumi:"valueExpression"`
}

AuditAnnotation describes how to produce an audit annotation for an API request.

func (AuditAnnotationPatchArgs) ElementType added in v4.11.0 

func (AuditAnnotationPatchArgs) ElementType() reflect.Type

func (AuditAnnotationPatchArgs) ToAuditAnnotationPatchOutput added in v4.11.0 

func (i AuditAnnotationPatchArgs) ToAuditAnnotationPatchOutput() AuditAnnotationPatchOutput

func (AuditAnnotationPatchArgs) ToAuditAnnotationPatchOutputWithContext added in v4.11.0 

func (i AuditAnnotationPatchArgs) ToAuditAnnotationPatchOutputWithContext(ctx context.Context) AuditAnnotationPatchOutput

type AuditAnnotationPatchArray added in v4.11.0 

type AuditAnnotationPatchArray []AuditAnnotationPatchInput

func (AuditAnnotationPatchArray) ElementType added in v4.11.0 

func (AuditAnnotationPatchArray) ElementType() reflect.Type

func (AuditAnnotationPatchArray) ToAuditAnnotationPatchArrayOutput added in v4.11.0 

func (i AuditAnnotationPatchArray) ToAuditAnnotationPatchArrayOutput() AuditAnnotationPatchArrayOutput

func (AuditAnnotationPatchArray) ToAuditAnnotationPatchArrayOutputWithContext added in v4.11.0 

func (i AuditAnnotationPatchArray) ToAuditAnnotationPatchArrayOutputWithContext(ctx context.Context) AuditAnnotationPatchArrayOutput

type AuditAnnotationPatchArrayInput added in v4.11.0 

type AuditAnnotationPatchArrayInput interface {
	pulumi.Input

	ToAuditAnnotationPatchArrayOutput() AuditAnnotationPatchArrayOutput
	ToAuditAnnotationPatchArrayOutputWithContext(context.Context) AuditAnnotationPatchArrayOutput
}

AuditAnnotationPatchArrayInput is an input type that accepts AuditAnnotationPatchArray and AuditAnnotationPatchArrayOutput values. You can construct a concrete instance of `AuditAnnotationPatchArrayInput` via: 

AuditAnnotationPatchArray{ AuditAnnotationPatchArgs{...} }

type AuditAnnotationPatchArrayOutput added in v4.11.0 

type AuditAnnotationPatchArrayOutput struct{ *pulumi.OutputState }

func (AuditAnnotationPatchArrayOutput) ElementType added in v4.11.0 

func (AuditAnnotationPatchArrayOutput) ElementType() reflect.Type

func (AuditAnnotationPatchArrayOutput) Index added in v4.11.0 

func (o AuditAnnotationPatchArrayOutput) Index(i pulumi.IntInput) AuditAnnotationPatchOutput

func (AuditAnnotationPatchArrayOutput) ToAuditAnnotationPatchArrayOutput added in v4.11.0 

func (o AuditAnnotationPatchArrayOutput) ToAuditAnnotationPatchArrayOutput() AuditAnnotationPatchArrayOutput

func (AuditAnnotationPatchArrayOutput) ToAuditAnnotationPatchArrayOutputWithContext added in v4.11.0 

func (o AuditAnnotationPatchArrayOutput) ToAuditAnnotationPatchArrayOutputWithContext(ctx context.Context) AuditAnnotationPatchArrayOutput

type AuditAnnotationPatchInput added in v4.11.0 

type AuditAnnotationPatchInput interface {
	pulumi.Input

	ToAuditAnnotationPatchOutput() AuditAnnotationPatchOutput
	ToAuditAnnotationPatchOutputWithContext(context.Context) AuditAnnotationPatchOutput
}

AuditAnnotationPatchInput is an input type that accepts AuditAnnotationPatchArgs and AuditAnnotationPatchOutput values. You can construct a concrete instance of `AuditAnnotationPatchInput` via: 

AuditAnnotationPatchArgs{...}

type AuditAnnotationPatchOutput added in v4.11.0 

type AuditAnnotationPatchOutput struct{ *pulumi.OutputState }

AuditAnnotation describes how to produce an audit annotation for an API request.

func (AuditAnnotationPatchOutput) ElementType added in v4.11.0 

func (AuditAnnotationPatchOutput) ElementType() reflect.Type

func (AuditAnnotationPatchOutput) Key added in v4.11.0 

func (o AuditAnnotationPatchOutput) Key() pulumi.StringPtrOutput

key specifies the audit annotation key. The audit annotation keys of a ValidatingAdmissionPolicy must be unique. The key must be a qualified name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.

The key is combined with the resource name of the ValidatingAdmissionPolicy to construct an audit annotation key: "{ValidatingAdmissionPolicy name}/{key}".

If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy and the same audit annotation key, the annotation key will be identical. In this case, the first annotation written with the key will be included in the audit event and all subsequent annotations with the same key will be discarded.

Required.

func (AuditAnnotationPatchOutput) ToAuditAnnotationPatchOutput added in v4.11.0 

func (o AuditAnnotationPatchOutput) ToAuditAnnotationPatchOutput() AuditAnnotationPatchOutput

func (AuditAnnotationPatchOutput) ToAuditAnnotationPatchOutputWithContext added in v4.11.0 

func (o AuditAnnotationPatchOutput) ToAuditAnnotationPatchOutputWithContext(ctx context.Context) AuditAnnotationPatchOutput

func (AuditAnnotationPatchOutput) ValueExpression added in v4.11.0 

func (o AuditAnnotationPatchOutput) ValueExpression() pulumi.StringPtrOutput

valueExpression represents the expression which is evaluated by CEL to produce an audit annotation value. The expression must evaluate to either a string or null value. If the expression evaluates to a string, the audit annotation is included with the string value. If the expression evaluates to null or empty string the audit annotation will be omitted. The valueExpression may be no longer than 5kb in length. If the result of the valueExpression is more than 10kb in length, it will be truncated to 10kb.

If multiple ValidatingAdmissionPolicyBinding resources match an API request, then the valueExpression will be evaluated for each binding. All unique values produced by the valueExpressions will be joined together in a comma-separated list.

Required.

type ExpressionWarning added in v4.11.0 

type ExpressionWarning struct {
	// The path to the field that refers the expression. For example, the reference to the expression of the first item of validations is "spec.validations[0].expression"
	FieldRef string `pulumi:"fieldRef"`
	// The content of type checking information in a human-readable form. Each line of the warning contains the type that the expression is checked against, followed by the type check error from the compiler.
	Warning string `pulumi:"warning"`
}

ExpressionWarning is a warning information that targets a specific expression.

type ExpressionWarningArgs added in v4.11.0 

type ExpressionWarningArgs struct {
	// The path to the field that refers the expression. For example, the reference to the expression of the first item of validations is "spec.validations[0].expression"
	FieldRef pulumi.StringInput `pulumi:"fieldRef"`
	// The content of type checking information in a human-readable form. Each line of the warning contains the type that the expression is checked against, followed by the type check error from the compiler.
	Warning pulumi.StringInput `pulumi:"warning"`
}

ExpressionWarning is a warning information that targets a specific expression.

func (ExpressionWarningArgs) ElementType added in v4.11.0 

func (ExpressionWarningArgs) ElementType() reflect.Type

func (ExpressionWarningArgs) ToExpressionWarningOutput added in v4.11.0 

func (i ExpressionWarningArgs) ToExpressionWarningOutput() ExpressionWarningOutput

func (ExpressionWarningArgs) ToExpressionWarningOutputWithContext added in v4.11.0 

func (i ExpressionWarningArgs) ToExpressionWarningOutputWithContext(ctx context.Context) ExpressionWarningOutput

type ExpressionWarningArray added in v4.11.0 

type ExpressionWarningArray []ExpressionWarningInput

func (ExpressionWarningArray) ElementType added in v4.11.0 

func (ExpressionWarningArray) ElementType() reflect.Type

func (ExpressionWarningArray) ToExpressionWarningArrayOutput added in v4.11.0 

func (i ExpressionWarningArray) ToExpressionWarningArrayOutput() ExpressionWarningArrayOutput

func (ExpressionWarningArray) ToExpressionWarningArrayOutputWithContext added in v4.11.0 

func (i ExpressionWarningArray) ToExpressionWarningArrayOutputWithContext(ctx context.Context) ExpressionWarningArrayOutput

type ExpressionWarningArrayInput added in v4.11.0 

type ExpressionWarningArrayInput interface {
	pulumi.Input

	ToExpressionWarningArrayOutput() ExpressionWarningArrayOutput
	ToExpressionWarningArrayOutputWithContext(context.Context) ExpressionWarningArrayOutput
}

ExpressionWarningArrayInput is an input type that accepts ExpressionWarningArray and ExpressionWarningArrayOutput values. You can construct a concrete instance of `ExpressionWarningArrayInput` via: 

ExpressionWarningArray{ ExpressionWarningArgs{...} }

type ExpressionWarningArrayOutput added in v4.11.0 

type ExpressionWarningArrayOutput struct{ *pulumi.OutputState }

func (ExpressionWarningArrayOutput) ElementType added in v4.11.0 

func (ExpressionWarningArrayOutput) ElementType() reflect.Type

func (ExpressionWarningArrayOutput) Index added in v4.11.0 

func (o ExpressionWarningArrayOutput) Index(i pulumi.IntInput) ExpressionWarningOutput

func (ExpressionWarningArrayOutput) ToExpressionWarningArrayOutput added in v4.11.0 

func (o ExpressionWarningArrayOutput) ToExpressionWarningArrayOutput() ExpressionWarningArrayOutput

func (ExpressionWarningArrayOutput) ToExpressionWarningArrayOutputWithContext added in v4.11.0 

func (o ExpressionWarningArrayOutput) ToExpressionWarningArrayOutputWithContext(ctx context.Context) ExpressionWarningArrayOutput

type ExpressionWarningInput added in v4.11.0 

type ExpressionWarningInput interface {
	pulumi.Input

	ToExpressionWarningOutput() ExpressionWarningOutput
	ToExpressionWarningOutputWithContext(context.Context) ExpressionWarningOutput
}

ExpressionWarningInput is an input type that accepts ExpressionWarningArgs and ExpressionWarningOutput values. You can construct a concrete instance of `ExpressionWarningInput` via: 

ExpressionWarningArgs{...}

type ExpressionWarningOutput added in v4.11.0 

type ExpressionWarningOutput struct{ *pulumi.OutputState }

ExpressionWarning is a warning information that targets a specific expression.

func (ExpressionWarningOutput) ElementType added in v4.11.0 

func (ExpressionWarningOutput) ElementType() reflect.Type

func (ExpressionWarningOutput) FieldRef added in v4.11.0 

func (o ExpressionWarningOutput) FieldRef() pulumi.StringOutput

The path to the field that refers the expression. For example, the reference to the expression of the first item of validations is "spec.validations[0].expression"

func (ExpressionWarningOutput) ToExpressionWarningOutput added in v4.11.0 

func (o ExpressionWarningOutput) ToExpressionWarningOutput() ExpressionWarningOutput

func (ExpressionWarningOutput) ToExpressionWarningOutputWithContext added in v4.11.0 

func (o ExpressionWarningOutput) ToExpressionWarningOutputWithContext(ctx context.Context) ExpressionWarningOutput

func (ExpressionWarningOutput) Warning added in v4.11.0 

func (o ExpressionWarningOutput) Warning() pulumi.StringOutput

The content of type checking information in a human-readable form. Each line of the warning contains the type that the expression is checked against, followed by the type check error from the compiler.

type ExpressionWarningPatch added in v4.11.0 

type ExpressionWarningPatch struct {
	// The path to the field that refers the expression. For example, the reference to the expression of the first item of validations is "spec.validations[0].expression"
	FieldRef *string `pulumi:"fieldRef"`
	// The content of type checking information in a human-readable form. Each line of the warning contains the type that the expression is checked against, followed by the type check error from the compiler.
	Warning *string `pulumi:"warning"`
}

ExpressionWarning is a warning information that targets a specific expression.

type ExpressionWarningPatchArgs added in v4.11.0 

type ExpressionWarningPatchArgs struct {
	// The path to the field that refers the expression. For example, the reference to the expression of the first item of validations is "spec.validations[0].expression"
	FieldRef pulumi.StringPtrInput `pulumi:"fieldRef"`
	// The content of type checking information in a human-readable form. Each line of the warning contains the type that the expression is checked against, followed by the type check error from the compiler.
	Warning pulumi.StringPtrInput `pulumi:"warning"`
}

ExpressionWarning is a warning information that targets a specific expression.

func (ExpressionWarningPatchArgs) ElementType added in v4.11.0 

func (ExpressionWarningPatchArgs) ElementType() reflect.Type

func (ExpressionWarningPatchArgs) ToExpressionWarningPatchOutput added in v4.11.0 

func (i ExpressionWarningPatchArgs) ToExpressionWarningPatchOutput() ExpressionWarningPatchOutput

func (ExpressionWarningPatchArgs) ToExpressionWarningPatchOutputWithContext added in v4.11.0 

func (i ExpressionWarningPatchArgs) ToExpressionWarningPatchOutputWithContext(ctx context.Context) ExpressionWarningPatchOutput

type ExpressionWarningPatchArray added in v4.11.0 

type ExpressionWarningPatchArray []ExpressionWarningPatchInput

func (ExpressionWarningPatchArray) ElementType added in v4.11.0 

func (ExpressionWarningPatchArray) ElementType() reflect.Type

func (ExpressionWarningPatchArray) ToExpressionWarningPatchArrayOutput added in v4.11.0 

func (i ExpressionWarningPatchArray) ToExpressionWarningPatchArrayOutput() ExpressionWarningPatchArrayOutput

func (ExpressionWarningPatchArray) ToExpressionWarningPatchArrayOutputWithContext added in v4.11.0 

func (i ExpressionWarningPatchArray) ToExpressionWarningPatchArrayOutputWithContext(ctx context.Context) ExpressionWarningPatchArrayOutput

type ExpressionWarningPatchArrayInput added in v4.11.0 

type ExpressionWarningPatchArrayInput interface {
	pulumi.Input

	ToExpressionWarningPatchArrayOutput() ExpressionWarningPatchArrayOutput
	ToExpressionWarningPatchArrayOutputWithContext(context.Context) ExpressionWarningPatchArrayOutput
}

ExpressionWarningPatchArrayInput is an input type that accepts ExpressionWarningPatchArray and ExpressionWarningPatchArrayOutput values. You can construct a concrete instance of `ExpressionWarningPatchArrayInput` via: 

ExpressionWarningPatchArray{ ExpressionWarningPatchArgs{...} }

type ExpressionWarningPatchArrayOutput added in v4.11.0 

type ExpressionWarningPatchArrayOutput struct{ *pulumi.OutputState }

func (ExpressionWarningPatchArrayOutput) ElementType added in v4.11.0 

func (ExpressionWarningPatchArrayOutput) ElementType() reflect.Type

func (ExpressionWarningPatchArrayOutput) Index added in v4.11.0 

func (o ExpressionWarningPatchArrayOutput) Index(i pulumi.IntInput) ExpressionWarningPatchOutput

func (ExpressionWarningPatchArrayOutput) ToExpressionWarningPatchArrayOutput added in v4.11.0 

func (o ExpressionWarningPatchArrayOutput) ToExpressionWarningPatchArrayOutput() ExpressionWarningPatchArrayOutput

func (ExpressionWarningPatchArrayOutput) ToExpressionWarningPatchArrayOutputWithContext added in v4.11.0 

func (o ExpressionWarningPatchArrayOutput) ToExpressionWarningPatchArrayOutputWithContext(ctx context.Context) ExpressionWarningPatchArrayOutput

type ExpressionWarningPatchInput added in v4.11.0 

type ExpressionWarningPatchInput interface {
	pulumi.Input

	ToExpressionWarningPatchOutput() ExpressionWarningPatchOutput
	ToExpressionWarningPatchOutputWithContext(context.Context) ExpressionWarningPatchOutput
}

ExpressionWarningPatchInput is an input type that accepts ExpressionWarningPatchArgs and ExpressionWarningPatchOutput values. You can construct a concrete instance of `ExpressionWarningPatchInput` via: 

ExpressionWarningPatchArgs{...}

type ExpressionWarningPatchOutput added in v4.11.0 

type ExpressionWarningPatchOutput struct{ *pulumi.OutputState }

ExpressionWarning is a warning information that targets a specific expression.

func (ExpressionWarningPatchOutput) ElementType added in v4.11.0 

func (ExpressionWarningPatchOutput) ElementType() reflect.Type

func (ExpressionWarningPatchOutput) FieldRef added in v4.11.0 

func (o ExpressionWarningPatchOutput) FieldRef() pulumi.StringPtrOutput

The path to the field that refers the expression. For example, the reference to the expression of the first item of validations is "spec.validations[0].expression"

func (ExpressionWarningPatchOutput) ToExpressionWarningPatchOutput added in v4.11.0 

func (o ExpressionWarningPatchOutput) ToExpressionWarningPatchOutput() ExpressionWarningPatchOutput

func (ExpressionWarningPatchOutput) ToExpressionWarningPatchOutputWithContext added in v4.11.0 

func (o ExpressionWarningPatchOutput) ToExpressionWarningPatchOutputWithContext(ctx context.Context) ExpressionWarningPatchOutput

func (ExpressionWarningPatchOutput) Warning added in v4.11.0 

func (o ExpressionWarningPatchOutput) Warning() pulumi.StringPtrOutput

The content of type checking information in a human-readable form. Each line of the warning contains the type that the expression is checked against, followed by the type check error from the compiler.

type MatchCondition 

type MatchCondition struct {
	// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
	//
	// 'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
	// 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
	//   request resource.
	// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
	//
	// Required.
	Expression string `pulumi:"expression"`
	// Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName',  or 'my.name',  or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
	//
	// Required.
	Name string `pulumi:"name"`
}

MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.

type MatchConditionArgs 

type MatchConditionArgs struct {
	// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
	//
	// 'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
	// 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
	//   request resource.
	// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
	//
	// Required.
	Expression pulumi.StringInput `pulumi:"expression"`
	// Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName',  or 'my.name',  or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
	//
	// Required.
	Name pulumi.StringInput `pulumi:"name"`
}

MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.

func (MatchConditionArgs) ElementType 

func (MatchConditionArgs) ElementType() reflect.Type

func (MatchConditionArgs) ToMatchConditionOutput 

func (i MatchConditionArgs) ToMatchConditionOutput() MatchConditionOutput

func (MatchConditionArgs) ToMatchConditionOutputWithContext 

func (i MatchConditionArgs) ToMatchConditionOutputWithContext(ctx context.Context) MatchConditionOutput

type MatchConditionArray 

type MatchConditionArray []MatchConditionInput

func (MatchConditionArray) ElementType 

func (MatchConditionArray) ElementType() reflect.Type

func (MatchConditionArray) ToMatchConditionArrayOutput 

func (i MatchConditionArray) ToMatchConditionArrayOutput() MatchConditionArrayOutput

func (MatchConditionArray) ToMatchConditionArrayOutputWithContext 

func (i MatchConditionArray) ToMatchConditionArrayOutputWithContext(ctx context.Context) MatchConditionArrayOutput

type MatchConditionArrayInput 

type MatchConditionArrayInput interface {
	pulumi.Input

	ToMatchConditionArrayOutput() MatchConditionArrayOutput
	ToMatchConditionArrayOutputWithContext(context.Context) MatchConditionArrayOutput
}

MatchConditionArrayInput is an input type that accepts MatchConditionArray and MatchConditionArrayOutput values. You can construct a concrete instance of `MatchConditionArrayInput` via: 

MatchConditionArray{ MatchConditionArgs{...} }

type MatchConditionArrayOutput 

type MatchConditionArrayOutput struct{ *pulumi.OutputState }

func (MatchConditionArrayOutput) ElementType 

func (MatchConditionArrayOutput) ElementType() reflect.Type

func (MatchConditionArrayOutput) Index 

func (o MatchConditionArrayOutput) Index(i pulumi.IntInput) MatchConditionOutput

func (MatchConditionArrayOutput) ToMatchConditionArrayOutput 

func (o MatchConditionArrayOutput) ToMatchConditionArrayOutput() MatchConditionArrayOutput

func (MatchConditionArrayOutput) ToMatchConditionArrayOutputWithContext 

func (o MatchConditionArrayOutput) ToMatchConditionArrayOutputWithContext(ctx context.Context) MatchConditionArrayOutput

type MatchConditionInput 

type MatchConditionInput interface {
	pulumi.Input

	ToMatchConditionOutput() MatchConditionOutput
	ToMatchConditionOutputWithContext(context.Context) MatchConditionOutput
}

MatchConditionInput is an input type that accepts MatchConditionArgs and MatchConditionOutput values. You can construct a concrete instance of `MatchConditionInput` via: 

MatchConditionArgs{...}

type MatchConditionOutput 

type MatchConditionOutput struct{ *pulumi.OutputState }

MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.

func (MatchConditionOutput) ElementType 

func (MatchConditionOutput) ElementType() reflect.Type

func (MatchConditionOutput) Expression 

func (o MatchConditionOutput) Expression() pulumi.StringOutput

Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:

'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request. 

See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz

'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the 

request resource.

Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/

Required.

func (MatchConditionOutput) Name 

func (o MatchConditionOutput) Name() pulumi.StringOutput

Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')

Required.

func (MatchConditionOutput) ToMatchConditionOutput 

func (o MatchConditionOutput) ToMatchConditionOutput() MatchConditionOutput

func (MatchConditionOutput) ToMatchConditionOutputWithContext 

func (o MatchConditionOutput) ToMatchConditionOutputWithContext(ctx context.Context) MatchConditionOutput

type MatchConditionPatch 

type MatchConditionPatch struct {
	// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
	//
	// 'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
	// 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
	//   request resource.
	// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
	//
	// Required.
	Expression *string `pulumi:"expression"`
	// Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName',  or 'my.name',  or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
	//
	// Required.
	Name *string `pulumi:"name"`
}

MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.

type MatchConditionPatchArgs 

type MatchConditionPatchArgs struct {
	// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
	//
	// 'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
	// 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
	//   request resource.
	// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
	//
	// Required.
	Expression pulumi.StringPtrInput `pulumi:"expression"`
	// Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName',  or 'my.name',  or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
	//
	// Required.
	Name pulumi.StringPtrInput `pulumi:"name"`
}

MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.

func (MatchConditionPatchArgs) ElementType 

func (MatchConditionPatchArgs) ElementType() reflect.Type

func (MatchConditionPatchArgs) ToMatchConditionPatchOutput 

func (i MatchConditionPatchArgs) ToMatchConditionPatchOutput() MatchConditionPatchOutput

func (MatchConditionPatchArgs) ToMatchConditionPatchOutputWithContext 

func (i MatchConditionPatchArgs) ToMatchConditionPatchOutputWithContext(ctx context.Context) MatchConditionPatchOutput

type MatchConditionPatchArray 

type MatchConditionPatchArray []MatchConditionPatchInput

func (MatchConditionPatchArray) ElementType 

func (MatchConditionPatchArray) ElementType() reflect.Type

func (MatchConditionPatchArray) ToMatchConditionPatchArrayOutput 

func (i MatchConditionPatchArray) ToMatchConditionPatchArrayOutput() MatchConditionPatchArrayOutput

func (MatchConditionPatchArray) ToMatchConditionPatchArrayOutputWithContext 

func (i MatchConditionPatchArray) ToMatchConditionPatchArrayOutputWithContext(ctx context.Context) MatchConditionPatchArrayOutput

type MatchConditionPatchArrayInput 

type MatchConditionPatchArrayInput interface {
	pulumi.Input

	ToMatchConditionPatchArrayOutput() MatchConditionPatchArrayOutput
	ToMatchConditionPatchArrayOutputWithContext(context.Context) MatchConditionPatchArrayOutput
}

MatchConditionPatchArrayInput is an input type that accepts MatchConditionPatchArray and MatchConditionPatchArrayOutput values. You can construct a concrete instance of `MatchConditionPatchArrayInput` via: 

MatchConditionPatchArray{ MatchConditionPatchArgs{...} }

type MatchConditionPatchArrayOutput 

type MatchConditionPatchArrayOutput struct{ *pulumi.OutputState }

func (MatchConditionPatchArrayOutput) ElementType 

func (MatchConditionPatchArrayOutput) ElementType() reflect.Type

func (MatchConditionPatchArrayOutput) Index 

func (o MatchConditionPatchArrayOutput) Index(i pulumi.IntInput) MatchConditionPatchOutput

func (MatchConditionPatchArrayOutput) ToMatchConditionPatchArrayOutput 

func (o MatchConditionPatchArrayOutput) ToMatchConditionPatchArrayOutput() MatchConditionPatchArrayOutput

func (MatchConditionPatchArrayOutput) ToMatchConditionPatchArrayOutputWithContext 

func (o MatchConditionPatchArrayOutput) ToMatchConditionPatchArrayOutputWithContext(ctx context.Context) MatchConditionPatchArrayOutput

type MatchConditionPatchInput 

type MatchConditionPatchInput interface {
	pulumi.Input

	ToMatchConditionPatchOutput() MatchConditionPatchOutput
	ToMatchConditionPatchOutputWithContext(context.Context) MatchConditionPatchOutput
}

MatchConditionPatchInput is an input type that accepts MatchConditionPatchArgs and MatchConditionPatchOutput values. You can construct a concrete instance of `MatchConditionPatchInput` via: 

MatchConditionPatchArgs{...}

type MatchConditionPatchOutput 

type MatchConditionPatchOutput struct{ *pulumi.OutputState }

MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.

func (MatchConditionPatchOutput) ElementType 

func (MatchConditionPatchOutput) ElementType() reflect.Type

func (MatchConditionPatchOutput) Expression 

func (o MatchConditionPatchOutput) Expression() pulumi.StringPtrOutput

Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:

'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request. 

See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz

'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the 

request resource.

Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/

Required.

func (MatchConditionPatchOutput) Name 

func (o MatchConditionPatchOutput) Name() pulumi.StringPtrOutput

Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')

Required.

func (MatchConditionPatchOutput) ToMatchConditionPatchOutput 

func (o MatchConditionPatchOutput) ToMatchConditionPatchOutput() MatchConditionPatchOutput

func (MatchConditionPatchOutput) ToMatchConditionPatchOutputWithContext 

func (o MatchConditionPatchOutput) ToMatchConditionPatchOutputWithContext(ctx context.Context) MatchConditionPatchOutput

type MatchResources added in v4.11.0 

type MatchResources struct {
	// ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
	ExcludeResourceRules []NamedRuleWithOperations `pulumi:"excludeResourceRules"`
	// matchPolicy defines how the "MatchResources" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.
	//
	// Defaults to "Equivalent"
	MatchPolicy *string `pulumi:"matchPolicy"`
	// NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the policy on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector *metav1.LabelSelector `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector *metav1.LabelSelector `pulumi:"objectSelector"`
	// ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.
	ResourceRules []NamedRuleWithOperations `pulumi:"resourceRules"`
}

MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)

type MatchResourcesArgs added in v4.11.0 

type MatchResourcesArgs struct {
	// ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
	ExcludeResourceRules NamedRuleWithOperationsArrayInput `pulumi:"excludeResourceRules"`
	// matchPolicy defines how the "MatchResources" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.
	//
	// Defaults to "Equivalent"
	MatchPolicy pulumi.StringPtrInput `pulumi:"matchPolicy"`
	// NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the policy on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector metav1.LabelSelectorPtrInput `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector metav1.LabelSelectorPtrInput `pulumi:"objectSelector"`
	// ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.
	ResourceRules NamedRuleWithOperationsArrayInput `pulumi:"resourceRules"`
}

MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)

func (MatchResourcesArgs) ElementType added in v4.11.0 

func (MatchResourcesArgs) ElementType() reflect.Type

func (MatchResourcesArgs) ToMatchResourcesOutput added in v4.11.0 

func (i MatchResourcesArgs) ToMatchResourcesOutput() MatchResourcesOutput

func (MatchResourcesArgs) ToMatchResourcesOutputWithContext added in v4.11.0 

func (i MatchResourcesArgs) ToMatchResourcesOutputWithContext(ctx context.Context) MatchResourcesOutput

func (MatchResourcesArgs) ToMatchResourcesPtrOutput added in v4.11.0 

func (i MatchResourcesArgs) ToMatchResourcesPtrOutput() MatchResourcesPtrOutput

func (MatchResourcesArgs) ToMatchResourcesPtrOutputWithContext added in v4.11.0 

func (i MatchResourcesArgs) ToMatchResourcesPtrOutputWithContext(ctx context.Context) MatchResourcesPtrOutput

type MatchResourcesInput added in v4.11.0 

type MatchResourcesInput interface {
	pulumi.Input

	ToMatchResourcesOutput() MatchResourcesOutput
	ToMatchResourcesOutputWithContext(context.Context) MatchResourcesOutput
}

MatchResourcesInput is an input type that accepts MatchResourcesArgs and MatchResourcesOutput values. You can construct a concrete instance of `MatchResourcesInput` via: 

MatchResourcesArgs{...}

type MatchResourcesOutput added in v4.11.0 

type MatchResourcesOutput struct{ *pulumi.OutputState }

MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)

func (MatchResourcesOutput) ElementType added in v4.11.0 

func (MatchResourcesOutput) ElementType() reflect.Type

func (MatchResourcesOutput) ExcludeResourceRules added in v4.11.0 

func (o MatchResourcesOutput) ExcludeResourceRules() NamedRuleWithOperationsArrayOutput

ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)

func (MatchResourcesOutput) MatchPolicy added in v4.11.0 

func (o MatchResourcesOutput) MatchPolicy() pulumi.StringPtrOutput

matchPolicy defines how the "MatchResources" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.

- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.

Defaults to "Equivalent"

func (MatchResourcesOutput) NamespaceSelector added in v4.11.0 

func (o MatchResourcesOutput) NamespaceSelector() metav1.LabelSelectorPtrOutput

NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy. 

For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "runlevel",
      "operator": "NotIn",
      "values": [
        "0",
        "1"
      ]
    }
  ]
}

If instead you want to only run the policy on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "environment",
      "operator": "In",
      "values": [
        "prod",
        "staging"
      ]
    }
  ]
}

See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

func (MatchResourcesOutput) ObjectSelector added in v4.11.0 

func (o MatchResourcesOutput) ObjectSelector() metav1.LabelSelectorPtrOutput

ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.

func (MatchResourcesOutput) ResourceRules added in v4.11.0 

func (o MatchResourcesOutput) ResourceRules() NamedRuleWithOperationsArrayOutput

ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.

func (MatchResourcesOutput) ToMatchResourcesOutput added in v4.11.0 

func (o MatchResourcesOutput) ToMatchResourcesOutput() MatchResourcesOutput

func (MatchResourcesOutput) ToMatchResourcesOutputWithContext added in v4.11.0 

func (o MatchResourcesOutput) ToMatchResourcesOutputWithContext(ctx context.Context) MatchResourcesOutput

func (MatchResourcesOutput) ToMatchResourcesPtrOutput added in v4.11.0 

func (o MatchResourcesOutput) ToMatchResourcesPtrOutput() MatchResourcesPtrOutput

func (MatchResourcesOutput) ToMatchResourcesPtrOutputWithContext added in v4.11.0 

func (o MatchResourcesOutput) ToMatchResourcesPtrOutputWithContext(ctx context.Context) MatchResourcesPtrOutput

type MatchResourcesPatch added in v4.11.0 

type MatchResourcesPatch struct {
	// ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
	ExcludeResourceRules []NamedRuleWithOperationsPatch `pulumi:"excludeResourceRules"`
	// matchPolicy defines how the "MatchResources" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.
	//
	// Defaults to "Equivalent"
	MatchPolicy *string `pulumi:"matchPolicy"`
	// NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the policy on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector *metav1.LabelSelectorPatch `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector *metav1.LabelSelectorPatch `pulumi:"objectSelector"`
	// ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.
	ResourceRules []NamedRuleWithOperationsPatch `pulumi:"resourceRules"`
}

MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)

type MatchResourcesPatchArgs added in v4.11.0 

type MatchResourcesPatchArgs struct {
	// ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
	ExcludeResourceRules NamedRuleWithOperationsPatchArrayInput `pulumi:"excludeResourceRules"`
	// matchPolicy defines how the "MatchResources" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.
	//
	// Defaults to "Equivalent"
	MatchPolicy pulumi.StringPtrInput `pulumi:"matchPolicy"`
	// NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the policy on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector metav1.LabelSelectorPatchPtrInput `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector metav1.LabelSelectorPatchPtrInput `pulumi:"objectSelector"`
	// ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.
	ResourceRules NamedRuleWithOperationsPatchArrayInput `pulumi:"resourceRules"`
}

MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)

func (MatchResourcesPatchArgs) ElementType added in v4.11.0 

func (MatchResourcesPatchArgs) ElementType() reflect.Type

func (MatchResourcesPatchArgs) ToMatchResourcesPatchOutput added in v4.11.0 

func (i MatchResourcesPatchArgs) ToMatchResourcesPatchOutput() MatchResourcesPatchOutput

func (MatchResourcesPatchArgs) ToMatchResourcesPatchOutputWithContext added in v4.11.0 

func (i MatchResourcesPatchArgs) ToMatchResourcesPatchOutputWithContext(ctx context.Context) MatchResourcesPatchOutput

func (MatchResourcesPatchArgs) ToMatchResourcesPatchPtrOutput added in v4.11.0 

func (i MatchResourcesPatchArgs) ToMatchResourcesPatchPtrOutput() MatchResourcesPatchPtrOutput

func (MatchResourcesPatchArgs) ToMatchResourcesPatchPtrOutputWithContext added in v4.11.0 

func (i MatchResourcesPatchArgs) ToMatchResourcesPatchPtrOutputWithContext(ctx context.Context) MatchResourcesPatchPtrOutput

type MatchResourcesPatchInput added in v4.11.0 

type MatchResourcesPatchInput interface {
	pulumi.Input

	ToMatchResourcesPatchOutput() MatchResourcesPatchOutput
	ToMatchResourcesPatchOutputWithContext(context.Context) MatchResourcesPatchOutput
}

MatchResourcesPatchInput is an input type that accepts MatchResourcesPatchArgs and MatchResourcesPatchOutput values. You can construct a concrete instance of `MatchResourcesPatchInput` via: 

MatchResourcesPatchArgs{...}

type MatchResourcesPatchOutput added in v4.11.0 

type MatchResourcesPatchOutput struct{ *pulumi.OutputState }

MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)

func (MatchResourcesPatchOutput) ElementType added in v4.11.0 

func (MatchResourcesPatchOutput) ElementType() reflect.Type

func (MatchResourcesPatchOutput) ExcludeResourceRules added in v4.11.0 

func (o MatchResourcesPatchOutput) ExcludeResourceRules() NamedRuleWithOperationsPatchArrayOutput

ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)

func (MatchResourcesPatchOutput) MatchPolicy added in v4.11.0 

func (o MatchResourcesPatchOutput) MatchPolicy() pulumi.StringPtrOutput

matchPolicy defines how the "MatchResources" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.

- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.

Defaults to "Equivalent"

func (MatchResourcesPatchOutput) NamespaceSelector added in v4.11.0 

func (o MatchResourcesPatchOutput) NamespaceSelector() metav1.LabelSelectorPatchPtrOutput

NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy. 

For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "runlevel",
      "operator": "NotIn",
      "values": [
        "0",
        "1"
      ]
    }
  ]
}

If instead you want to only run the policy on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "environment",
      "operator": "In",
      "values": [
        "prod",
        "staging"
      ]
    }
  ]
}

See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

func (MatchResourcesPatchOutput) ObjectSelector added in v4.11.0 

func (o MatchResourcesPatchOutput) ObjectSelector() metav1.LabelSelectorPatchPtrOutput

ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.

func (MatchResourcesPatchOutput) ResourceRules added in v4.11.0 

func (o MatchResourcesPatchOutput) ResourceRules() NamedRuleWithOperationsPatchArrayOutput

ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.

func (MatchResourcesPatchOutput) ToMatchResourcesPatchOutput added in v4.11.0 

func (o MatchResourcesPatchOutput) ToMatchResourcesPatchOutput() MatchResourcesPatchOutput

func (MatchResourcesPatchOutput) ToMatchResourcesPatchOutputWithContext added in v4.11.0 

func (o MatchResourcesPatchOutput) ToMatchResourcesPatchOutputWithContext(ctx context.Context) MatchResourcesPatchOutput

func (MatchResourcesPatchOutput) ToMatchResourcesPatchPtrOutput added in v4.11.0 

func (o MatchResourcesPatchOutput) ToMatchResourcesPatchPtrOutput() MatchResourcesPatchPtrOutput

func (MatchResourcesPatchOutput) ToMatchResourcesPatchPtrOutputWithContext added in v4.11.0 

func (o MatchResourcesPatchOutput) ToMatchResourcesPatchPtrOutputWithContext(ctx context.Context) MatchResourcesPatchPtrOutput

type MatchResourcesPatchPtrInput added in v4.11.0 

type MatchResourcesPatchPtrInput interface {
	pulumi.Input

	ToMatchResourcesPatchPtrOutput() MatchResourcesPatchPtrOutput
	ToMatchResourcesPatchPtrOutputWithContext(context.Context) MatchResourcesPatchPtrOutput
}

MatchResourcesPatchPtrInput is an input type that accepts MatchResourcesPatchArgs, MatchResourcesPatchPtr and MatchResourcesPatchPtrOutput values. You can construct a concrete instance of `MatchResourcesPatchPtrInput` via: 

        MatchResourcesPatchArgs{...}

or:

        nil

func MatchResourcesPatchPtr added in v4.11.0 

func MatchResourcesPatchPtr(v *MatchResourcesPatchArgs) MatchResourcesPatchPtrInput

type MatchResourcesPatchPtrOutput added in v4.11.0 

type MatchResourcesPatchPtrOutput struct{ *pulumi.OutputState }

func (MatchResourcesPatchPtrOutput) Elem added in v4.11.0 

func (o MatchResourcesPatchPtrOutput) Elem() MatchResourcesPatchOutput

func (MatchResourcesPatchPtrOutput) ElementType added in v4.11.0 

func (MatchResourcesPatchPtrOutput) ElementType() reflect.Type

func (MatchResourcesPatchPtrOutput) ExcludeResourceRules added in v4.11.0 

func (o MatchResourcesPatchPtrOutput) ExcludeResourceRules() NamedRuleWithOperationsPatchArrayOutput

ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)

func (MatchResourcesPatchPtrOutput) MatchPolicy added in v4.11.0 

func (o MatchResourcesPatchPtrOutput) MatchPolicy() pulumi.StringPtrOutput

matchPolicy defines how the "MatchResources" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.

- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.

Defaults to "Equivalent"

func (MatchResourcesPatchPtrOutput) NamespaceSelector added in v4.11.0 

func (o MatchResourcesPatchPtrOutput) NamespaceSelector() metav1.LabelSelectorPatchPtrOutput

NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy. 

For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "runlevel",
      "operator": "NotIn",
      "values": [
        "0",
        "1"
      ]
    }
  ]
}

If instead you want to only run the policy on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "environment",
      "operator": "In",
      "values": [
        "prod",
        "staging"
      ]
    }
  ]
}

See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

func (MatchResourcesPatchPtrOutput) ObjectSelector added in v4.11.0 

func (o MatchResourcesPatchPtrOutput) ObjectSelector() metav1.LabelSelectorPatchPtrOutput

ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.

func (MatchResourcesPatchPtrOutput) ResourceRules added in v4.11.0 

func (o MatchResourcesPatchPtrOutput) ResourceRules() NamedRuleWithOperationsPatchArrayOutput

ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.

func (MatchResourcesPatchPtrOutput) ToMatchResourcesPatchPtrOutput added in v4.11.0 

func (o MatchResourcesPatchPtrOutput) ToMatchResourcesPatchPtrOutput() MatchResourcesPatchPtrOutput

func (MatchResourcesPatchPtrOutput) ToMatchResourcesPatchPtrOutputWithContext added in v4.11.0 

func (o MatchResourcesPatchPtrOutput) ToMatchResourcesPatchPtrOutputWithContext(ctx context.Context) MatchResourcesPatchPtrOutput

type MatchResourcesPtrInput added in v4.11.0 

type MatchResourcesPtrInput interface {
	pulumi.Input

	ToMatchResourcesPtrOutput() MatchResourcesPtrOutput
	ToMatchResourcesPtrOutputWithContext(context.Context) MatchResourcesPtrOutput
}

MatchResourcesPtrInput is an input type that accepts MatchResourcesArgs, MatchResourcesPtr and MatchResourcesPtrOutput values. You can construct a concrete instance of `MatchResourcesPtrInput` via: 

        MatchResourcesArgs{...}

or:

        nil

func MatchResourcesPtr added in v4.11.0 

func MatchResourcesPtr(v *MatchResourcesArgs) MatchResourcesPtrInput

type MatchResourcesPtrOutput added in v4.11.0 

type MatchResourcesPtrOutput struct{ *pulumi.OutputState }

func (MatchResourcesPtrOutput) Elem added in v4.11.0 

func (o MatchResourcesPtrOutput) Elem() MatchResourcesOutput

func (MatchResourcesPtrOutput) ElementType added in v4.11.0 

func (MatchResourcesPtrOutput) ElementType() reflect.Type

func (MatchResourcesPtrOutput) ExcludeResourceRules added in v4.11.0 

func (o MatchResourcesPtrOutput) ExcludeResourceRules() NamedRuleWithOperationsArrayOutput

ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)

func (MatchResourcesPtrOutput) MatchPolicy added in v4.11.0 

func (o MatchResourcesPtrOutput) MatchPolicy() pulumi.StringPtrOutput

matchPolicy defines how the "MatchResources" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.

- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.

Defaults to "Equivalent"

func (MatchResourcesPtrOutput) NamespaceSelector added in v4.11.0 

func (o MatchResourcesPtrOutput) NamespaceSelector() metav1.LabelSelectorPtrOutput

NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy. 

For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "runlevel",
      "operator": "NotIn",
      "values": [
        "0",
        "1"
      ]
    }
  ]
}

If instead you want to only run the policy on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "environment",
      "operator": "In",
      "values": [
        "prod",
        "staging"
      ]
    }
  ]
}

See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

func (MatchResourcesPtrOutput) ObjectSelector added in v4.11.0 

func (o MatchResourcesPtrOutput) ObjectSelector() metav1.LabelSelectorPtrOutput

ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.

func (MatchResourcesPtrOutput) ResourceRules added in v4.11.0 

func (o MatchResourcesPtrOutput) ResourceRules() NamedRuleWithOperationsArrayOutput

ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.

func (MatchResourcesPtrOutput) ToMatchResourcesPtrOutput added in v4.11.0 

func (o MatchResourcesPtrOutput) ToMatchResourcesPtrOutput() MatchResourcesPtrOutput

func (MatchResourcesPtrOutput) ToMatchResourcesPtrOutputWithContext added in v4.11.0 

func (o MatchResourcesPtrOutput) ToMatchResourcesPtrOutputWithContext(ctx context.Context) MatchResourcesPtrOutput

type MutatingWebhook 

type MutatingWebhook struct {
	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
	AdmissionReviewVersions []string `pulumi:"admissionReviewVersions"`
	// ClientConfig defines how to communicate with the hook. Required
	ClientConfig WebhookClientConfig `pulumi:"clientConfig"`
	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy *string `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
	MatchConditions []MatchCondition `pulumi:"matchConditions"`
	// matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
	//
	// Defaults to "Equivalent"
	MatchPolicy *string `pulumi:"matchPolicy"`
	// The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
	Name string `pulumi:"name"`
	// NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector *metav1.LabelSelector `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector *metav1.LabelSelector `pulumi:"objectSelector"`
	// reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded".
	//
	// Never: the webhook will not be called more than once in a single admission evaluation.
	//
	// IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.
	//
	// Defaults to "Never".
	ReinvocationPolicy *string `pulumi:"reinvocationPolicy"`
	// Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
	Rules []RuleWithOperations `pulumi:"rules"`
	// SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
	SideEffects string `pulumi:"sideEffects"`
	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
	TimeoutSeconds *int `pulumi:"timeoutSeconds"`
}

MutatingWebhook describes an admission webhook and the resources and operations it applies to.

type MutatingWebhookArgs 

type MutatingWebhookArgs struct {
	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
	AdmissionReviewVersions pulumi.StringArrayInput `pulumi:"admissionReviewVersions"`
	// ClientConfig defines how to communicate with the hook. Required
	ClientConfig WebhookClientConfigInput `pulumi:"clientConfig"`
	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy pulumi.StringPtrInput `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
	MatchConditions MatchConditionArrayInput `pulumi:"matchConditions"`
	// matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
	//
	// Defaults to "Equivalent"
	MatchPolicy pulumi.StringPtrInput `pulumi:"matchPolicy"`
	// The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
	Name pulumi.StringInput `pulumi:"name"`
	// NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector metav1.LabelSelectorPtrInput `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector metav1.LabelSelectorPtrInput `pulumi:"objectSelector"`
	// reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded".
	//
	// Never: the webhook will not be called more than once in a single admission evaluation.
	//
	// IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.
	//
	// Defaults to "Never".
	ReinvocationPolicy pulumi.StringPtrInput `pulumi:"reinvocationPolicy"`
	// Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
	Rules RuleWithOperationsArrayInput `pulumi:"rules"`
	// SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
	SideEffects pulumi.StringInput `pulumi:"sideEffects"`
	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
	TimeoutSeconds pulumi.IntPtrInput `pulumi:"timeoutSeconds"`
}

MutatingWebhook describes an admission webhook and the resources and operations it applies to.

func (MutatingWebhookArgs) ElementType 

func (MutatingWebhookArgs) ElementType() reflect.Type

func (MutatingWebhookArgs) ToMutatingWebhookOutput 

func (i MutatingWebhookArgs) ToMutatingWebhookOutput() MutatingWebhookOutput

func (MutatingWebhookArgs) ToMutatingWebhookOutputWithContext 

func (i MutatingWebhookArgs) ToMutatingWebhookOutputWithContext(ctx context.Context) MutatingWebhookOutput

type MutatingWebhookArray 

type MutatingWebhookArray []MutatingWebhookInput

func (MutatingWebhookArray) ElementType 

func (MutatingWebhookArray) ElementType() reflect.Type

func (MutatingWebhookArray) ToMutatingWebhookArrayOutput 

func (i MutatingWebhookArray) ToMutatingWebhookArrayOutput() MutatingWebhookArrayOutput

func (MutatingWebhookArray) ToMutatingWebhookArrayOutputWithContext 

func (i MutatingWebhookArray) ToMutatingWebhookArrayOutputWithContext(ctx context.Context) MutatingWebhookArrayOutput

type MutatingWebhookArrayInput 

type MutatingWebhookArrayInput interface {
	pulumi.Input

	ToMutatingWebhookArrayOutput() MutatingWebhookArrayOutput
	ToMutatingWebhookArrayOutputWithContext(context.Context) MutatingWebhookArrayOutput
}

MutatingWebhookArrayInput is an input type that accepts MutatingWebhookArray and MutatingWebhookArrayOutput values. You can construct a concrete instance of `MutatingWebhookArrayInput` via: 

MutatingWebhookArray{ MutatingWebhookArgs{...} }

type MutatingWebhookArrayOutput 

type MutatingWebhookArrayOutput struct{ *pulumi.OutputState }

func (MutatingWebhookArrayOutput) ElementType 

func (MutatingWebhookArrayOutput) ElementType() reflect.Type

func (MutatingWebhookArrayOutput) Index 

func (o MutatingWebhookArrayOutput) Index(i pulumi.IntInput) MutatingWebhookOutput

func (MutatingWebhookArrayOutput) ToMutatingWebhookArrayOutput 

func (o MutatingWebhookArrayOutput) ToMutatingWebhookArrayOutput() MutatingWebhookArrayOutput

func (MutatingWebhookArrayOutput) ToMutatingWebhookArrayOutputWithContext 

func (o MutatingWebhookArrayOutput) ToMutatingWebhookArrayOutputWithContext(ctx context.Context) MutatingWebhookArrayOutput

type MutatingWebhookConfiguration 

type MutatingWebhookConfiguration struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringOutput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringOutput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaOutput `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks MutatingWebhookArrayOutput `pulumi:"webhooks"`
}

MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.

func GetMutatingWebhookConfiguration 

func GetMutatingWebhookConfiguration(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *MutatingWebhookConfigurationState, opts ...pulumi.ResourceOption) (*MutatingWebhookConfiguration, error)

GetMutatingWebhookConfiguration gets an existing MutatingWebhookConfiguration resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewMutatingWebhookConfiguration 

func NewMutatingWebhookConfiguration(ctx *pulumi.Context,
	name string, args *MutatingWebhookConfigurationArgs, opts ...pulumi.ResourceOption) (*MutatingWebhookConfiguration, error)

NewMutatingWebhookConfiguration registers a new resource with the given unique name, arguments, and options.

func (*MutatingWebhookConfiguration) ElementType 

func (*MutatingWebhookConfiguration) ElementType() reflect.Type

func (*MutatingWebhookConfiguration) ToMutatingWebhookConfigurationOutput 

func (i *MutatingWebhookConfiguration) ToMutatingWebhookConfigurationOutput() MutatingWebhookConfigurationOutput

func (*MutatingWebhookConfiguration) ToMutatingWebhookConfigurationOutputWithContext 

func (i *MutatingWebhookConfiguration) ToMutatingWebhookConfigurationOutputWithContext(ctx context.Context) MutatingWebhookConfigurationOutput

type MutatingWebhookConfigurationArgs 

type MutatingWebhookConfigurationArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPtrInput
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks MutatingWebhookArrayInput
}

The set of arguments for constructing a MutatingWebhookConfiguration resource.

func (MutatingWebhookConfigurationArgs) ElementType 

func (MutatingWebhookConfigurationArgs) ElementType() reflect.Type

type MutatingWebhookConfigurationArray 

type MutatingWebhookConfigurationArray []MutatingWebhookConfigurationInput

func (MutatingWebhookConfigurationArray) ElementType 

func (MutatingWebhookConfigurationArray) ElementType() reflect.Type

func (MutatingWebhookConfigurationArray) ToMutatingWebhookConfigurationArrayOutput 

func (i MutatingWebhookConfigurationArray) ToMutatingWebhookConfigurationArrayOutput() MutatingWebhookConfigurationArrayOutput

func (MutatingWebhookConfigurationArray) ToMutatingWebhookConfigurationArrayOutputWithContext 

func (i MutatingWebhookConfigurationArray) ToMutatingWebhookConfigurationArrayOutputWithContext(ctx context.Context) MutatingWebhookConfigurationArrayOutput

type MutatingWebhookConfigurationArrayInput 

type MutatingWebhookConfigurationArrayInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationArrayOutput() MutatingWebhookConfigurationArrayOutput
	ToMutatingWebhookConfigurationArrayOutputWithContext(context.Context) MutatingWebhookConfigurationArrayOutput
}

MutatingWebhookConfigurationArrayInput is an input type that accepts MutatingWebhookConfigurationArray and MutatingWebhookConfigurationArrayOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationArrayInput` via: 

MutatingWebhookConfigurationArray{ MutatingWebhookConfigurationArgs{...} }

type MutatingWebhookConfigurationArrayOutput 

type MutatingWebhookConfigurationArrayOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationArrayOutput) ElementType 

func (MutatingWebhookConfigurationArrayOutput) ElementType() reflect.Type

func (MutatingWebhookConfigurationArrayOutput) Index 

func (o MutatingWebhookConfigurationArrayOutput) Index(i pulumi.IntInput) MutatingWebhookConfigurationOutput

func (MutatingWebhookConfigurationArrayOutput) ToMutatingWebhookConfigurationArrayOutput 

func (o MutatingWebhookConfigurationArrayOutput) ToMutatingWebhookConfigurationArrayOutput() MutatingWebhookConfigurationArrayOutput

func (MutatingWebhookConfigurationArrayOutput) ToMutatingWebhookConfigurationArrayOutputWithContext 

func (o MutatingWebhookConfigurationArrayOutput) ToMutatingWebhookConfigurationArrayOutputWithContext(ctx context.Context) MutatingWebhookConfigurationArrayOutput

type MutatingWebhookConfigurationInput 

type MutatingWebhookConfigurationInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationOutput() MutatingWebhookConfigurationOutput
	ToMutatingWebhookConfigurationOutputWithContext(ctx context.Context) MutatingWebhookConfigurationOutput
}

type MutatingWebhookConfigurationList 

type MutatingWebhookConfigurationList struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringOutput `pulumi:"apiVersion"`
	// List of MutatingWebhookConfiguration.
	Items MutatingWebhookConfigurationTypeArrayOutput `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringOutput `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaOutput `pulumi:"metadata"`
}

MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration.

func GetMutatingWebhookConfigurationList 

func GetMutatingWebhookConfigurationList(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *MutatingWebhookConfigurationListState, opts ...pulumi.ResourceOption) (*MutatingWebhookConfigurationList, error)

GetMutatingWebhookConfigurationList gets an existing MutatingWebhookConfigurationList resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewMutatingWebhookConfigurationList 

func NewMutatingWebhookConfigurationList(ctx *pulumi.Context,
	name string, args *MutatingWebhookConfigurationListArgs, opts ...pulumi.ResourceOption) (*MutatingWebhookConfigurationList, error)

NewMutatingWebhookConfigurationList registers a new resource with the given unique name, arguments, and options.

func (*MutatingWebhookConfigurationList) ElementType 

func (*MutatingWebhookConfigurationList) ElementType() reflect.Type

func (*MutatingWebhookConfigurationList) ToMutatingWebhookConfigurationListOutput 

func (i *MutatingWebhookConfigurationList) ToMutatingWebhookConfigurationListOutput() MutatingWebhookConfigurationListOutput

func (*MutatingWebhookConfigurationList) ToMutatingWebhookConfigurationListOutputWithContext 

func (i *MutatingWebhookConfigurationList) ToMutatingWebhookConfigurationListOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListOutput

type MutatingWebhookConfigurationListArgs 

type MutatingWebhookConfigurationListArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// List of MutatingWebhookConfiguration.
	Items MutatingWebhookConfigurationTypeArrayInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaPtrInput
}

The set of arguments for constructing a MutatingWebhookConfigurationList resource.

func (MutatingWebhookConfigurationListArgs) ElementType 

func (MutatingWebhookConfigurationListArgs) ElementType() reflect.Type

type MutatingWebhookConfigurationListArray 

type MutatingWebhookConfigurationListArray []MutatingWebhookConfigurationListInput

func (MutatingWebhookConfigurationListArray) ElementType 

func (MutatingWebhookConfigurationListArray) ElementType() reflect.Type

func (MutatingWebhookConfigurationListArray) ToMutatingWebhookConfigurationListArrayOutput 

func (i MutatingWebhookConfigurationListArray) ToMutatingWebhookConfigurationListArrayOutput() MutatingWebhookConfigurationListArrayOutput

func (MutatingWebhookConfigurationListArray) ToMutatingWebhookConfigurationListArrayOutputWithContext 

func (i MutatingWebhookConfigurationListArray) ToMutatingWebhookConfigurationListArrayOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListArrayOutput

type MutatingWebhookConfigurationListArrayInput 

type MutatingWebhookConfigurationListArrayInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationListArrayOutput() MutatingWebhookConfigurationListArrayOutput
	ToMutatingWebhookConfigurationListArrayOutputWithContext(context.Context) MutatingWebhookConfigurationListArrayOutput
}

MutatingWebhookConfigurationListArrayInput is an input type that accepts MutatingWebhookConfigurationListArray and MutatingWebhookConfigurationListArrayOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationListArrayInput` via: 

MutatingWebhookConfigurationListArray{ MutatingWebhookConfigurationListArgs{...} }

type MutatingWebhookConfigurationListArrayOutput 

type MutatingWebhookConfigurationListArrayOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationListArrayOutput) ElementType 

func (MutatingWebhookConfigurationListArrayOutput) ElementType() reflect.Type

func (MutatingWebhookConfigurationListArrayOutput) Index 

func (o MutatingWebhookConfigurationListArrayOutput) Index(i pulumi.IntInput) MutatingWebhookConfigurationListOutput

func (MutatingWebhookConfigurationListArrayOutput) ToMutatingWebhookConfigurationListArrayOutput 

func (o MutatingWebhookConfigurationListArrayOutput) ToMutatingWebhookConfigurationListArrayOutput() MutatingWebhookConfigurationListArrayOutput

func (MutatingWebhookConfigurationListArrayOutput) ToMutatingWebhookConfigurationListArrayOutputWithContext 

func (o MutatingWebhookConfigurationListArrayOutput) ToMutatingWebhookConfigurationListArrayOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListArrayOutput

type MutatingWebhookConfigurationListInput 

type MutatingWebhookConfigurationListInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationListOutput() MutatingWebhookConfigurationListOutput
	ToMutatingWebhookConfigurationListOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListOutput
}

type MutatingWebhookConfigurationListMap 

type MutatingWebhookConfigurationListMap map[string]MutatingWebhookConfigurationListInput

func (MutatingWebhookConfigurationListMap) ElementType 

func (MutatingWebhookConfigurationListMap) ElementType() reflect.Type

func (MutatingWebhookConfigurationListMap) ToMutatingWebhookConfigurationListMapOutput 

func (i MutatingWebhookConfigurationListMap) ToMutatingWebhookConfigurationListMapOutput() MutatingWebhookConfigurationListMapOutput

func (MutatingWebhookConfigurationListMap) ToMutatingWebhookConfigurationListMapOutputWithContext 

func (i MutatingWebhookConfigurationListMap) ToMutatingWebhookConfigurationListMapOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListMapOutput

type MutatingWebhookConfigurationListMapInput 

type MutatingWebhookConfigurationListMapInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationListMapOutput() MutatingWebhookConfigurationListMapOutput
	ToMutatingWebhookConfigurationListMapOutputWithContext(context.Context) MutatingWebhookConfigurationListMapOutput
}

MutatingWebhookConfigurationListMapInput is an input type that accepts MutatingWebhookConfigurationListMap and MutatingWebhookConfigurationListMapOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationListMapInput` via: 

MutatingWebhookConfigurationListMap{ "key": MutatingWebhookConfigurationListArgs{...} }

type MutatingWebhookConfigurationListMapOutput 

type MutatingWebhookConfigurationListMapOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationListMapOutput) ElementType 

func (MutatingWebhookConfigurationListMapOutput) ElementType() reflect.Type

func (MutatingWebhookConfigurationListMapOutput) MapIndex 

func (o MutatingWebhookConfigurationListMapOutput) MapIndex(k pulumi.StringInput) MutatingWebhookConfigurationListOutput

func (MutatingWebhookConfigurationListMapOutput) ToMutatingWebhookConfigurationListMapOutput 

func (o MutatingWebhookConfigurationListMapOutput) ToMutatingWebhookConfigurationListMapOutput() MutatingWebhookConfigurationListMapOutput

func (MutatingWebhookConfigurationListMapOutput) ToMutatingWebhookConfigurationListMapOutputWithContext 

func (o MutatingWebhookConfigurationListMapOutput) ToMutatingWebhookConfigurationListMapOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListMapOutput

type MutatingWebhookConfigurationListOutput 

type MutatingWebhookConfigurationListOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationListOutput) ApiVersion 

func (o MutatingWebhookConfigurationListOutput) ApiVersion() pulumi.StringOutput

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (MutatingWebhookConfigurationListOutput) ElementType 

func (MutatingWebhookConfigurationListOutput) ElementType() reflect.Type

func (MutatingWebhookConfigurationListOutput) Items 

func (o MutatingWebhookConfigurationListOutput) Items() MutatingWebhookConfigurationTypeArrayOutput

List of MutatingWebhookConfiguration.

func (MutatingWebhookConfigurationListOutput) Kind 

func (o MutatingWebhookConfigurationListOutput) Kind() pulumi.StringOutput

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (MutatingWebhookConfigurationListOutput) Metadata 

func (o MutatingWebhookConfigurationListOutput) Metadata() metav1.ListMetaOutput

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (MutatingWebhookConfigurationListOutput) ToMutatingWebhookConfigurationListOutput 

func (o MutatingWebhookConfigurationListOutput) ToMutatingWebhookConfigurationListOutput() MutatingWebhookConfigurationListOutput

func (MutatingWebhookConfigurationListOutput) ToMutatingWebhookConfigurationListOutputWithContext 

func (o MutatingWebhookConfigurationListOutput) ToMutatingWebhookConfigurationListOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListOutput

type MutatingWebhookConfigurationListState 

type MutatingWebhookConfigurationListState struct {
}

func (MutatingWebhookConfigurationListState) ElementType 

func (MutatingWebhookConfigurationListState) ElementType() reflect.Type

type MutatingWebhookConfigurationListType 

type MutatingWebhookConfigurationListType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// List of MutatingWebhookConfiguration.
	Items []MutatingWebhookConfigurationType `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata *metav1.ListMeta `pulumi:"metadata"`
}

MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration.

type MutatingWebhookConfigurationListTypeArgs 

type MutatingWebhookConfigurationListTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// List of MutatingWebhookConfiguration.
	Items MutatingWebhookConfigurationTypeArrayInput `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaPtrInput `pulumi:"metadata"`
}

MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration.

func (MutatingWebhookConfigurationListTypeArgs) ElementType 

func (MutatingWebhookConfigurationListTypeArgs) ElementType() reflect.Type

func (MutatingWebhookConfigurationListTypeArgs) ToMutatingWebhookConfigurationListTypeOutput 

func (i MutatingWebhookConfigurationListTypeArgs) ToMutatingWebhookConfigurationListTypeOutput() MutatingWebhookConfigurationListTypeOutput

func (MutatingWebhookConfigurationListTypeArgs) ToMutatingWebhookConfigurationListTypeOutputWithContext 

func (i MutatingWebhookConfigurationListTypeArgs) ToMutatingWebhookConfigurationListTypeOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListTypeOutput

type MutatingWebhookConfigurationListTypeInput 

type MutatingWebhookConfigurationListTypeInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationListTypeOutput() MutatingWebhookConfigurationListTypeOutput
	ToMutatingWebhookConfigurationListTypeOutputWithContext(context.Context) MutatingWebhookConfigurationListTypeOutput
}

MutatingWebhookConfigurationListTypeInput is an input type that accepts MutatingWebhookConfigurationListTypeArgs and MutatingWebhookConfigurationListTypeOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationListTypeInput` via: 

MutatingWebhookConfigurationListTypeArgs{...}

type MutatingWebhookConfigurationListTypeOutput 

type MutatingWebhookConfigurationListTypeOutput struct{ *pulumi.OutputState }

MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration.

func (MutatingWebhookConfigurationListTypeOutput) ApiVersion 

func (o MutatingWebhookConfigurationListTypeOutput) ApiVersion() pulumi.StringPtrOutput

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (MutatingWebhookConfigurationListTypeOutput) ElementType 

func (MutatingWebhookConfigurationListTypeOutput) ElementType() reflect.Type

func (MutatingWebhookConfigurationListTypeOutput) Items 

func (o MutatingWebhookConfigurationListTypeOutput) Items() MutatingWebhookConfigurationTypeArrayOutput

List of MutatingWebhookConfiguration.

func (MutatingWebhookConfigurationListTypeOutput) Kind 

func (o MutatingWebhookConfigurationListTypeOutput) Kind() pulumi.StringPtrOutput

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (MutatingWebhookConfigurationListTypeOutput) Metadata 

func (o MutatingWebhookConfigurationListTypeOutput) Metadata() metav1.ListMetaPtrOutput

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (MutatingWebhookConfigurationListTypeOutput) ToMutatingWebhookConfigurationListTypeOutput 

func (o MutatingWebhookConfigurationListTypeOutput) ToMutatingWebhookConfigurationListTypeOutput() MutatingWebhookConfigurationListTypeOutput

func (MutatingWebhookConfigurationListTypeOutput) ToMutatingWebhookConfigurationListTypeOutputWithContext 

func (o MutatingWebhookConfigurationListTypeOutput) ToMutatingWebhookConfigurationListTypeOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListTypeOutput

type MutatingWebhookConfigurationMap 

type MutatingWebhookConfigurationMap map[string]MutatingWebhookConfigurationInput

func (MutatingWebhookConfigurationMap) ElementType 

func (MutatingWebhookConfigurationMap) ElementType() reflect.Type

func (MutatingWebhookConfigurationMap) ToMutatingWebhookConfigurationMapOutput 

func (i MutatingWebhookConfigurationMap) ToMutatingWebhookConfigurationMapOutput() MutatingWebhookConfigurationMapOutput

func (MutatingWebhookConfigurationMap) ToMutatingWebhookConfigurationMapOutputWithContext 

func (i MutatingWebhookConfigurationMap) ToMutatingWebhookConfigurationMapOutputWithContext(ctx context.Context) MutatingWebhookConfigurationMapOutput

type MutatingWebhookConfigurationMapInput 

type MutatingWebhookConfigurationMapInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationMapOutput() MutatingWebhookConfigurationMapOutput
	ToMutatingWebhookConfigurationMapOutputWithContext(context.Context) MutatingWebhookConfigurationMapOutput
}

MutatingWebhookConfigurationMapInput is an input type that accepts MutatingWebhookConfigurationMap and MutatingWebhookConfigurationMapOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationMapInput` via: 

MutatingWebhookConfigurationMap{ "key": MutatingWebhookConfigurationArgs{...} }

type MutatingWebhookConfigurationMapOutput 

type MutatingWebhookConfigurationMapOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationMapOutput) ElementType 

func (MutatingWebhookConfigurationMapOutput) ElementType() reflect.Type

func (MutatingWebhookConfigurationMapOutput) MapIndex 

func (o MutatingWebhookConfigurationMapOutput) MapIndex(k pulumi.StringInput) MutatingWebhookConfigurationOutput

func (MutatingWebhookConfigurationMapOutput) ToMutatingWebhookConfigurationMapOutput 

func (o MutatingWebhookConfigurationMapOutput) ToMutatingWebhookConfigurationMapOutput() MutatingWebhookConfigurationMapOutput

func (MutatingWebhookConfigurationMapOutput) ToMutatingWebhookConfigurationMapOutputWithContext 

func (o MutatingWebhookConfigurationMapOutput) ToMutatingWebhookConfigurationMapOutputWithContext(ctx context.Context) MutatingWebhookConfigurationMapOutput

type MutatingWebhookConfigurationOutput 

type MutatingWebhookConfigurationOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationOutput) ApiVersion 

func (o MutatingWebhookConfigurationOutput) ApiVersion() pulumi.StringOutput

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (MutatingWebhookConfigurationOutput) ElementType 

func (MutatingWebhookConfigurationOutput) ElementType() reflect.Type

func (MutatingWebhookConfigurationOutput) Kind 

func (o MutatingWebhookConfigurationOutput) Kind() pulumi.StringOutput

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (MutatingWebhookConfigurationOutput) Metadata 

func (o MutatingWebhookConfigurationOutput) Metadata() metav1.ObjectMetaOutput

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (MutatingWebhookConfigurationOutput) ToMutatingWebhookConfigurationOutput 

func (o MutatingWebhookConfigurationOutput) ToMutatingWebhookConfigurationOutput() MutatingWebhookConfigurationOutput

func (MutatingWebhookConfigurationOutput) ToMutatingWebhookConfigurationOutputWithContext 

func (o MutatingWebhookConfigurationOutput) ToMutatingWebhookConfigurationOutputWithContext(ctx context.Context) MutatingWebhookConfigurationOutput

func (MutatingWebhookConfigurationOutput) Webhooks 

func (o MutatingWebhookConfigurationOutput) Webhooks() MutatingWebhookArrayOutput

Webhooks is a list of webhooks and the affected resources and operations.

type MutatingWebhookConfigurationPatch 

type MutatingWebhookConfigurationPatch struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrOutput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrOutput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrOutput `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks MutatingWebhookPatchArrayOutput `pulumi:"webhooks"`
}

Patch resources are used to modify existing Kubernetes resources by using Server-Side Apply updates. The name of the resource must be specified, but all other properties are optional. More than one patch may be applied to the same resource, and a random FieldManager name will be used for each Patch resource. Conflicts will result in an error by default, but can be forced using the "pulumi.com/patchForce" annotation. See the [Server-Side Apply Docs](https://www.pulumi.com/registry/packages/kubernetes/how-to-guides/managing-resources-with-server-side-apply/) for additional information about using Server-Side Apply to manage Kubernetes resources with Pulumi. MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.

func GetMutatingWebhookConfigurationPatch 

func GetMutatingWebhookConfigurationPatch(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *MutatingWebhookConfigurationPatchState, opts ...pulumi.ResourceOption) (*MutatingWebhookConfigurationPatch, error)

GetMutatingWebhookConfigurationPatch gets an existing MutatingWebhookConfigurationPatch resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewMutatingWebhookConfigurationPatch 

func NewMutatingWebhookConfigurationPatch(ctx *pulumi.Context,
	name string, args *MutatingWebhookConfigurationPatchArgs, opts ...pulumi.ResourceOption) (*MutatingWebhookConfigurationPatch, error)

NewMutatingWebhookConfigurationPatch registers a new resource with the given unique name, arguments, and options.

func (*MutatingWebhookConfigurationPatch) ElementType 

func (*MutatingWebhookConfigurationPatch) ElementType() reflect.Type

func (*MutatingWebhookConfigurationPatch) ToMutatingWebhookConfigurationPatchOutput 

func (i *MutatingWebhookConfigurationPatch) ToMutatingWebhookConfigurationPatchOutput() MutatingWebhookConfigurationPatchOutput

func (*MutatingWebhookConfigurationPatch) ToMutatingWebhookConfigurationPatchOutputWithContext 

func (i *MutatingWebhookConfigurationPatch) ToMutatingWebhookConfigurationPatchOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchOutput

type MutatingWebhookConfigurationPatchArgs 

type MutatingWebhookConfigurationPatchArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrInput
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks MutatingWebhookPatchArrayInput
}

The set of arguments for constructing a MutatingWebhookConfigurationPatch resource.

func (MutatingWebhookConfigurationPatchArgs) ElementType 

func (MutatingWebhookConfigurationPatchArgs) ElementType() reflect.Type

type MutatingWebhookConfigurationPatchArray 

type MutatingWebhookConfigurationPatchArray []MutatingWebhookConfigurationPatchInput

func (MutatingWebhookConfigurationPatchArray) ElementType 

func (MutatingWebhookConfigurationPatchArray) ElementType() reflect.Type

func (MutatingWebhookConfigurationPatchArray) ToMutatingWebhookConfigurationPatchArrayOutput 

func (i MutatingWebhookConfigurationPatchArray) ToMutatingWebhookConfigurationPatchArrayOutput() MutatingWebhookConfigurationPatchArrayOutput

func (MutatingWebhookConfigurationPatchArray) ToMutatingWebhookConfigurationPatchArrayOutputWithContext 

func (i MutatingWebhookConfigurationPatchArray) ToMutatingWebhookConfigurationPatchArrayOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchArrayOutput

type MutatingWebhookConfigurationPatchArrayInput 

type MutatingWebhookConfigurationPatchArrayInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationPatchArrayOutput() MutatingWebhookConfigurationPatchArrayOutput
	ToMutatingWebhookConfigurationPatchArrayOutputWithContext(context.Context) MutatingWebhookConfigurationPatchArrayOutput
}

MutatingWebhookConfigurationPatchArrayInput is an input type that accepts MutatingWebhookConfigurationPatchArray and MutatingWebhookConfigurationPatchArrayOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationPatchArrayInput` via: 

MutatingWebhookConfigurationPatchArray{ MutatingWebhookConfigurationPatchArgs{...} }

type MutatingWebhookConfigurationPatchArrayOutput 

type MutatingWebhookConfigurationPatchArrayOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationPatchArrayOutput) ElementType 

func (MutatingWebhookConfigurationPatchArrayOutput) ElementType() reflect.Type

func (MutatingWebhookConfigurationPatchArrayOutput) Index 

func (o MutatingWebhookConfigurationPatchArrayOutput) Index(i pulumi.IntInput) MutatingWebhookConfigurationPatchOutput

func (MutatingWebhookConfigurationPatchArrayOutput) ToMutatingWebhookConfigurationPatchArrayOutput 

func (o MutatingWebhookConfigurationPatchArrayOutput) ToMutatingWebhookConfigurationPatchArrayOutput() MutatingWebhookConfigurationPatchArrayOutput

func (MutatingWebhookConfigurationPatchArrayOutput) ToMutatingWebhookConfigurationPatchArrayOutputWithContext 

func (o MutatingWebhookConfigurationPatchArrayOutput) ToMutatingWebhookConfigurationPatchArrayOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchArrayOutput

type MutatingWebhookConfigurationPatchInput 

type MutatingWebhookConfigurationPatchInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationPatchOutput() MutatingWebhookConfigurationPatchOutput
	ToMutatingWebhookConfigurationPatchOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchOutput
}

type MutatingWebhookConfigurationPatchMap 

type MutatingWebhookConfigurationPatchMap map[string]MutatingWebhookConfigurationPatchInput

func (MutatingWebhookConfigurationPatchMap) ElementType 

func (MutatingWebhookConfigurationPatchMap) ElementType() reflect.Type

func (MutatingWebhookConfigurationPatchMap) ToMutatingWebhookConfigurationPatchMapOutput 

func (i MutatingWebhookConfigurationPatchMap) ToMutatingWebhookConfigurationPatchMapOutput() MutatingWebhookConfigurationPatchMapOutput

func (MutatingWebhookConfigurationPatchMap) ToMutatingWebhookConfigurationPatchMapOutputWithContext 

func (i MutatingWebhookConfigurationPatchMap) ToMutatingWebhookConfigurationPatchMapOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchMapOutput

type MutatingWebhookConfigurationPatchMapInput 

type MutatingWebhookConfigurationPatchMapInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationPatchMapOutput() MutatingWebhookConfigurationPatchMapOutput
	ToMutatingWebhookConfigurationPatchMapOutputWithContext(context.Context) MutatingWebhookConfigurationPatchMapOutput
}

MutatingWebhookConfigurationPatchMapInput is an input type that accepts MutatingWebhookConfigurationPatchMap and MutatingWebhookConfigurationPatchMapOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationPatchMapInput` via: 

MutatingWebhookConfigurationPatchMap{ "key": MutatingWebhookConfigurationPatchArgs{...} }

type MutatingWebhookConfigurationPatchMapOutput 

type MutatingWebhookConfigurationPatchMapOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationPatchMapOutput) ElementType 

func (MutatingWebhookConfigurationPatchMapOutput) ElementType() reflect.Type

func (MutatingWebhookConfigurationPatchMapOutput) MapIndex 

func (o MutatingWebhookConfigurationPatchMapOutput) MapIndex(k pulumi.StringInput) MutatingWebhookConfigurationPatchOutput

func (MutatingWebhookConfigurationPatchMapOutput) ToMutatingWebhookConfigurationPatchMapOutput 

func (o MutatingWebhookConfigurationPatchMapOutput) ToMutatingWebhookConfigurationPatchMapOutput() MutatingWebhookConfigurationPatchMapOutput

func (MutatingWebhookConfigurationPatchMapOutput) ToMutatingWebhookConfigurationPatchMapOutputWithContext 

func (o MutatingWebhookConfigurationPatchMapOutput) ToMutatingWebhookConfigurationPatchMapOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchMapOutput

type MutatingWebhookConfigurationPatchOutput 

type MutatingWebhookConfigurationPatchOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationPatchOutput) ApiVersion 

func (o MutatingWebhookConfigurationPatchOutput) ApiVersion() pulumi.StringPtrOutput

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (MutatingWebhookConfigurationPatchOutput) ElementType 

func (MutatingWebhookConfigurationPatchOutput) ElementType() reflect.Type

func (MutatingWebhookConfigurationPatchOutput) Kind 

func (o MutatingWebhookConfigurationPatchOutput) Kind() pulumi.StringPtrOutput

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (MutatingWebhookConfigurationPatchOutput) Metadata 

func (o MutatingWebhookConfigurationPatchOutput) Metadata() metav1.ObjectMetaPatchPtrOutput

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (MutatingWebhookConfigurationPatchOutput) ToMutatingWebhookConfigurationPatchOutput 

func (o MutatingWebhookConfigurationPatchOutput) ToMutatingWebhookConfigurationPatchOutput() MutatingWebhookConfigurationPatchOutput

func (MutatingWebhookConfigurationPatchOutput) ToMutatingWebhookConfigurationPatchOutputWithContext 

func (o MutatingWebhookConfigurationPatchOutput) ToMutatingWebhookConfigurationPatchOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchOutput

func (MutatingWebhookConfigurationPatchOutput) Webhooks 

func (o MutatingWebhookConfigurationPatchOutput) Webhooks() MutatingWebhookPatchArrayOutput

Webhooks is a list of webhooks and the affected resources and operations.

type MutatingWebhookConfigurationPatchState 

type MutatingWebhookConfigurationPatchState struct {
}

func (MutatingWebhookConfigurationPatchState) ElementType 

func (MutatingWebhookConfigurationPatchState) ElementType() reflect.Type

type MutatingWebhookConfigurationPatchType 

type MutatingWebhookConfigurationPatchType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata *metav1.ObjectMetaPatch `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks []MutatingWebhookPatch `pulumi:"webhooks"`
}

MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.

type MutatingWebhookConfigurationPatchTypeArgs 

type MutatingWebhookConfigurationPatchTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrInput `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks MutatingWebhookPatchArrayInput `pulumi:"webhooks"`
}

MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.

func (MutatingWebhookConfigurationPatchTypeArgs) ElementType 

func (MutatingWebhookConfigurationPatchTypeArgs) ElementType() reflect.Type

func (MutatingWebhookConfigurationPatchTypeArgs) ToMutatingWebhookConfigurationPatchTypeOutput 

func (i MutatingWebhookConfigurationPatchTypeArgs) ToMutatingWebhookConfigurationPatchTypeOutput() MutatingWebhookConfigurationPatchTypeOutput

func (MutatingWebhookConfigurationPatchTypeArgs) ToMutatingWebhookConfigurationPatchTypeOutputWithContext 

func (i MutatingWebhookConfigurationPatchTypeArgs) ToMutatingWebhookConfigurationPatchTypeOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchTypeOutput

type MutatingWebhookConfigurationPatchTypeInput 

type MutatingWebhookConfigurationPatchTypeInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationPatchTypeOutput() MutatingWebhookConfigurationPatchTypeOutput
	ToMutatingWebhookConfigurationPatchTypeOutputWithContext(context.Context) MutatingWebhookConfigurationPatchTypeOutput
}

MutatingWebhookConfigurationPatchTypeInput is an input type that accepts MutatingWebhookConfigurationPatchTypeArgs and MutatingWebhookConfigurationPatchTypeOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationPatchTypeInput` via: 

MutatingWebhookConfigurationPatchTypeArgs{...}

type MutatingWebhookConfigurationPatchTypeOutput 

type MutatingWebhookConfigurationPatchTypeOutput struct{ *pulumi.OutputState }

MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.

func (MutatingWebhookConfigurationPatchTypeOutput) ApiVersion 

func (o MutatingWebhookConfigurationPatchTypeOutput) ApiVersion() pulumi.StringPtrOutput

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (MutatingWebhookConfigurationPatchTypeOutput) ElementType 

func (MutatingWebhookConfigurationPatchTypeOutput) ElementType() reflect.Type

func (MutatingWebhookConfigurationPatchTypeOutput) Kind 

func (o MutatingWebhookConfigurationPatchTypeOutput) Kind() pulumi.StringPtrOutput

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (MutatingWebhookConfigurationPatchTypeOutput) Metadata 

func (o MutatingWebhookConfigurationPatchTypeOutput) Metadata() metav1.ObjectMetaPatchPtrOutput

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (MutatingWebhookConfigurationPatchTypeOutput) ToMutatingWebhookConfigurationPatchTypeOutput 

func (o MutatingWebhookConfigurationPatchTypeOutput) ToMutatingWebhookConfigurationPatchTypeOutput() MutatingWebhookConfigurationPatchTypeOutput

func (MutatingWebhookConfigurationPatchTypeOutput) ToMutatingWebhookConfigurationPatchTypeOutputWithContext 

func (o MutatingWebhookConfigurationPatchTypeOutput) ToMutatingWebhookConfigurationPatchTypeOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchTypeOutput

func (MutatingWebhookConfigurationPatchTypeOutput) Webhooks 

func (o MutatingWebhookConfigurationPatchTypeOutput) Webhooks() MutatingWebhookPatchArrayOutput

Webhooks is a list of webhooks and the affected resources and operations.

type MutatingWebhookConfigurationState 

type MutatingWebhookConfigurationState struct {
}

func (MutatingWebhookConfigurationState) ElementType 

func (MutatingWebhookConfigurationState) ElementType() reflect.Type

type MutatingWebhookConfigurationType 

type MutatingWebhookConfigurationType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata *metav1.ObjectMeta `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks []MutatingWebhook `pulumi:"webhooks"`
}

MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.

type MutatingWebhookConfigurationTypeArgs 

type MutatingWebhookConfigurationTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPtrInput `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks MutatingWebhookArrayInput `pulumi:"webhooks"`
}

MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.

func (MutatingWebhookConfigurationTypeArgs) ElementType 

func (MutatingWebhookConfigurationTypeArgs) ElementType() reflect.Type

func (MutatingWebhookConfigurationTypeArgs) ToMutatingWebhookConfigurationTypeOutput 

func (i MutatingWebhookConfigurationTypeArgs) ToMutatingWebhookConfigurationTypeOutput() MutatingWebhookConfigurationTypeOutput

func (MutatingWebhookConfigurationTypeArgs) ToMutatingWebhookConfigurationTypeOutputWithContext 

func (i MutatingWebhookConfigurationTypeArgs) ToMutatingWebhookConfigurationTypeOutputWithContext(ctx context.Context) MutatingWebhookConfigurationTypeOutput

type MutatingWebhookConfigurationTypeArray 

type MutatingWebhookConfigurationTypeArray []MutatingWebhookConfigurationTypeInput

func (MutatingWebhookConfigurationTypeArray) ElementType 

func (MutatingWebhookConfigurationTypeArray) ElementType() reflect.Type

func (MutatingWebhookConfigurationTypeArray) ToMutatingWebhookConfigurationTypeArrayOutput 

func (i MutatingWebhookConfigurationTypeArray) ToMutatingWebhookConfigurationTypeArrayOutput() MutatingWebhookConfigurationTypeArrayOutput

func (MutatingWebhookConfigurationTypeArray) ToMutatingWebhookConfigurationTypeArrayOutputWithContext 

func (i MutatingWebhookConfigurationTypeArray) ToMutatingWebhookConfigurationTypeArrayOutputWithContext(ctx context.Context) MutatingWebhookConfigurationTypeArrayOutput

type MutatingWebhookConfigurationTypeArrayInput 

type MutatingWebhookConfigurationTypeArrayInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationTypeArrayOutput() MutatingWebhookConfigurationTypeArrayOutput
	ToMutatingWebhookConfigurationTypeArrayOutputWithContext(context.Context) MutatingWebhookConfigurationTypeArrayOutput
}

MutatingWebhookConfigurationTypeArrayInput is an input type that accepts MutatingWebhookConfigurationTypeArray and MutatingWebhookConfigurationTypeArrayOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationTypeArrayInput` via: 

MutatingWebhookConfigurationTypeArray{ MutatingWebhookConfigurationTypeArgs{...} }

type MutatingWebhookConfigurationTypeArrayOutput 

type MutatingWebhookConfigurationTypeArrayOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationTypeArrayOutput) ElementType 

func (MutatingWebhookConfigurationTypeArrayOutput) ElementType() reflect.Type

func (MutatingWebhookConfigurationTypeArrayOutput) Index 

func (o MutatingWebhookConfigurationTypeArrayOutput) Index(i pulumi.IntInput) MutatingWebhookConfigurationTypeOutput

func (MutatingWebhookConfigurationTypeArrayOutput) ToMutatingWebhookConfigurationTypeArrayOutput 

func (o MutatingWebhookConfigurationTypeArrayOutput) ToMutatingWebhookConfigurationTypeArrayOutput() MutatingWebhookConfigurationTypeArrayOutput

func (MutatingWebhookConfigurationTypeArrayOutput) ToMutatingWebhookConfigurationTypeArrayOutputWithContext 

func (o MutatingWebhookConfigurationTypeArrayOutput) ToMutatingWebhookConfigurationTypeArrayOutputWithContext(ctx context.Context) MutatingWebhookConfigurationTypeArrayOutput

type MutatingWebhookConfigurationTypeInput 

type MutatingWebhookConfigurationTypeInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationTypeOutput() MutatingWebhookConfigurationTypeOutput
	ToMutatingWebhookConfigurationTypeOutputWithContext(context.Context) MutatingWebhookConfigurationTypeOutput
}

MutatingWebhookConfigurationTypeInput is an input type that accepts MutatingWebhookConfigurationTypeArgs and MutatingWebhookConfigurationTypeOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationTypeInput` via: 

MutatingWebhookConfigurationTypeArgs{...}

type MutatingWebhookConfigurationTypeOutput 

type MutatingWebhookConfigurationTypeOutput struct{ *pulumi.OutputState }

MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.

func (MutatingWebhookConfigurationTypeOutput) ApiVersion 

func (o MutatingWebhookConfigurationTypeOutput) ApiVersion() pulumi.StringPtrOutput

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (MutatingWebhookConfigurationTypeOutput) ElementType 

func (MutatingWebhookConfigurationTypeOutput) ElementType() reflect.Type

func (MutatingWebhookConfigurationTypeOutput) Kind 

func (o MutatingWebhookConfigurationTypeOutput) Kind() pulumi.StringPtrOutput

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (MutatingWebhookConfigurationTypeOutput) Metadata 

func (o MutatingWebhookConfigurationTypeOutput) Metadata() metav1.ObjectMetaPtrOutput

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (MutatingWebhookConfigurationTypeOutput) ToMutatingWebhookConfigurationTypeOutput 

func (o MutatingWebhookConfigurationTypeOutput) ToMutatingWebhookConfigurationTypeOutput() MutatingWebhookConfigurationTypeOutput

func (MutatingWebhookConfigurationTypeOutput) ToMutatingWebhookConfigurationTypeOutputWithContext 

func (o MutatingWebhookConfigurationTypeOutput) ToMutatingWebhookConfigurationTypeOutputWithContext(ctx context.Context) MutatingWebhookConfigurationTypeOutput

func (MutatingWebhookConfigurationTypeOutput) Webhooks 

func (o MutatingWebhookConfigurationTypeOutput) Webhooks() MutatingWebhookArrayOutput

Webhooks is a list of webhooks and the affected resources and operations.

type MutatingWebhookInput 

type MutatingWebhookInput interface {
	pulumi.Input

	ToMutatingWebhookOutput() MutatingWebhookOutput
	ToMutatingWebhookOutputWithContext(context.Context) MutatingWebhookOutput
}

MutatingWebhookInput is an input type that accepts MutatingWebhookArgs and MutatingWebhookOutput values. You can construct a concrete instance of `MutatingWebhookInput` via: 

MutatingWebhookArgs{...}

type MutatingWebhookOutput 

type MutatingWebhookOutput struct{ *pulumi.OutputState }

MutatingWebhook describes an admission webhook and the resources and operations it applies to.

func (MutatingWebhookOutput) AdmissionReviewVersions 

func (o MutatingWebhookOutput) AdmissionReviewVersions() pulumi.StringArrayOutput

AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.

func (MutatingWebhookOutput) ClientConfig 

func (o MutatingWebhookOutput) ClientConfig() WebhookClientConfigOutput

ClientConfig defines how to communicate with the hook. Required

func (MutatingWebhookOutput) ElementType 

func (MutatingWebhookOutput) ElementType() reflect.Type

func (MutatingWebhookOutput) FailurePolicy 

func (o MutatingWebhookOutput) FailurePolicy() pulumi.StringPtrOutput

FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.

func (MutatingWebhookOutput) MatchConditions 

func (o MutatingWebhookOutput) MatchConditions() MatchConditionArrayOutput

MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.

The exact matching logic is (in order):

  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
  2. If ALL matchConditions evaluate to TRUE, the webhook is called.
  3. If any matchCondition evaluates to an error (but none are FALSE): - If failurePolicy=Fail, reject the request - If failurePolicy=Ignore, the error is ignored and the webhook is skipped

func (MutatingWebhookOutput) MatchPolicy 

func (o MutatingWebhookOutput) MatchPolicy() pulumi.StringPtrOutput

matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.

- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.

Defaults to "Equivalent"

func (MutatingWebhookOutput) Name 

func (o MutatingWebhookOutput) Name() pulumi.StringOutput

The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.

func (MutatingWebhookOutput) NamespaceSelector 

func (o MutatingWebhookOutput) NamespaceSelector() metav1.LabelSelectorPtrOutput

NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook. 

For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "runlevel",
      "operator": "NotIn",
      "values": [
        "0",
        "1"
      ]
    }
  ]
}

If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "environment",
      "operator": "In",
      "values": [
        "prod",
        "staging"
      ]
    }
  ]
}

See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

func (MutatingWebhookOutput) ObjectSelector 

func (o MutatingWebhookOutput) ObjectSelector() metav1.LabelSelectorPtrOutput

ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.

func (MutatingWebhookOutput) ReinvocationPolicy 

func (o MutatingWebhookOutput) ReinvocationPolicy() pulumi.StringPtrOutput

reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded".

Never: the webhook will not be called more than once in a single admission evaluation.

IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.

Defaults to "Never".

func (MutatingWebhookOutput) Rules 

func (o MutatingWebhookOutput) Rules() RuleWithOperationsArrayOutput

Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.

func (MutatingWebhookOutput) SideEffects 

func (o MutatingWebhookOutput) SideEffects() pulumi.StringOutput

SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.

func (MutatingWebhookOutput) TimeoutSeconds 

func (o MutatingWebhookOutput) TimeoutSeconds() pulumi.IntPtrOutput

TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.

func (MutatingWebhookOutput) ToMutatingWebhookOutput 

func (o MutatingWebhookOutput) ToMutatingWebhookOutput() MutatingWebhookOutput

func (MutatingWebhookOutput) ToMutatingWebhookOutputWithContext 

func (o MutatingWebhookOutput) ToMutatingWebhookOutputWithContext(ctx context.Context) MutatingWebhookOutput

type MutatingWebhookPatch 

type MutatingWebhookPatch struct {
	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
	AdmissionReviewVersions []string `pulumi:"admissionReviewVersions"`
	// ClientConfig defines how to communicate with the hook. Required
	ClientConfig *WebhookClientConfigPatch `pulumi:"clientConfig"`
	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy *string `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
	MatchConditions []MatchConditionPatch `pulumi:"matchConditions"`
	// matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
	//
	// Defaults to "Equivalent"
	MatchPolicy *string `pulumi:"matchPolicy"`
	// The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
	Name *string `pulumi:"name"`
	// NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector *metav1.LabelSelectorPatch `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector *metav1.LabelSelectorPatch `pulumi:"objectSelector"`
	// reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded".
	//
	// Never: the webhook will not be called more than once in a single admission evaluation.
	//
	// IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.
	//
	// Defaults to "Never".
	ReinvocationPolicy *string `pulumi:"reinvocationPolicy"`
	// Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
	Rules []RuleWithOperationsPatch `pulumi:"rules"`
	// SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
	SideEffects *string `pulumi:"sideEffects"`
	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
	TimeoutSeconds *int `pulumi:"timeoutSeconds"`
}

MutatingWebhook describes an admission webhook and the resources and operations it applies to.

type MutatingWebhookPatchArgs 

type MutatingWebhookPatchArgs struct {
	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
	AdmissionReviewVersions pulumi.StringArrayInput `pulumi:"admissionReviewVersions"`
	// ClientConfig defines how to communicate with the hook. Required
	ClientConfig WebhookClientConfigPatchPtrInput `pulumi:"clientConfig"`
	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy pulumi.StringPtrInput `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
	MatchConditions MatchConditionPatchArrayInput `pulumi:"matchConditions"`
	// matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
	//
	// Defaults to "Equivalent"
	MatchPolicy pulumi.StringPtrInput `pulumi:"matchPolicy"`
	// The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
	Name pulumi.StringPtrInput `pulumi:"name"`
	// NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector metav1.LabelSelectorPatchPtrInput `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector metav1.LabelSelectorPatchPtrInput `pulumi:"objectSelector"`
	// reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded".
	//
	// Never: the webhook will not be called more than once in a single admission evaluation.
	//
	// IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.
	//
	// Defaults to "Never".
	ReinvocationPolicy pulumi.StringPtrInput `pulumi:"reinvocationPolicy"`
	// Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
	Rules RuleWithOperationsPatchArrayInput `pulumi:"rules"`
	// SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
	SideEffects pulumi.StringPtrInput `pulumi:"sideEffects"`
	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
	TimeoutSeconds pulumi.IntPtrInput `pulumi:"timeoutSeconds"`
}

MutatingWebhook describes an admission webhook and the resources and operations it applies to.

func (MutatingWebhookPatchArgs) ElementType 

func (MutatingWebhookPatchArgs) ElementType() reflect.Type

func (MutatingWebhookPatchArgs) ToMutatingWebhookPatchOutput 

func (i MutatingWebhookPatchArgs) ToMutatingWebhookPatchOutput() MutatingWebhookPatchOutput

func (MutatingWebhookPatchArgs) ToMutatingWebhookPatchOutputWithContext 

func (i MutatingWebhookPatchArgs) ToMutatingWebhookPatchOutputWithContext(ctx context.Context) MutatingWebhookPatchOutput

type MutatingWebhookPatchArray 

type MutatingWebhookPatchArray []MutatingWebhookPatchInput

func (MutatingWebhookPatchArray) ElementType 

func (MutatingWebhookPatchArray) ElementType() reflect.Type

func (MutatingWebhookPatchArray) ToMutatingWebhookPatchArrayOutput 

func (i MutatingWebhookPatchArray) ToMutatingWebhookPatchArrayOutput() MutatingWebhookPatchArrayOutput

func (MutatingWebhookPatchArray) ToMutatingWebhookPatchArrayOutputWithContext 

func (i MutatingWebhookPatchArray) ToMutatingWebhookPatchArrayOutputWithContext(ctx context.Context) MutatingWebhookPatchArrayOutput

type MutatingWebhookPatchArrayInput 

type MutatingWebhookPatchArrayInput interface {
	pulumi.Input

	ToMutatingWebhookPatchArrayOutput() MutatingWebhookPatchArrayOutput
	ToMutatingWebhookPatchArrayOutputWithContext(context.Context) MutatingWebhookPatchArrayOutput
}

MutatingWebhookPatchArrayInput is an input type that accepts MutatingWebhookPatchArray and MutatingWebhookPatchArrayOutput values. You can construct a concrete instance of `MutatingWebhookPatchArrayInput` via: 

MutatingWebhookPatchArray{ MutatingWebhookPatchArgs{...} }

type MutatingWebhookPatchArrayOutput 

type MutatingWebhookPatchArrayOutput struct{ *pulumi.OutputState }

func (MutatingWebhookPatchArrayOutput) ElementType 

func (MutatingWebhookPatchArrayOutput) ElementType() reflect.Type

func (MutatingWebhookPatchArrayOutput) Index 

func (o MutatingWebhookPatchArrayOutput) Index(i pulumi.IntInput) MutatingWebhookPatchOutput

func (MutatingWebhookPatchArrayOutput) ToMutatingWebhookPatchArrayOutput 

func (o MutatingWebhookPatchArrayOutput) ToMutatingWebhookPatchArrayOutput() MutatingWebhookPatchArrayOutput

func (MutatingWebhookPatchArrayOutput) ToMutatingWebhookPatchArrayOutputWithContext 

func (o MutatingWebhookPatchArrayOutput) ToMutatingWebhookPatchArrayOutputWithContext(ctx context.Context) MutatingWebhookPatchArrayOutput

type MutatingWebhookPatchInput 

type MutatingWebhookPatchInput interface {
	pulumi.Input

	ToMutatingWebhookPatchOutput() MutatingWebhookPatchOutput
	ToMutatingWebhookPatchOutputWithContext(context.Context) MutatingWebhookPatchOutput
}

MutatingWebhookPatchInput is an input type that accepts MutatingWebhookPatchArgs and MutatingWebhookPatchOutput values. You can construct a concrete instance of `MutatingWebhookPatchInput` via: 

MutatingWebhookPatchArgs{...}

type MutatingWebhookPatchOutput 

type MutatingWebhookPatchOutput struct{ *pulumi.OutputState }

MutatingWebhook describes an admission webhook and the resources and operations it applies to.

func (MutatingWebhookPatchOutput) AdmissionReviewVersions 

func (o MutatingWebhookPatchOutput) AdmissionReviewVersions() pulumi.StringArrayOutput

AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.

func (MutatingWebhookPatchOutput) ClientConfig 

func (o MutatingWebhookPatchOutput) ClientConfig() WebhookClientConfigPatchPtrOutput

ClientConfig defines how to communicate with the hook. Required

func (MutatingWebhookPatchOutput) ElementType 

func (MutatingWebhookPatchOutput) ElementType() reflect.Type

func (MutatingWebhookPatchOutput) FailurePolicy 

func (o MutatingWebhookPatchOutput) FailurePolicy() pulumi.StringPtrOutput

FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.

func (MutatingWebhookPatchOutput) MatchConditions 

func (o MutatingWebhookPatchOutput) MatchConditions() MatchConditionPatchArrayOutput

MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.

The exact matching logic is (in order):

  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
  2. If ALL matchConditions evaluate to TRUE, the webhook is called.
  3. If any matchCondition evaluates to an error (but none are FALSE): - If failurePolicy=Fail, reject the request - If failurePolicy=Ignore, the error is ignored and the webhook is skipped

func (MutatingWebhookPatchOutput) MatchPolicy 

func (o MutatingWebhookPatchOutput) MatchPolicy() pulumi.StringPtrOutput

matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.

- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.

Defaults to "Equivalent"

func (MutatingWebhookPatchOutput) Name 

func (o MutatingWebhookPatchOutput) Name() pulumi.StringPtrOutput

The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.

func (MutatingWebhookPatchOutput) NamespaceSelector 

func (o MutatingWebhookPatchOutput) NamespaceSelector() metav1.LabelSelectorPatchPtrOutput

NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook. 

For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "runlevel",
      "operator": "NotIn",
      "values": [
        "0",
        "1"
      ]
    }
  ]
}

If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "environment",
      "operator": "In",
      "values": [
        "prod",
        "staging"
      ]
    }
  ]
}

See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

func (MutatingWebhookPatchOutput) ObjectSelector 

func (o MutatingWebhookPatchOutput) ObjectSelector() metav1.LabelSelectorPatchPtrOutput

ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.

func (MutatingWebhookPatchOutput) ReinvocationPolicy 

func (o MutatingWebhookPatchOutput) ReinvocationPolicy() pulumi.StringPtrOutput

reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded".

Never: the webhook will not be called more than once in a single admission evaluation.

IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.

Defaults to "Never".

func (MutatingWebhookPatchOutput) Rules 

func (o MutatingWebhookPatchOutput) Rules() RuleWithOperationsPatchArrayOutput

Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.

func (MutatingWebhookPatchOutput) SideEffects 

func (o MutatingWebhookPatchOutput) SideEffects() pulumi.StringPtrOutput

SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.

func (MutatingWebhookPatchOutput) TimeoutSeconds 

func (o MutatingWebhookPatchOutput) TimeoutSeconds() pulumi.IntPtrOutput

TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.

func (MutatingWebhookPatchOutput) ToMutatingWebhookPatchOutput 

func (o MutatingWebhookPatchOutput) ToMutatingWebhookPatchOutput() MutatingWebhookPatchOutput

func (MutatingWebhookPatchOutput) ToMutatingWebhookPatchOutputWithContext 

func (o MutatingWebhookPatchOutput) ToMutatingWebhookPatchOutputWithContext(ctx context.Context) MutatingWebhookPatchOutput

type NamedRuleWithOperations added in v4.11.0 

type NamedRuleWithOperations struct {
	// APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
	ApiGroups []string `pulumi:"apiGroups"`
	// APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.
	ApiVersions []string `pulumi:"apiVersions"`
	// Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.
	Operations []string `pulumi:"operations"`
	// ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.
	ResourceNames []string `pulumi:"resourceNames"`
	// Resources is a list of resources this rule applies to.
	//
	// For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.
	//
	// If wildcard is present, the validation rule will ensure resources do not overlap with each other.
	//
	// Depending on the enclosing object, subresources might not be allowed. Required.
	Resources []string `pulumi:"resources"`
	// scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
	Scope *string `pulumi:"scope"`
}

NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames.

type NamedRuleWithOperationsArgs added in v4.11.0 

type NamedRuleWithOperationsArgs struct {
	// APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
	ApiGroups pulumi.StringArrayInput `pulumi:"apiGroups"`
	// APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.
	ApiVersions pulumi.StringArrayInput `pulumi:"apiVersions"`
	// Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.
	Operations pulumi.StringArrayInput `pulumi:"operations"`
	// ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.
	ResourceNames pulumi.StringArrayInput `pulumi:"resourceNames"`
	// Resources is a list of resources this rule applies to.
	//
	// For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.
	//
	// If wildcard is present, the validation rule will ensure resources do not overlap with each other.
	//
	// Depending on the enclosing object, subresources might not be allowed. Required.
	Resources pulumi.StringArrayInput `pulumi:"resources"`
	// scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
	Scope pulumi.StringPtrInput `pulumi:"scope"`
}

NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames.

func (NamedRuleWithOperationsArgs) ElementType added in v4.11.0 

func (NamedRuleWithOperationsArgs) ElementType() reflect.Type

func (NamedRuleWithOperationsArgs) ToNamedRuleWithOperationsOutput added in v4.11.0 

func (i NamedRuleWithOperationsArgs) ToNamedRuleWithOperationsOutput() NamedRuleWithOperationsOutput

func (NamedRuleWithOperationsArgs) ToNamedRuleWithOperationsOutputWithContext added in v4.11.0 

func (i NamedRuleWithOperationsArgs) ToNamedRuleWithOperationsOutputWithContext(ctx context.Context) NamedRuleWithOperationsOutput

type NamedRuleWithOperationsArray added in v4.11.0 

type NamedRuleWithOperationsArray []NamedRuleWithOperationsInput

func (NamedRuleWithOperationsArray) ElementType added in v4.11.0 

func (NamedRuleWithOperationsArray) ElementType() reflect.Type

func (NamedRuleWithOperationsArray) ToNamedRuleWithOperationsArrayOutput added in v4.11.0 

func (i NamedRuleWithOperationsArray) ToNamedRuleWithOperationsArrayOutput() NamedRuleWithOperationsArrayOutput

func (NamedRuleWithOperationsArray) ToNamedRuleWithOperationsArrayOutputWithContext added in v4.11.0 

func (i NamedRuleWithOperationsArray) ToNamedRuleWithOperationsArrayOutputWithContext(ctx context.Context) NamedRuleWithOperationsArrayOutput

type NamedRuleWithOperationsArrayInput added in v4.11.0 

type NamedRuleWithOperationsArrayInput interface {
	pulumi.Input

	ToNamedRuleWithOperationsArrayOutput() NamedRuleWithOperationsArrayOutput
	ToNamedRuleWithOperationsArrayOutputWithContext(context.Context) NamedRuleWithOperationsArrayOutput
}

NamedRuleWithOperationsArrayInput is an input type that accepts NamedRuleWithOperationsArray and NamedRuleWithOperationsArrayOutput values. You can construct a concrete instance of `NamedRuleWithOperationsArrayInput` via: 

NamedRuleWithOperationsArray{ NamedRuleWithOperationsArgs{...} }

type NamedRuleWithOperationsArrayOutput added in v4.11.0 

type NamedRuleWithOperationsArrayOutput struct{ *pulumi.OutputState }

func (NamedRuleWithOperationsArrayOutput) ElementType added in v4.11.0 

func (NamedRuleWithOperationsArrayOutput) ElementType() reflect.Type

func (NamedRuleWithOperationsArrayOutput) Index added in v4.11.0 

func (o NamedRuleWithOperationsArrayOutput) Index(i pulumi.IntInput) NamedRuleWithOperationsOutput

func (NamedRuleWithOperationsArrayOutput) ToNamedRuleWithOperationsArrayOutput added in v4.11.0 

func (o NamedRuleWithOperationsArrayOutput) ToNamedRuleWithOperationsArrayOutput() NamedRuleWithOperationsArrayOutput

func (NamedRuleWithOperationsArrayOutput) ToNamedRuleWithOperationsArrayOutputWithContext added in v4.11.0 

func (o NamedRuleWithOperationsArrayOutput) ToNamedRuleWithOperationsArrayOutputWithContext(ctx context.Context) NamedRuleWithOperationsArrayOutput

type NamedRuleWithOperationsInput added in v4.11.0 

type NamedRuleWithOperationsInput interface {
	pulumi.Input

	ToNamedRuleWithOperationsOutput() NamedRuleWithOperationsOutput
	ToNamedRuleWithOperationsOutputWithContext(context.Context) NamedRuleWithOperationsOutput
}

NamedRuleWithOperationsInput is an input type that accepts NamedRuleWithOperationsArgs and NamedRuleWithOperationsOutput values. You can construct a concrete instance of `NamedRuleWithOperationsInput` via: 

NamedRuleWithOperationsArgs{...}

type NamedRuleWithOperationsOutput added in v4.11.0 

type NamedRuleWithOperationsOutput struct{ *pulumi.OutputState }

NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames.

func (NamedRuleWithOperationsOutput) ApiGroups added in v4.11.0 

func (o NamedRuleWithOperationsOutput) ApiGroups() pulumi.StringArrayOutput

APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.

func (NamedRuleWithOperationsOutput) ApiVersions added in v4.11.0 

func (o NamedRuleWithOperationsOutput) ApiVersions() pulumi.StringArrayOutput

APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.

func (NamedRuleWithOperationsOutput) ElementType added in v4.11.0 

func (NamedRuleWithOperationsOutput) ElementType() reflect.Type

func (NamedRuleWithOperationsOutput) Operations added in v4.11.0 

func (o NamedRuleWithOperationsOutput) Operations() pulumi.StringArrayOutput

Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.

func (NamedRuleWithOperationsOutput) ResourceNames added in v4.11.0 

func (o NamedRuleWithOperationsOutput) ResourceNames() pulumi.StringArrayOutput

ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.

func (NamedRuleWithOperationsOutput) Resources added in v4.11.0 

func (o NamedRuleWithOperationsOutput) Resources() pulumi.StringArrayOutput

Resources is a list of resources this rule applies to.

For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.

If wildcard is present, the validation rule will ensure resources do not overlap with each other.

Depending on the enclosing object, subresources might not be allowed. Required.

func (NamedRuleWithOperationsOutput) Scope added in v4.11.0 

func (o NamedRuleWithOperationsOutput) Scope() pulumi.StringPtrOutput

scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".

func (NamedRuleWithOperationsOutput) ToNamedRuleWithOperationsOutput added in v4.11.0 

func (o NamedRuleWithOperationsOutput) ToNamedRuleWithOperationsOutput() NamedRuleWithOperationsOutput

func (NamedRuleWithOperationsOutput) ToNamedRuleWithOperationsOutputWithContext added in v4.11.0 

func (o NamedRuleWithOperationsOutput) ToNamedRuleWithOperationsOutputWithContext(ctx context.Context) NamedRuleWithOperationsOutput

type NamedRuleWithOperationsPatch added in v4.11.0 

type NamedRuleWithOperationsPatch struct {
	// APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
	ApiGroups []string `pulumi:"apiGroups"`
	// APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.
	ApiVersions []string `pulumi:"apiVersions"`
	// Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.
	Operations []string `pulumi:"operations"`
	// ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.
	ResourceNames []string `pulumi:"resourceNames"`
	// Resources is a list of resources this rule applies to.
	//
	// For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.
	//
	// If wildcard is present, the validation rule will ensure resources do not overlap with each other.
	//
	// Depending on the enclosing object, subresources might not be allowed. Required.
	Resources []string `pulumi:"resources"`
	// scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
	Scope *string `pulumi:"scope"`
}

NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames.

type NamedRuleWithOperationsPatchArgs added in v4.11.0 

type NamedRuleWithOperationsPatchArgs struct {
	// APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
	ApiGroups pulumi.StringArrayInput `pulumi:"apiGroups"`
	// APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.
	ApiVersions pulumi.StringArrayInput `pulumi:"apiVersions"`
	// Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.
	Operations pulumi.StringArrayInput `pulumi:"operations"`
	// ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.
	ResourceNames pulumi.StringArrayInput `pulumi:"resourceNames"`
	// Resources is a list of resources this rule applies to.
	//
	// For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.
	//
	// If wildcard is present, the validation rule will ensure resources do not overlap with each other.
	//
	// Depending on the enclosing object, subresources might not be allowed. Required.
	Resources pulumi.StringArrayInput `pulumi:"resources"`
	// scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
	Scope pulumi.StringPtrInput `pulumi:"scope"`
}

NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames.

func (NamedRuleWithOperationsPatchArgs) ElementType added in v4.11.0 

func (NamedRuleWithOperationsPatchArgs) ElementType() reflect.Type

func (NamedRuleWithOperationsPatchArgs) ToNamedRuleWithOperationsPatchOutput added in v4.11.0 

func (i NamedRuleWithOperationsPatchArgs) ToNamedRuleWithOperationsPatchOutput() NamedRuleWithOperationsPatchOutput

func (NamedRuleWithOperationsPatchArgs) ToNamedRuleWithOperationsPatchOutputWithContext added in v4.11.0 

func (i NamedRuleWithOperationsPatchArgs) ToNamedRuleWithOperationsPatchOutputWithContext(ctx context.Context) NamedRuleWithOperationsPatchOutput

type NamedRuleWithOperationsPatchArray added in v4.11.0 

type NamedRuleWithOperationsPatchArray []NamedRuleWithOperationsPatchInput

func (NamedRuleWithOperationsPatchArray) ElementType added in v4.11.0 

func (NamedRuleWithOperationsPatchArray) ElementType() reflect.Type

func (NamedRuleWithOperationsPatchArray) ToNamedRuleWithOperationsPatchArrayOutput added in v4.11.0 

func (i NamedRuleWithOperationsPatchArray) ToNamedRuleWithOperationsPatchArrayOutput() NamedRuleWithOperationsPatchArrayOutput

func (NamedRuleWithOperationsPatchArray) ToNamedRuleWithOperationsPatchArrayOutputWithContext added in v4.11.0 

func (i NamedRuleWithOperationsPatchArray) ToNamedRuleWithOperationsPatchArrayOutputWithContext(ctx context.Context) NamedRuleWithOperationsPatchArrayOutput

type NamedRuleWithOperationsPatchArrayInput added in v4.11.0 

type NamedRuleWithOperationsPatchArrayInput interface {
	pulumi.Input

	ToNamedRuleWithOperationsPatchArrayOutput() NamedRuleWithOperationsPatchArrayOutput
	ToNamedRuleWithOperationsPatchArrayOutputWithContext(context.Context) NamedRuleWithOperationsPatchArrayOutput
}

NamedRuleWithOperationsPatchArrayInput is an input type that accepts NamedRuleWithOperationsPatchArray and NamedRuleWithOperationsPatchArrayOutput values. You can construct a concrete instance of `NamedRuleWithOperationsPatchArrayInput` via: 

NamedRuleWithOperationsPatchArray{ NamedRuleWithOperationsPatchArgs{...} }

type NamedRuleWithOperationsPatchArrayOutput added in v4.11.0 

type NamedRuleWithOperationsPatchArrayOutput struct{ *pulumi.OutputState }

func (NamedRuleWithOperationsPatchArrayOutput) ElementType added in v4.11.0 

func (NamedRuleWithOperationsPatchArrayOutput) ElementType() reflect.Type

func (NamedRuleWithOperationsPatchArrayOutput) Index added in v4.11.0 

func (o NamedRuleWithOperationsPatchArrayOutput) Index(i pulumi.IntInput) NamedRuleWithOperationsPatchOutput

func (NamedRuleWithOperationsPatchArrayOutput) ToNamedRuleWithOperationsPatchArrayOutput added in v4.11.0 

func (o NamedRuleWithOperationsPatchArrayOutput) ToNamedRuleWithOperationsPatchArrayOutput() NamedRuleWithOperationsPatchArrayOutput

func (NamedRuleWithOperationsPatchArrayOutput) ToNamedRuleWithOperationsPatchArrayOutputWithContext added in v4.11.0 

func (o NamedRuleWithOperationsPatchArrayOutput) ToNamedRuleWithOperationsPatchArrayOutputWithContext(ctx context.Context) NamedRuleWithOperationsPatchArrayOutput

type NamedRuleWithOperationsPatchInput added in v4.11.0 

type NamedRuleWithOperationsPatchInput interface {
	pulumi.Input

	ToNamedRuleWithOperationsPatchOutput() NamedRuleWithOperationsPatchOutput
	ToNamedRuleWithOperationsPatchOutputWithContext(context.Context) NamedRuleWithOperationsPatchOutput
}

NamedRuleWithOperationsPatchInput is an input type that accepts NamedRuleWithOperationsPatchArgs and NamedRuleWithOperationsPatchOutput values. You can construct a concrete instance of `NamedRuleWithOperationsPatchInput` via: 

NamedRuleWithOperationsPatchArgs{...}

type NamedRuleWithOperationsPatchOutput added in v4.11.0 

type NamedRuleWithOperationsPatchOutput struct{ *pulumi.OutputState }

NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames.

func (NamedRuleWithOperationsPatchOutput) ApiGroups added in v4.11.0 

func (o NamedRuleWithOperationsPatchOutput) ApiGroups() pulumi.StringArrayOutput

APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.

func (NamedRuleWithOperationsPatchOutput) ApiVersions added in v4.11.0 

func (o NamedRuleWithOperationsPatchOutput) ApiVersions() pulumi.StringArrayOutput

APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.

func (NamedRuleWithOperationsPatchOutput) ElementType added in v4.11.0 

func (NamedRuleWithOperationsPatchOutput) ElementType() reflect.Type

func (NamedRuleWithOperationsPatchOutput) Operations added in v4.11.0 

func (o NamedRuleWithOperationsPatchOutput) Operations() pulumi.StringArrayOutput

Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.

func (NamedRuleWithOperationsPatchOutput) ResourceNames added in v4.11.0 

func (o NamedRuleWithOperationsPatchOutput) ResourceNames() pulumi.StringArrayOutput

ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.

func (NamedRuleWithOperationsPatchOutput) Resources added in v4.11.0 

func (o NamedRuleWithOperationsPatchOutput) Resources() pulumi.StringArrayOutput

Resources is a list of resources this rule applies to.

For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.

If wildcard is present, the validation rule will ensure resources do not overlap with each other.

Depending on the enclosing object, subresources might not be allowed. Required.

func (NamedRuleWithOperationsPatchOutput) Scope added in v4.11.0 

func (o NamedRuleWithOperationsPatchOutput) Scope() pulumi.StringPtrOutput

scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".

func (NamedRuleWithOperationsPatchOutput) ToNamedRuleWithOperationsPatchOutput added in v4.11.0 

func (o NamedRuleWithOperationsPatchOutput) ToNamedRuleWithOperationsPatchOutput() NamedRuleWithOperationsPatchOutput

func (NamedRuleWithOperationsPatchOutput) ToNamedRuleWithOperationsPatchOutputWithContext added in v4.11.0 

func (o NamedRuleWithOperationsPatchOutput) ToNamedRuleWithOperationsPatchOutputWithContext(ctx context.Context) NamedRuleWithOperationsPatchOutput

type ParamKind added in v4.11.0 

type ParamKind struct {
	// APIVersion is the API group version the resources belong to. In format of "group/version". Required.
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is the API kind the resources belong to. Required.
	Kind *string `pulumi:"kind"`
}

ParamKind is a tuple of Group Kind and Version.

type ParamKindArgs added in v4.11.0 

type ParamKindArgs struct {
	// APIVersion is the API group version the resources belong to. In format of "group/version". Required.
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is the API kind the resources belong to. Required.
	Kind pulumi.StringPtrInput `pulumi:"kind"`
}

ParamKind is a tuple of Group Kind and Version.

func (ParamKindArgs) ElementType added in v4.11.0 

func (ParamKindArgs) ElementType() reflect.Type

func (ParamKindArgs) ToParamKindOutput added in v4.11.0 

func (i ParamKindArgs) ToParamKindOutput() ParamKindOutput

func (ParamKindArgs) ToParamKindOutputWithContext added in v4.11.0 

func (i ParamKindArgs) ToParamKindOutputWithContext(ctx context.Context) ParamKindOutput

func (ParamKindArgs) ToParamKindPtrOutput added in v4.11.0 

func (i ParamKindArgs) ToParamKindPtrOutput() ParamKindPtrOutput

func (ParamKindArgs) ToParamKindPtrOutputWithContext added in v4.11.0 

func (i ParamKindArgs) ToParamKindPtrOutputWithContext(ctx context.Context) ParamKindPtrOutput

type ParamKindInput added in v4.11.0 

type ParamKindInput interface {
	pulumi.Input

	ToParamKindOutput() ParamKindOutput
	ToParamKindOutputWithContext(context.Context) ParamKindOutput
}

ParamKindInput is an input type that accepts ParamKindArgs and ParamKindOutput values. You can construct a concrete instance of `ParamKindInput` via: 

ParamKindArgs{...}

type ParamKindOutput added in v4.11.0 

type ParamKindOutput struct{ *pulumi.OutputState }

ParamKind is a tuple of Group Kind and Version.

func (ParamKindOutput) ApiVersion added in v4.11.0 

func (o ParamKindOutput) ApiVersion() pulumi.StringPtrOutput

APIVersion is the API group version the resources belong to. In format of "group/version". Required.

func (ParamKindOutput) ElementType added in v4.11.0 

func (ParamKindOutput) ElementType() reflect.Type

func (ParamKindOutput) Kind added in v4.11.0 

func (o ParamKindOutput) Kind() pulumi.StringPtrOutput

Kind is the API kind the resources belong to. Required.

func (ParamKindOutput) ToParamKindOutput added in v4.11.0 

func (o ParamKindOutput) ToParamKindOutput() ParamKindOutput

func (ParamKindOutput) ToParamKindOutputWithContext added in v4.11.0 

func (o ParamKindOutput) ToParamKindOutputWithContext(ctx context.Context) ParamKindOutput

func (ParamKindOutput) ToParamKindPtrOutput added in v4.11.0 

func (o ParamKindOutput) ToParamKindPtrOutput() ParamKindPtrOutput

func (ParamKindOutput) ToParamKindPtrOutputWithContext added in v4.11.0 

func (o ParamKindOutput) ToParamKindPtrOutputWithContext(ctx context.Context) ParamKindPtrOutput

type ParamKindPatch added in v4.11.0 

type ParamKindPatch struct {
	// APIVersion is the API group version the resources belong to. In format of "group/version". Required.
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is the API kind the resources belong to. Required.
	Kind *string `pulumi:"kind"`
}

ParamKind is a tuple of Group Kind and Version.

type ParamKindPatchArgs added in v4.11.0 

type ParamKindPatchArgs struct {
	// APIVersion is the API group version the resources belong to. In format of "group/version". Required.
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is the API kind the resources belong to. Required.
	Kind pulumi.StringPtrInput `pulumi:"kind"`
}

ParamKind is a tuple of Group Kind and Version.

func (ParamKindPatchArgs) ElementType added in v4.11.0 

func (ParamKindPatchArgs) ElementType() reflect.Type

func (ParamKindPatchArgs) ToParamKindPatchOutput added in v4.11.0 

func (i ParamKindPatchArgs) ToParamKindPatchOutput() ParamKindPatchOutput

func (ParamKindPatchArgs) ToParamKindPatchOutputWithContext added in v4.11.0 

func (i ParamKindPatchArgs) ToParamKindPatchOutputWithContext(ctx context.Context) ParamKindPatchOutput

func (ParamKindPatchArgs) ToParamKindPatchPtrOutput added in v4.11.0 

func (i ParamKindPatchArgs) ToParamKindPatchPtrOutput() ParamKindPatchPtrOutput

func (ParamKindPatchArgs) ToParamKindPatchPtrOutputWithContext added in v4.11.0 

func (i ParamKindPatchArgs) ToParamKindPatchPtrOutputWithContext(ctx context.Context) ParamKindPatchPtrOutput

type ParamKindPatchInput added in v4.11.0 

type ParamKindPatchInput interface {
	pulumi.Input

	ToParamKindPatchOutput() ParamKindPatchOutput
	ToParamKindPatchOutputWithContext(context.Context) ParamKindPatchOutput
}

ParamKindPatchInput is an input type that accepts ParamKindPatchArgs and ParamKindPatchOutput values. You can construct a concrete instance of `ParamKindPatchInput` via: 

ParamKindPatchArgs{...}

type ParamKindPatchOutput added in v4.11.0 

type ParamKindPatchOutput struct{ *pulumi.OutputState }

ParamKind is a tuple of Group Kind and Version.

func (ParamKindPatchOutput) ApiVersion added in v4.11.0 

func (o ParamKindPatchOutput) ApiVersion() pulumi.StringPtrOutput

APIVersion is the API group version the resources belong to. In format of "group/version". Required.

func (ParamKindPatchOutput) ElementType added in v4.11.0 

func (ParamKindPatchOutput) ElementType() reflect.Type

func (ParamKindPatchOutput) Kind added in v4.11.0 

func (o ParamKindPatchOutput) Kind() pulumi.StringPtrOutput

Kind is the API kind the resources belong to. Required.

func (ParamKindPatchOutput) ToParamKindPatchOutput added in v4.11.0 

func (o ParamKindPatchOutput) ToParamKindPatchOutput() ParamKindPatchOutput

func (ParamKindPatchOutput) ToParamKindPatchOutputWithContext added in v4.11.0 

func (o ParamKindPatchOutput) ToParamKindPatchOutputWithContext(ctx context.Context) ParamKindPatchOutput

func (ParamKindPatchOutput) ToParamKindPatchPtrOutput added in v4.11.0 

func (o ParamKindPatchOutput) ToParamKindPatchPtrOutput() ParamKindPatchPtrOutput

func (ParamKindPatchOutput) ToParamKindPatchPtrOutputWithContext added in v4.11.0 

func (o ParamKindPatchOutput) ToParamKindPatchPtrOutputWithContext(ctx context.Context) ParamKindPatchPtrOutput

type ParamKindPatchPtrInput added in v4.11.0 

type ParamKindPatchPtrInput interface {
	pulumi.Input

	ToParamKindPatchPtrOutput() ParamKindPatchPtrOutput
	ToParamKindPatchPtrOutputWithContext(context.Context) ParamKindPatchPtrOutput
}

ParamKindPatchPtrInput is an input type that accepts ParamKindPatchArgs, ParamKindPatchPtr and ParamKindPatchPtrOutput values. You can construct a concrete instance of `ParamKindPatchPtrInput` via: 

        ParamKindPatchArgs{...}

or:

        nil

func ParamKindPatchPtr added in v4.11.0 

func ParamKindPatchPtr(v *ParamKindPatchArgs) ParamKindPatchPtrInput

type ParamKindPatchPtrOutput added in v4.11.0 

type ParamKindPatchPtrOutput struct{ *pulumi.OutputState }

func (ParamKindPatchPtrOutput) ApiVersion added in v4.11.0 

func (o ParamKindPatchPtrOutput) ApiVersion() pulumi.StringPtrOutput

APIVersion is the API group version the resources belong to. In format of "group/version". Required.

func (ParamKindPatchPtrOutput) Elem added in v4.11.0 

func (o ParamKindPatchPtrOutput) Elem() ParamKindPatchOutput

func (ParamKindPatchPtrOutput) ElementType added in v4.11.0 

func (ParamKindPatchPtrOutput) ElementType() reflect.Type

func (ParamKindPatchPtrOutput) Kind added in v4.11.0 

func (o ParamKindPatchPtrOutput) Kind() pulumi.StringPtrOutput

Kind is the API kind the resources belong to. Required.

func (ParamKindPatchPtrOutput) ToParamKindPatchPtrOutput added in v4.11.0 

func (o ParamKindPatchPtrOutput) ToParamKindPatchPtrOutput() ParamKindPatchPtrOutput

func (ParamKindPatchPtrOutput) ToParamKindPatchPtrOutputWithContext added in v4.11.0 

func (o ParamKindPatchPtrOutput) ToParamKindPatchPtrOutputWithContext(ctx context.Context) ParamKindPatchPtrOutput

type ParamKindPtrInput added in v4.11.0 

type ParamKindPtrInput interface {
	pulumi.Input

	ToParamKindPtrOutput() ParamKindPtrOutput
	ToParamKindPtrOutputWithContext(context.Context) ParamKindPtrOutput
}

ParamKindPtrInput is an input type that accepts ParamKindArgs, ParamKindPtr and ParamKindPtrOutput values. You can construct a concrete instance of `ParamKindPtrInput` via: 

        ParamKindArgs{...}

or:

        nil

func ParamKindPtr added in v4.11.0 

func ParamKindPtr(v *ParamKindArgs) ParamKindPtrInput

type ParamKindPtrOutput added in v4.11.0 

type ParamKindPtrOutput struct{ *pulumi.OutputState }

func (ParamKindPtrOutput) ApiVersion added in v4.11.0 

func (o ParamKindPtrOutput) ApiVersion() pulumi.StringPtrOutput

APIVersion is the API group version the resources belong to. In format of "group/version". Required.

func (ParamKindPtrOutput) Elem added in v4.11.0 

func (o ParamKindPtrOutput) Elem() ParamKindOutput

func (ParamKindPtrOutput) ElementType added in v4.11.0 

func (ParamKindPtrOutput) ElementType() reflect.Type

func (ParamKindPtrOutput) Kind added in v4.11.0 

func (o ParamKindPtrOutput) Kind() pulumi.StringPtrOutput

Kind is the API kind the resources belong to. Required.

func (ParamKindPtrOutput) ToParamKindPtrOutput added in v4.11.0 

func (o ParamKindPtrOutput) ToParamKindPtrOutput() ParamKindPtrOutput

func (ParamKindPtrOutput) ToParamKindPtrOutputWithContext added in v4.11.0 

func (o ParamKindPtrOutput) ToParamKindPtrOutputWithContext(ctx context.Context) ParamKindPtrOutput

type ParamRef added in v4.11.0 

type ParamRef struct {
	// name is the name of the resource being referenced.
	//
	// One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.
	//
	// A single parameter used for all admission requests can be configured by setting the `name` field, leaving `selector` blank, and setting namespace if `paramKind` is namespace-scoped.
	Name *string `pulumi:"name"`
	// namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.
	//
	// A per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.
	//
	// - If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.
	//
	// - If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.
	Namespace *string `pulumi:"namespace"`
	// `parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.
	//
	// Allowed values are `Allow` or `Deny`
	//
	// Required
	ParameterNotFoundAction *string `pulumi:"parameterNotFoundAction"`
	// selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.
	//
	// If multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.
	//
	// One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.
	Selector *metav1.LabelSelector `pulumi:"selector"`
}

ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding.

type ParamRefArgs added in v4.11.0 

type ParamRefArgs struct {
	// name is the name of the resource being referenced.
	//
	// One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.
	//
	// A single parameter used for all admission requests can be configured by setting the `name` field, leaving `selector` blank, and setting namespace if `paramKind` is namespace-scoped.
	Name pulumi.StringPtrInput `pulumi:"name"`
	// namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.
	//
	// A per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.
	//
	// - If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.
	//
	// - If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.
	Namespace pulumi.StringPtrInput `pulumi:"namespace"`
	// `parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.
	//
	// Allowed values are `Allow` or `Deny`
	//
	// Required
	ParameterNotFoundAction pulumi.StringPtrInput `pulumi:"parameterNotFoundAction"`
	// selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.
	//
	// If multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.
	//
	// One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.
	Selector metav1.LabelSelectorPtrInput `pulumi:"selector"`
}

ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding.

func (ParamRefArgs) ElementType added in v4.11.0 

func (ParamRefArgs) ElementType() reflect.Type

func (ParamRefArgs) ToParamRefOutput added in v4.11.0 

func (i ParamRefArgs) ToParamRefOutput() ParamRefOutput

func (ParamRefArgs) ToParamRefOutputWithContext added in v4.11.0 

func (i ParamRefArgs) ToParamRefOutputWithContext(ctx context.Context) ParamRefOutput

func (ParamRefArgs) ToParamRefPtrOutput added in v4.11.0 

func (i ParamRefArgs) ToParamRefPtrOutput() ParamRefPtrOutput

func (ParamRefArgs) ToParamRefPtrOutputWithContext added in v4.11.0 

func (i ParamRefArgs) ToParamRefPtrOutputWithContext(ctx context.Context) ParamRefPtrOutput

type ParamRefInput added in v4.11.0 

type ParamRefInput interface {
	pulumi.Input

	ToParamRefOutput() ParamRefOutput
	ToParamRefOutputWithContext(context.Context) ParamRefOutput
}

ParamRefInput is an input type that accepts ParamRefArgs and ParamRefOutput values. You can construct a concrete instance of `ParamRefInput` via: 

ParamRefArgs{...}

type ParamRefOutput added in v4.11.0 

type ParamRefOutput struct{ *pulumi.OutputState }

ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding.

func (ParamRefOutput) ElementType added in v4.11.0 

func (ParamRefOutput) ElementType() reflect.Type

func (ParamRefOutput) Name added in v4.11.0 

func (o ParamRefOutput) Name() pulumi.StringPtrOutput

name is the name of the resource being referenced.

One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.

A single parameter used for all admission requests can be configured by setting the `name` field, leaving `selector` blank, and setting namespace if `paramKind` is namespace-scoped.

func (ParamRefOutput) Namespace added in v4.11.0 

func (o ParamRefOutput) Namespace() pulumi.StringPtrOutput

namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.

A per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.

- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.

- If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.

func (ParamRefOutput) ParameterNotFoundAction added in v4.11.0 

func (o ParamRefOutput) ParameterNotFoundAction() pulumi.StringPtrOutput

`parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.

Allowed values are `Allow` or `Deny`

Required

func (ParamRefOutput) Selector added in v4.11.0 

func (o ParamRefOutput) Selector() metav1.LabelSelectorPtrOutput

selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.

If multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.

One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.

func (ParamRefOutput) ToParamRefOutput added in v4.11.0 

func (o ParamRefOutput) ToParamRefOutput() ParamRefOutput

func (ParamRefOutput) ToParamRefOutputWithContext added in v4.11.0 

func (o ParamRefOutput) ToParamRefOutputWithContext(ctx context.Context) ParamRefOutput

func (ParamRefOutput) ToParamRefPtrOutput added in v4.11.0 

func (o ParamRefOutput) ToParamRefPtrOutput() ParamRefPtrOutput

func (ParamRefOutput) ToParamRefPtrOutputWithContext added in v4.11.0 

func (o ParamRefOutput) ToParamRefPtrOutputWithContext(ctx context.Context) ParamRefPtrOutput

type ParamRefPatch added in v4.11.0 

type ParamRefPatch struct {
	// name is the name of the resource being referenced.
	//
	// One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.
	//
	// A single parameter used for all admission requests can be configured by setting the `name` field, leaving `selector` blank, and setting namespace if `paramKind` is namespace-scoped.
	Name *string `pulumi:"name"`
	// namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.
	//
	// A per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.
	//
	// - If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.
	//
	// - If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.
	Namespace *string `pulumi:"namespace"`
	// `parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.
	//
	// Allowed values are `Allow` or `Deny`
	//
	// Required
	ParameterNotFoundAction *string `pulumi:"parameterNotFoundAction"`
	// selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.
	//
	// If multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.
	//
	// One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.
	Selector *metav1.LabelSelectorPatch `pulumi:"selector"`
}

ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding.

type ParamRefPatchArgs added in v4.11.0 

type ParamRefPatchArgs struct {
	// name is the name of the resource being referenced.
	//
	// One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.
	//
	// A single parameter used for all admission requests can be configured by setting the `name` field, leaving `selector` blank, and setting namespace if `paramKind` is namespace-scoped.
	Name pulumi.StringPtrInput `pulumi:"name"`
	// namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.
	//
	// A per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.
	//
	// - If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.
	//
	// - If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.
	Namespace pulumi.StringPtrInput `pulumi:"namespace"`
	// `parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.
	//
	// Allowed values are `Allow` or `Deny`
	//
	// Required
	ParameterNotFoundAction pulumi.StringPtrInput `pulumi:"parameterNotFoundAction"`
	// selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.
	//
	// If multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.
	//
	// One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.
	Selector metav1.LabelSelectorPatchPtrInput `pulumi:"selector"`
}

ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding.

func (ParamRefPatchArgs) ElementType added in v4.11.0 

func (ParamRefPatchArgs) ElementType() reflect.Type

func (ParamRefPatchArgs) ToParamRefPatchOutput added in v4.11.0 

func (i ParamRefPatchArgs) ToParamRefPatchOutput() ParamRefPatchOutput

func (ParamRefPatchArgs) ToParamRefPatchOutputWithContext added in v4.11.0 

func (i ParamRefPatchArgs) ToParamRefPatchOutputWithContext(ctx context.Context) ParamRefPatchOutput

func (ParamRefPatchArgs) ToParamRefPatchPtrOutput added in v4.11.0 

func (i ParamRefPatchArgs) ToParamRefPatchPtrOutput() ParamRefPatchPtrOutput

func (ParamRefPatchArgs) ToParamRefPatchPtrOutputWithContext added in v4.11.0 

func (i ParamRefPatchArgs) ToParamRefPatchPtrOutputWithContext(ctx context.Context) ParamRefPatchPtrOutput

type ParamRefPatchInput added in v4.11.0 

type ParamRefPatchInput interface {
	pulumi.Input

	ToParamRefPatchOutput() ParamRefPatchOutput
	ToParamRefPatchOutputWithContext(context.Context) ParamRefPatchOutput
}

ParamRefPatchInput is an input type that accepts ParamRefPatchArgs and ParamRefPatchOutput values. You can construct a concrete instance of `ParamRefPatchInput` via: 

ParamRefPatchArgs{...}

type ParamRefPatchOutput added in v4.11.0 

type ParamRefPatchOutput struct{ *pulumi.OutputState }

ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding.

func (ParamRefPatchOutput) ElementType added in v4.11.0 

func (ParamRefPatchOutput) ElementType() reflect.Type

func (ParamRefPatchOutput) Name added in v4.11.0 

func (o ParamRefPatchOutput) Name() pulumi.StringPtrOutput

name is the name of the resource being referenced.

One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.

A single parameter used for all admission requests can be configured by setting the `name` field, leaving `selector` blank, and setting namespace if `paramKind` is namespace-scoped.

func (ParamRefPatchOutput) Namespace added in v4.11.0 

func (o ParamRefPatchOutput) Namespace() pulumi.StringPtrOutput

namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.

A per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.

- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.

- If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.

func (ParamRefPatchOutput) ParameterNotFoundAction added in v4.11.0 

func (o ParamRefPatchOutput) ParameterNotFoundAction() pulumi.StringPtrOutput

`parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.

Allowed values are `Allow` or `Deny`

Required

func (ParamRefPatchOutput) Selector added in v4.11.0 

func (o ParamRefPatchOutput) Selector() metav1.LabelSelectorPatchPtrOutput

selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.

If multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.

One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.

func (ParamRefPatchOutput) ToParamRefPatchOutput added in v4.11.0 

func (o ParamRefPatchOutput) ToParamRefPatchOutput() ParamRefPatchOutput

func (ParamRefPatchOutput) ToParamRefPatchOutputWithContext added in v4.11.0 

func (o ParamRefPatchOutput) ToParamRefPatchOutputWithContext(ctx context.Context) ParamRefPatchOutput

func (ParamRefPatchOutput) ToParamRefPatchPtrOutput added in v4.11.0 

func (o ParamRefPatchOutput) ToParamRefPatchPtrOutput() ParamRefPatchPtrOutput

func (ParamRefPatchOutput) ToParamRefPatchPtrOutputWithContext added in v4.11.0 

func (o ParamRefPatchOutput) ToParamRefPatchPtrOutputWithContext(ctx context.Context) ParamRefPatchPtrOutput

type ParamRefPatchPtrInput added in v4.11.0 

type ParamRefPatchPtrInput interface {
	pulumi.Input

	ToParamRefPatchPtrOutput() ParamRefPatchPtrOutput
	ToParamRefPatchPtrOutputWithContext(context.Context) ParamRefPatchPtrOutput
}

ParamRefPatchPtrInput is an input type that accepts ParamRefPatchArgs, ParamRefPatchPtr and ParamRefPatchPtrOutput values. You can construct a concrete instance of `ParamRefPatchPtrInput` via: 

        ParamRefPatchArgs{...}

or:

        nil

func ParamRefPatchPtr added in v4.11.0 

func ParamRefPatchPtr(v *ParamRefPatchArgs) ParamRefPatchPtrInput

type ParamRefPatchPtrOutput added in v4.11.0 

type ParamRefPatchPtrOutput struct{ *pulumi.OutputState }

func (ParamRefPatchPtrOutput) Elem added in v4.11.0 

func (o ParamRefPatchPtrOutput) Elem() ParamRefPatchOutput

func (ParamRefPatchPtrOutput) ElementType added in v4.11.0 

func (ParamRefPatchPtrOutput) ElementType() reflect.Type

func (ParamRefPatchPtrOutput) Name added in v4.11.0 

func (o ParamRefPatchPtrOutput) Name() pulumi.StringPtrOutput

name is the name of the resource being referenced.

One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.

A single parameter used for all admission requests can be configured by setting the `name` field, leaving `selector` blank, and setting namespace if `paramKind` is namespace-scoped.

func (ParamRefPatchPtrOutput) Namespace added in v4.11.0 

func (o ParamRefPatchPtrOutput) Namespace() pulumi.StringPtrOutput

namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.

A per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.

- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.

- If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.

func (ParamRefPatchPtrOutput) ParameterNotFoundAction added in v4.11.0 

func (o ParamRefPatchPtrOutput) ParameterNotFoundAction() pulumi.StringPtrOutput

`parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.

Allowed values are `Allow` or `Deny`

Required

func (ParamRefPatchPtrOutput) Selector added in v4.11.0 

func (o ParamRefPatchPtrOutput) Selector() metav1.LabelSelectorPatchPtrOutput

selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.

If multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.

One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.

func (ParamRefPatchPtrOutput) ToParamRefPatchPtrOutput added in v4.11.0 

func (o ParamRefPatchPtrOutput) ToParamRefPatchPtrOutput() ParamRefPatchPtrOutput

func (ParamRefPatchPtrOutput) ToParamRefPatchPtrOutputWithContext added in v4.11.0 

func (o ParamRefPatchPtrOutput) ToParamRefPatchPtrOutputWithContext(ctx context.Context) ParamRefPatchPtrOutput

type ParamRefPtrInput added in v4.11.0 

type ParamRefPtrInput interface {
	pulumi.Input

	ToParamRefPtrOutput() ParamRefPtrOutput
	ToParamRefPtrOutputWithContext(context.Context) ParamRefPtrOutput
}

ParamRefPtrInput is an input type that accepts ParamRefArgs, ParamRefPtr and ParamRefPtrOutput values. You can construct a concrete instance of `ParamRefPtrInput` via: 

        ParamRefArgs{...}

or:

        nil

func ParamRefPtr added in v4.11.0 

func ParamRefPtr(v *ParamRefArgs) ParamRefPtrInput

type ParamRefPtrOutput added in v4.11.0 

type ParamRefPtrOutput struct{ *pulumi.OutputState }

func (ParamRefPtrOutput) Elem added in v4.11.0 

func (o ParamRefPtrOutput) Elem() ParamRefOutput

func (ParamRefPtrOutput) ElementType added in v4.11.0 

func (ParamRefPtrOutput) ElementType() reflect.Type

func (ParamRefPtrOutput) Name added in v4.11.0 

func (o ParamRefPtrOutput) Name() pulumi.StringPtrOutput

name is the name of the resource being referenced.

One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.

A single parameter used for all admission requests can be configured by setting the `name` field, leaving `selector` blank, and setting namespace if `paramKind` is namespace-scoped.

func (ParamRefPtrOutput) Namespace added in v4.11.0 

func (o ParamRefPtrOutput) Namespace() pulumi.StringPtrOutput

namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.

A per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.

- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.

- If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.

func (ParamRefPtrOutput) ParameterNotFoundAction added in v4.11.0 

func (o ParamRefPtrOutput) ParameterNotFoundAction() pulumi.StringPtrOutput

`parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.

Allowed values are `Allow` or `Deny`

Required

func (ParamRefPtrOutput) Selector added in v4.11.0 

func (o ParamRefPtrOutput) Selector() metav1.LabelSelectorPtrOutput

selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.

If multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.

One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.

func (ParamRefPtrOutput) ToParamRefPtrOutput added in v4.11.0 

func (o ParamRefPtrOutput) ToParamRefPtrOutput() ParamRefPtrOutput

func (ParamRefPtrOutput) ToParamRefPtrOutputWithContext added in v4.11.0 

func (o ParamRefPtrOutput) ToParamRefPtrOutputWithContext(ctx context.Context) ParamRefPtrOutput

type RuleWithOperations 

type RuleWithOperations struct {
	// APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
	ApiGroups []string `pulumi:"apiGroups"`
	// APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.
	ApiVersions []string `pulumi:"apiVersions"`
	// Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.
	Operations []string `pulumi:"operations"`
	// Resources is a list of resources this rule applies to.
	//
	// For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.
	//
	// If wildcard is present, the validation rule will ensure resources do not overlap with each other.
	//
	// Depending on the enclosing object, subresources might not be allowed. Required.
	Resources []string `pulumi:"resources"`
	// scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
	Scope *string `pulumi:"scope"`
}

RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.

type RuleWithOperationsArgs 

type RuleWithOperationsArgs struct {
	// APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
	ApiGroups pulumi.StringArrayInput `pulumi:"apiGroups"`
	// APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.
	ApiVersions pulumi.StringArrayInput `pulumi:"apiVersions"`
	// Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.
	Operations pulumi.StringArrayInput `pulumi:"operations"`
	// Resources is a list of resources this rule applies to.
	//
	// For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.
	//
	// If wildcard is present, the validation rule will ensure resources do not overlap with each other.
	//
	// Depending on the enclosing object, subresources might not be allowed. Required.
	Resources pulumi.StringArrayInput `pulumi:"resources"`
	// scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
	Scope pulumi.StringPtrInput `pulumi:"scope"`
}

RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.

func (RuleWithOperationsArgs) ElementType 

func (RuleWithOperationsArgs) ElementType() reflect.Type

func (RuleWithOperationsArgs) ToRuleWithOperationsOutput 

func (i RuleWithOperationsArgs) ToRuleWithOperationsOutput() RuleWithOperationsOutput

func (RuleWithOperationsArgs) ToRuleWithOperationsOutputWithContext 

func (i RuleWithOperationsArgs) ToRuleWithOperationsOutputWithContext(ctx context.Context) RuleWithOperationsOutput

type RuleWithOperationsArray 

type RuleWithOperationsArray []RuleWithOperationsInput

func (RuleWithOperationsArray) ElementType 

func (RuleWithOperationsArray) ElementType() reflect.Type

func (RuleWithOperationsArray) ToRuleWithOperationsArrayOutput 

func (i RuleWithOperationsArray) ToRuleWithOperationsArrayOutput() RuleWithOperationsArrayOutput

func (RuleWithOperationsArray) ToRuleWithOperationsArrayOutputWithContext 

func (i RuleWithOperationsArray) ToRuleWithOperationsArrayOutputWithContext(ctx context.Context) RuleWithOperationsArrayOutput

type RuleWithOperationsArrayInput 

type RuleWithOperationsArrayInput interface {
	pulumi.Input

	ToRuleWithOperationsArrayOutput() RuleWithOperationsArrayOutput
	ToRuleWithOperationsArrayOutputWithContext(context.Context) RuleWithOperationsArrayOutput
}

RuleWithOperationsArrayInput is an input type that accepts RuleWithOperationsArray and RuleWithOperationsArrayOutput values. You can construct a concrete instance of `RuleWithOperationsArrayInput` via: 

RuleWithOperationsArray{ RuleWithOperationsArgs{...} }

type RuleWithOperationsArrayOutput 

type RuleWithOperationsArrayOutput struct{ *pulumi.OutputState }

func (RuleWithOperationsArrayOutput) ElementType 

func (RuleWithOperationsArrayOutput) ElementType() reflect.Type

func (RuleWithOperationsArrayOutput) Index 

func (o RuleWithOperationsArrayOutput) Index(i pulumi.IntInput) RuleWithOperationsOutput

func (RuleWithOperationsArrayOutput) ToRuleWithOperationsArrayOutput 

func (o RuleWithOperationsArrayOutput) ToRuleWithOperationsArrayOutput() RuleWithOperationsArrayOutput

func (RuleWithOperationsArrayOutput) ToRuleWithOperationsArrayOutputWithContext 

func (o RuleWithOperationsArrayOutput) ToRuleWithOperationsArrayOutputWithContext(ctx context.Context) RuleWithOperationsArrayOutput

type RuleWithOperationsInput 

type RuleWithOperationsInput interface {
	pulumi.Input

	ToRuleWithOperationsOutput() RuleWithOperationsOutput
	ToRuleWithOperationsOutputWithContext(context.Context) RuleWithOperationsOutput
}

RuleWithOperationsInput is an input type that accepts RuleWithOperationsArgs and RuleWithOperationsOutput values. You can construct a concrete instance of `RuleWithOperationsInput` via: 

RuleWithOperationsArgs{...}

type RuleWithOperationsOutput 

type RuleWithOperationsOutput struct{ *pulumi.OutputState }

RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.

func (RuleWithOperationsOutput) ApiGroups 

func (o RuleWithOperationsOutput) ApiGroups() pulumi.StringArrayOutput

APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.

func (RuleWithOperationsOutput) ApiVersions 

func (o RuleWithOperationsOutput) ApiVersions() pulumi.StringArrayOutput

APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.

func (RuleWithOperationsOutput) ElementType 

func (RuleWithOperationsOutput) ElementType() reflect.Type

func (RuleWithOperationsOutput) Operations 

func (o RuleWithOperationsOutput) Operations() pulumi.StringArrayOutput

Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.

func (RuleWithOperationsOutput) Resources 

func (o RuleWithOperationsOutput) Resources() pulumi.StringArrayOutput

Resources is a list of resources this rule applies to.

For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.

If wildcard is present, the validation rule will ensure resources do not overlap with each other.

Depending on the enclosing object, subresources might not be allowed. Required.

func (RuleWithOperationsOutput) Scope 

func (o RuleWithOperationsOutput) Scope() pulumi.StringPtrOutput

scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".

func (RuleWithOperationsOutput) ToRuleWithOperationsOutput 

func (o RuleWithOperationsOutput) ToRuleWithOperationsOutput() RuleWithOperationsOutput

func (RuleWithOperationsOutput) ToRuleWithOperationsOutputWithContext 

func (o RuleWithOperationsOutput) ToRuleWithOperationsOutputWithContext(ctx context.Context) RuleWithOperationsOutput

type RuleWithOperationsPatch 

type RuleWithOperationsPatch struct {
	// APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
	ApiGroups []string `pulumi:"apiGroups"`
	// APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.
	ApiVersions []string `pulumi:"apiVersions"`
	// Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.
	Operations []string `pulumi:"operations"`
	// Resources is a list of resources this rule applies to.
	//
	// For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.
	//
	// If wildcard is present, the validation rule will ensure resources do not overlap with each other.
	//
	// Depending on the enclosing object, subresources might not be allowed. Required.
	Resources []string `pulumi:"resources"`
	// scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
	Scope *string `pulumi:"scope"`
}

RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.

type RuleWithOperationsPatchArgs 

type RuleWithOperationsPatchArgs struct {
	// APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
	ApiGroups pulumi.StringArrayInput `pulumi:"apiGroups"`
	// APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.
	ApiVersions pulumi.StringArrayInput `pulumi:"apiVersions"`
	// Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.
	Operations pulumi.StringArrayInput `pulumi:"operations"`
	// Resources is a list of resources this rule applies to.
	//
	// For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.
	//
	// If wildcard is present, the validation rule will ensure resources do not overlap with each other.
	//
	// Depending on the enclosing object, subresources might not be allowed. Required.
	Resources pulumi.StringArrayInput `pulumi:"resources"`
	// scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
	Scope pulumi.StringPtrInput `pulumi:"scope"`
}

RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.

func (RuleWithOperationsPatchArgs) ElementType 

func (RuleWithOperationsPatchArgs) ElementType() reflect.Type

func (RuleWithOperationsPatchArgs) ToRuleWithOperationsPatchOutput 

func (i RuleWithOperationsPatchArgs) ToRuleWithOperationsPatchOutput() RuleWithOperationsPatchOutput

func (RuleWithOperationsPatchArgs) ToRuleWithOperationsPatchOutputWithContext 

func (i RuleWithOperationsPatchArgs) ToRuleWithOperationsPatchOutputWithContext(ctx context.Context) RuleWithOperationsPatchOutput

type RuleWithOperationsPatchArray 

type RuleWithOperationsPatchArray []RuleWithOperationsPatchInput

func (RuleWithOperationsPatchArray) ElementType 

func (RuleWithOperationsPatchArray) ElementType() reflect.Type

func (RuleWithOperationsPatchArray) ToRuleWithOperationsPatchArrayOutput 

func (i RuleWithOperationsPatchArray) ToRuleWithOperationsPatchArrayOutput() RuleWithOperationsPatchArrayOutput

func (RuleWithOperationsPatchArray) ToRuleWithOperationsPatchArrayOutputWithContext 

func (i RuleWithOperationsPatchArray) ToRuleWithOperationsPatchArrayOutputWithContext(ctx context.Context) RuleWithOperationsPatchArrayOutput

type RuleWithOperationsPatchArrayInput 

type RuleWithOperationsPatchArrayInput interface {
	pulumi.Input

	ToRuleWithOperationsPatchArrayOutput() RuleWithOperationsPatchArrayOutput
	ToRuleWithOperationsPatchArrayOutputWithContext(context.Context) RuleWithOperationsPatchArrayOutput
}

RuleWithOperationsPatchArrayInput is an input type that accepts RuleWithOperationsPatchArray and RuleWithOperationsPatchArrayOutput values. You can construct a concrete instance of `RuleWithOperationsPatchArrayInput` via: 

RuleWithOperationsPatchArray{ RuleWithOperationsPatchArgs{...} }

type RuleWithOperationsPatchArrayOutput 

type RuleWithOperationsPatchArrayOutput struct{ *pulumi.OutputState }

func (RuleWithOperationsPatchArrayOutput) ElementType 

func (RuleWithOperationsPatchArrayOutput) ElementType() reflect.Type

func (RuleWithOperationsPatchArrayOutput) Index 

func (o RuleWithOperationsPatchArrayOutput) Index(i pulumi.IntInput) RuleWithOperationsPatchOutput

func (RuleWithOperationsPatchArrayOutput) ToRuleWithOperationsPatchArrayOutput 

func (o RuleWithOperationsPatchArrayOutput) ToRuleWithOperationsPatchArrayOutput() RuleWithOperationsPatchArrayOutput

func (RuleWithOperationsPatchArrayOutput) ToRuleWithOperationsPatchArrayOutputWithContext 

func (o RuleWithOperationsPatchArrayOutput) ToRuleWithOperationsPatchArrayOutputWithContext(ctx context.Context) RuleWithOperationsPatchArrayOutput

type RuleWithOperationsPatchInput 

type RuleWithOperationsPatchInput interface {
	pulumi.Input

	ToRuleWithOperationsPatchOutput() RuleWithOperationsPatchOutput
	ToRuleWithOperationsPatchOutputWithContext(context.Context) RuleWithOperationsPatchOutput
}

RuleWithOperationsPatchInput is an input type that accepts RuleWithOperationsPatchArgs and RuleWithOperationsPatchOutput values. You can construct a concrete instance of `RuleWithOperationsPatchInput` via: 

RuleWithOperationsPatchArgs{...}

type RuleWithOperationsPatchOutput 

type RuleWithOperationsPatchOutput struct{ *pulumi.OutputState }

RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.

func (RuleWithOperationsPatchOutput) ApiGroups 

func (o RuleWithOperationsPatchOutput) ApiGroups() pulumi.StringArrayOutput

APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.

func (RuleWithOperationsPatchOutput) ApiVersions 

func (o RuleWithOperationsPatchOutput) ApiVersions() pulumi.StringArrayOutput

APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.

func (RuleWithOperationsPatchOutput) ElementType 

func (RuleWithOperationsPatchOutput) ElementType() reflect.Type

func (RuleWithOperationsPatchOutput) Operations 

func (o RuleWithOperationsPatchOutput) Operations() pulumi.StringArrayOutput

Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.

func (RuleWithOperationsPatchOutput) Resources 

func (o RuleWithOperationsPatchOutput) Resources() pulumi.StringArrayOutput

Resources is a list of resources this rule applies to.

For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.

If wildcard is present, the validation rule will ensure resources do not overlap with each other.

Depending on the enclosing object, subresources might not be allowed. Required.

func (RuleWithOperationsPatchOutput) Scope 

func (o RuleWithOperationsPatchOutput) Scope() pulumi.StringPtrOutput

scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".

func (RuleWithOperationsPatchOutput) ToRuleWithOperationsPatchOutput 

func (o RuleWithOperationsPatchOutput) ToRuleWithOperationsPatchOutput() RuleWithOperationsPatchOutput

func (RuleWithOperationsPatchOutput) ToRuleWithOperationsPatchOutputWithContext 

func (o RuleWithOperationsPatchOutput) ToRuleWithOperationsPatchOutputWithContext(ctx context.Context) RuleWithOperationsPatchOutput

type ServiceReference 

type ServiceReference struct {
	// `name` is the name of the service. Required
	Name string `pulumi:"name"`
	// `namespace` is the namespace of the service. Required
	Namespace string `pulumi:"namespace"`
	// `path` is an optional URL path which will be sent in any request to this service.
	Path *string `pulumi:"path"`
	// If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).
	Port *int `pulumi:"port"`
}

ServiceReference holds a reference to Service.legacy.k8s.io

type ServiceReferenceArgs 

type ServiceReferenceArgs struct {
	// `name` is the name of the service. Required
	Name pulumi.StringInput `pulumi:"name"`
	// `namespace` is the namespace of the service. Required
	Namespace pulumi.StringInput `pulumi:"namespace"`
	// `path` is an optional URL path which will be sent in any request to this service.
	Path pulumi.StringPtrInput `pulumi:"path"`
	// If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).
	Port pulumi.IntPtrInput `pulumi:"port"`
}

ServiceReference holds a reference to Service.legacy.k8s.io

func (ServiceReferenceArgs) ElementType 

func (ServiceReferenceArgs) ElementType() reflect.Type

func (ServiceReferenceArgs) ToServiceReferenceOutput 

func (i ServiceReferenceArgs) ToServiceReferenceOutput() ServiceReferenceOutput

func (ServiceReferenceArgs) ToServiceReferenceOutputWithContext 

func (i ServiceReferenceArgs) ToServiceReferenceOutputWithContext(ctx context.Context) ServiceReferenceOutput

func (ServiceReferenceArgs) ToServiceReferencePtrOutput 

func (i ServiceReferenceArgs) ToServiceReferencePtrOutput() ServiceReferencePtrOutput

func (ServiceReferenceArgs) ToServiceReferencePtrOutputWithContext 

func (i ServiceReferenceArgs) ToServiceReferencePtrOutputWithContext(ctx context.Context) ServiceReferencePtrOutput

type ServiceReferenceInput 

type ServiceReferenceInput interface {
	pulumi.Input

	ToServiceReferenceOutput() ServiceReferenceOutput
	ToServiceReferenceOutputWithContext(context.Context) ServiceReferenceOutput
}

ServiceReferenceInput is an input type that accepts ServiceReferenceArgs and ServiceReferenceOutput values. You can construct a concrete instance of `ServiceReferenceInput` via: 

ServiceReferenceArgs{...}

type ServiceReferenceOutput 

type ServiceReferenceOutput struct{ *pulumi.OutputState }

ServiceReference holds a reference to Service.legacy.k8s.io

func (ServiceReferenceOutput) ElementType 

func (ServiceReferenceOutput) ElementType() reflect.Type

func (ServiceReferenceOutput) Name 

func (o ServiceReferenceOutput) Name() pulumi.StringOutput

`name` is the name of the service. Required

func (ServiceReferenceOutput) Namespace 

func (o ServiceReferenceOutput) Namespace() pulumi.StringOutput

`namespace` is the namespace of the service. Required

func (ServiceReferenceOutput) Path 

func (o ServiceReferenceOutput) Path() pulumi.StringPtrOutput

`path` is an optional URL path which will be sent in any request to this service.

func (ServiceReferenceOutput) Port 

func (o ServiceReferenceOutput) Port() pulumi.IntPtrOutput

If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).

func (ServiceReferenceOutput) ToServiceReferenceOutput 

func (o ServiceReferenceOutput) ToServiceReferenceOutput() ServiceReferenceOutput

func (ServiceReferenceOutput) ToServiceReferenceOutputWithContext 

func (o ServiceReferenceOutput) ToServiceReferenceOutputWithContext(ctx context.Context) ServiceReferenceOutput

func (ServiceReferenceOutput) ToServiceReferencePtrOutput 

func (o ServiceReferenceOutput) ToServiceReferencePtrOutput() ServiceReferencePtrOutput

func (ServiceReferenceOutput) ToServiceReferencePtrOutputWithContext 

func (o ServiceReferenceOutput) ToServiceReferencePtrOutputWithContext(ctx context.Context) ServiceReferencePtrOutput

type ServiceReferencePatch 

type ServiceReferencePatch struct {
	// `name` is the name of the service. Required
	Name *string `pulumi:"name"`
	// `namespace` is the namespace of the service. Required
	Namespace *string `pulumi:"namespace"`
	// `path` is an optional URL path which will be sent in any request to this service.
	Path *string `pulumi:"path"`
	// If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).
	Port *int `pulumi:"port"`
}

ServiceReference holds a reference to Service.legacy.k8s.io

type ServiceReferencePatchArgs 

type ServiceReferencePatchArgs struct {
	// `name` is the name of the service. Required
	Name pulumi.StringPtrInput `pulumi:"name"`
	// `namespace` is the namespace of the service. Required
	Namespace pulumi.StringPtrInput `pulumi:"namespace"`
	// `path` is an optional URL path which will be sent in any request to this service.
	Path pulumi.StringPtrInput `pulumi:"path"`
	// If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).
	Port pulumi.IntPtrInput `pulumi:"port"`
}

ServiceReference holds a reference to Service.legacy.k8s.io

func (ServiceReferencePatchArgs) ElementType 

func (ServiceReferencePatchArgs) ElementType() reflect.Type

func (ServiceReferencePatchArgs) ToServiceReferencePatchOutput 

func (i ServiceReferencePatchArgs) ToServiceReferencePatchOutput() ServiceReferencePatchOutput

func (ServiceReferencePatchArgs) ToServiceReferencePatchOutputWithContext 

func (i ServiceReferencePatchArgs) ToServiceReferencePatchOutputWithContext(ctx context.Context) ServiceReferencePatchOutput

func (ServiceReferencePatchArgs) ToServiceReferencePatchPtrOutput 

func (i ServiceReferencePatchArgs) ToServiceReferencePatchPtrOutput() ServiceReferencePatchPtrOutput

func (ServiceReferencePatchArgs) ToServiceReferencePatchPtrOutputWithContext 

func (i ServiceReferencePatchArgs) ToServiceReferencePatchPtrOutputWithContext(ctx context.Context) ServiceReferencePatchPtrOutput

type ServiceReferencePatchInput 

type ServiceReferencePatchInput interface {
	pulumi.Input

	ToServiceReferencePatchOutput() ServiceReferencePatchOutput
	ToServiceReferencePatchOutputWithContext(context.Context) ServiceReferencePatchOutput
}

ServiceReferencePatchInput is an input type that accepts ServiceReferencePatchArgs and ServiceReferencePatchOutput values. You can construct a concrete instance of `ServiceReferencePatchInput` via: 

ServiceReferencePatchArgs{...}

type ServiceReferencePatchOutput 

type ServiceReferencePatchOutput struct{ *pulumi.OutputState }

ServiceReference holds a reference to Service.legacy.k8s.io

func (ServiceReferencePatchOutput) ElementType 

func (ServiceReferencePatchOutput) ElementType() reflect.Type

func (ServiceReferencePatchOutput) Name 

func (o ServiceReferencePatchOutput) Name() pulumi.StringPtrOutput

`name` is the name of the service. Required

func (ServiceReferencePatchOutput) Namespace 

func (o ServiceReferencePatchOutput) Namespace() pulumi.StringPtrOutput

`namespace` is the namespace of the service. Required

func (ServiceReferencePatchOutput) Path 

func (o ServiceReferencePatchOutput) Path() pulumi.StringPtrOutput

`path` is an optional URL path which will be sent in any request to this service.

func (ServiceReferencePatchOutput) Port 

func (o ServiceReferencePatchOutput) Port() pulumi.IntPtrOutput

If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).

func (ServiceReferencePatchOutput) ToServiceReferencePatchOutput 

func (o ServiceReferencePatchOutput) ToServiceReferencePatchOutput() ServiceReferencePatchOutput

func (ServiceReferencePatchOutput) ToServiceReferencePatchOutputWithContext 

func (o ServiceReferencePatchOutput) ToServiceReferencePatchOutputWithContext(ctx context.Context) ServiceReferencePatchOutput

func (ServiceReferencePatchOutput) ToServiceReferencePatchPtrOutput 

func (o ServiceReferencePatchOutput) ToServiceReferencePatchPtrOutput() ServiceReferencePatchPtrOutput

func (ServiceReferencePatchOutput) ToServiceReferencePatchPtrOutputWithContext 

func (o ServiceReferencePatchOutput) ToServiceReferencePatchPtrOutputWithContext(ctx context.Context) ServiceReferencePatchPtrOutput

type ServiceReferencePatchPtrInput 

type ServiceReferencePatchPtrInput interface {
	pulumi.Input

	ToServiceReferencePatchPtrOutput() ServiceReferencePatchPtrOutput
	ToServiceReferencePatchPtrOutputWithContext(context.Context) ServiceReferencePatchPtrOutput
}

ServiceReferencePatchPtrInput is an input type that accepts ServiceReferencePatchArgs, ServiceReferencePatchPtr and ServiceReferencePatchPtrOutput values. You can construct a concrete instance of `ServiceReferencePatchPtrInput` via: 

        ServiceReferencePatchArgs{...}

or:

        nil

func ServiceReferencePatchPtr 

func ServiceReferencePatchPtr(v *ServiceReferencePatchArgs) ServiceReferencePatchPtrInput

type ServiceReferencePatchPtrOutput 

type ServiceReferencePatchPtrOutput struct{ *pulumi.OutputState }

func (ServiceReferencePatchPtrOutput) Elem 

func (o ServiceReferencePatchPtrOutput) Elem() ServiceReferencePatchOutput

func (ServiceReferencePatchPtrOutput) ElementType 

func (ServiceReferencePatchPtrOutput) ElementType() reflect.Type

func (ServiceReferencePatchPtrOutput) Name 

func (o ServiceReferencePatchPtrOutput) Name() pulumi.StringPtrOutput

`name` is the name of the service. Required

func (ServiceReferencePatchPtrOutput) Namespace 

func (o ServiceReferencePatchPtrOutput) Namespace() pulumi.StringPtrOutput

`namespace` is the namespace of the service. Required

func (ServiceReferencePatchPtrOutput) Path 

func (o ServiceReferencePatchPtrOutput) Path() pulumi.StringPtrOutput

`path` is an optional URL path which will be sent in any request to this service.

func (ServiceReferencePatchPtrOutput) Port 

func (o ServiceReferencePatchPtrOutput) Port() pulumi.IntPtrOutput

If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).

func (ServiceReferencePatchPtrOutput) ToServiceReferencePatchPtrOutput 

func (o ServiceReferencePatchPtrOutput) ToServiceReferencePatchPtrOutput() ServiceReferencePatchPtrOutput

func (ServiceReferencePatchPtrOutput) ToServiceReferencePatchPtrOutputWithContext 

func (o ServiceReferencePatchPtrOutput) ToServiceReferencePatchPtrOutputWithContext(ctx context.Context) ServiceReferencePatchPtrOutput

type ServiceReferencePtrInput 

type ServiceReferencePtrInput interface {
	pulumi.Input

	ToServiceReferencePtrOutput() ServiceReferencePtrOutput
	ToServiceReferencePtrOutputWithContext(context.Context) ServiceReferencePtrOutput
}

ServiceReferencePtrInput is an input type that accepts ServiceReferenceArgs, ServiceReferencePtr and ServiceReferencePtrOutput values. You can construct a concrete instance of `ServiceReferencePtrInput` via: 

        ServiceReferenceArgs{...}

or:

        nil

func ServiceReferencePtr 

func ServiceReferencePtr(v *ServiceReferenceArgs) ServiceReferencePtrInput

type ServiceReferencePtrOutput 

type ServiceReferencePtrOutput struct{ *pulumi.OutputState }

func (ServiceReferencePtrOutput) Elem 

func (o ServiceReferencePtrOutput) Elem() ServiceReferenceOutput

func (ServiceReferencePtrOutput) ElementType 

func (ServiceReferencePtrOutput) ElementType() reflect.Type

func (ServiceReferencePtrOutput) Name 

func (o ServiceReferencePtrOutput) Name() pulumi.StringPtrOutput

`name` is the name of the service. Required

func (ServiceReferencePtrOutput) Namespace 

func (o ServiceReferencePtrOutput) Namespace() pulumi.StringPtrOutput

`namespace` is the namespace of the service. Required

func (ServiceReferencePtrOutput) Path 

func (o ServiceReferencePtrOutput) Path() pulumi.StringPtrOutput

`path` is an optional URL path which will be sent in any request to this service.

func (ServiceReferencePtrOutput) Port 

func (o ServiceReferencePtrOutput) Port() pulumi.IntPtrOutput

If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).

func (ServiceReferencePtrOutput) ToServiceReferencePtrOutput 

func (o ServiceReferencePtrOutput) ToServiceReferencePtrOutput() ServiceReferencePtrOutput

func (ServiceReferencePtrOutput) ToServiceReferencePtrOutputWithContext 

func (o ServiceReferencePtrOutput) ToServiceReferencePtrOutputWithContext(ctx context.Context) ServiceReferencePtrOutput

type TypeChecking added in v4.11.0 

type TypeChecking struct {
	// The type checking warnings for each expression.
	ExpressionWarnings []ExpressionWarning `pulumi:"expressionWarnings"`
}

TypeChecking contains results of type checking the expressions in the ValidatingAdmissionPolicy

type TypeCheckingArgs added in v4.11.0 

type TypeCheckingArgs struct {
	// The type checking warnings for each expression.
	ExpressionWarnings ExpressionWarningArrayInput `pulumi:"expressionWarnings"`
}

TypeChecking contains results of type checking the expressions in the ValidatingAdmissionPolicy

func (TypeCheckingArgs) ElementType added in v4.11.0 

func (TypeCheckingArgs) ElementType() reflect.Type

func (TypeCheckingArgs) ToTypeCheckingOutput added in v4.11.0 

func (i TypeCheckingArgs) ToTypeCheckingOutput() TypeCheckingOutput

func (TypeCheckingArgs) ToTypeCheckingOutputWithContext added in v4.11.0 

func (i TypeCheckingArgs) ToTypeCheckingOutputWithContext(ctx context.Context) TypeCheckingOutput

func (TypeCheckingArgs) ToTypeCheckingPtrOutput added in v4.11.0 

func (i TypeCheckingArgs) ToTypeCheckingPtrOutput() TypeCheckingPtrOutput

func (TypeCheckingArgs) ToTypeCheckingPtrOutputWithContext added in v4.11.0 

func (i TypeCheckingArgs) ToTypeCheckingPtrOutputWithContext(ctx context.Context) TypeCheckingPtrOutput

type TypeCheckingInput added in v4.11.0 

type TypeCheckingInput interface {
	pulumi.Input

	ToTypeCheckingOutput() TypeCheckingOutput
	ToTypeCheckingOutputWithContext(context.Context) TypeCheckingOutput
}

TypeCheckingInput is an input type that accepts TypeCheckingArgs and TypeCheckingOutput values. You can construct a concrete instance of `TypeCheckingInput` via: 

TypeCheckingArgs{...}

type TypeCheckingOutput added in v4.11.0 

type TypeCheckingOutput struct{ *pulumi.OutputState }

TypeChecking contains results of type checking the expressions in the ValidatingAdmissionPolicy

func (TypeCheckingOutput) ElementType added in v4.11.0 

func (TypeCheckingOutput) ElementType() reflect.Type

func (TypeCheckingOutput) ExpressionWarnings added in v4.11.0 

func (o TypeCheckingOutput) ExpressionWarnings() ExpressionWarningArrayOutput

The type checking warnings for each expression.

func (TypeCheckingOutput) ToTypeCheckingOutput added in v4.11.0 

func (o TypeCheckingOutput) ToTypeCheckingOutput() TypeCheckingOutput

func (TypeCheckingOutput) ToTypeCheckingOutputWithContext added in v4.11.0 

func (o TypeCheckingOutput) ToTypeCheckingOutputWithContext(ctx context.Context) TypeCheckingOutput

func (TypeCheckingOutput) ToTypeCheckingPtrOutput added in v4.11.0 

func (o TypeCheckingOutput) ToTypeCheckingPtrOutput() TypeCheckingPtrOutput

func (TypeCheckingOutput) ToTypeCheckingPtrOutputWithContext added in v4.11.0 

func (o TypeCheckingOutput) ToTypeCheckingPtrOutputWithContext(ctx context.Context) TypeCheckingPtrOutput

type TypeCheckingPatch added in v4.11.0 

type TypeCheckingPatch struct {
	// The type checking warnings for each expression.
	ExpressionWarnings []ExpressionWarningPatch `pulumi:"expressionWarnings"`
}

TypeChecking contains results of type checking the expressions in the ValidatingAdmissionPolicy

type TypeCheckingPatchArgs added in v4.11.0 

type TypeCheckingPatchArgs struct {
	// The type checking warnings for each expression.
	ExpressionWarnings ExpressionWarningPatchArrayInput `pulumi:"expressionWarnings"`
}

TypeChecking contains results of type checking the expressions in the ValidatingAdmissionPolicy

func (TypeCheckingPatchArgs) ElementType added in v4.11.0 

func (TypeCheckingPatchArgs) ElementType() reflect.Type

func (TypeCheckingPatchArgs) ToTypeCheckingPatchOutput added in v4.11.0 

func (i TypeCheckingPatchArgs) ToTypeCheckingPatchOutput() TypeCheckingPatchOutput

func (TypeCheckingPatchArgs) ToTypeCheckingPatchOutputWithContext added in v4.11.0 

func (i TypeCheckingPatchArgs) ToTypeCheckingPatchOutputWithContext(ctx context.Context) TypeCheckingPatchOutput

func (TypeCheckingPatchArgs) ToTypeCheckingPatchPtrOutput added in v4.11.0 

func (i TypeCheckingPatchArgs) ToTypeCheckingPatchPtrOutput() TypeCheckingPatchPtrOutput

func (TypeCheckingPatchArgs) ToTypeCheckingPatchPtrOutputWithContext added in v4.11.0 

func (i TypeCheckingPatchArgs) ToTypeCheckingPatchPtrOutputWithContext(ctx context.Context) TypeCheckingPatchPtrOutput

type TypeCheckingPatchInput added in v4.11.0 

type TypeCheckingPatchInput interface {
	pulumi.Input

	ToTypeCheckingPatchOutput() TypeCheckingPatchOutput
	ToTypeCheckingPatchOutputWithContext(context.Context) TypeCheckingPatchOutput
}

TypeCheckingPatchInput is an input type that accepts TypeCheckingPatchArgs and TypeCheckingPatchOutput values. You can construct a concrete instance of `TypeCheckingPatchInput` via: 

TypeCheckingPatchArgs{...}

type TypeCheckingPatchOutput added in v4.11.0 

type TypeCheckingPatchOutput struct{ *pulumi.OutputState }

TypeChecking contains results of type checking the expressions in the ValidatingAdmissionPolicy

func (TypeCheckingPatchOutput) ElementType added in v4.11.0 

func (TypeCheckingPatchOutput) ElementType() reflect.Type

func (TypeCheckingPatchOutput) ExpressionWarnings added in v4.11.0 

func (o TypeCheckingPatchOutput) ExpressionWarnings() ExpressionWarningPatchArrayOutput

The type checking warnings for each expression.

func (TypeCheckingPatchOutput) ToTypeCheckingPatchOutput added in v4.11.0 

func (o TypeCheckingPatchOutput) ToTypeCheckingPatchOutput() TypeCheckingPatchOutput

func (TypeCheckingPatchOutput) ToTypeCheckingPatchOutputWithContext added in v4.11.0 

func (o TypeCheckingPatchOutput) ToTypeCheckingPatchOutputWithContext(ctx context.Context) TypeCheckingPatchOutput

func (TypeCheckingPatchOutput) ToTypeCheckingPatchPtrOutput added in v4.11.0 

func (o TypeCheckingPatchOutput) ToTypeCheckingPatchPtrOutput() TypeCheckingPatchPtrOutput

func (TypeCheckingPatchOutput) ToTypeCheckingPatchPtrOutputWithContext added in v4.11.0 

func (o TypeCheckingPatchOutput) ToTypeCheckingPatchPtrOutputWithContext(ctx context.Context) TypeCheckingPatchPtrOutput

type TypeCheckingPatchPtrInput added in v4.11.0 

type TypeCheckingPatchPtrInput interface {
	pulumi.Input

	ToTypeCheckingPatchPtrOutput() TypeCheckingPatchPtrOutput
	ToTypeCheckingPatchPtrOutputWithContext(context.Context) TypeCheckingPatchPtrOutput
}

TypeCheckingPatchPtrInput is an input type that accepts TypeCheckingPatchArgs, TypeCheckingPatchPtr and TypeCheckingPatchPtrOutput values. You can construct a concrete instance of `TypeCheckingPatchPtrInput` via: 

        TypeCheckingPatchArgs{...}

or:

        nil

func TypeCheckingPatchPtr added in v4.11.0 

func TypeCheckingPatchPtr(v *TypeCheckingPatchArgs) TypeCheckingPatchPtrInput

type TypeCheckingPatchPtrOutput added in v4.11.0 

type TypeCheckingPatchPtrOutput struct{ *pulumi.OutputState }

func (TypeCheckingPatchPtrOutput) Elem added in v4.11.0 

func (o TypeCheckingPatchPtrOutput) Elem() TypeCheckingPatchOutput

func (TypeCheckingPatchPtrOutput) ElementType added in v4.11.0 

func (TypeCheckingPatchPtrOutput) ElementType() reflect.Type

func (TypeCheckingPatchPtrOutput) ExpressionWarnings added in v4.11.0 

func (o TypeCheckingPatchPtrOutput) ExpressionWarnings() ExpressionWarningPatchArrayOutput

The type checking warnings for each expression.

func (TypeCheckingPatchPtrOutput) ToTypeCheckingPatchPtrOutput added in v4.11.0 

func (o TypeCheckingPatchPtrOutput) ToTypeCheckingPatchPtrOutput() TypeCheckingPatchPtrOutput

func (TypeCheckingPatchPtrOutput) ToTypeCheckingPatchPtrOutputWithContext added in v4.11.0 

func (o TypeCheckingPatchPtrOutput) ToTypeCheckingPatchPtrOutputWithContext(ctx context.Context) TypeCheckingPatchPtrOutput

type TypeCheckingPtrInput added in v4.11.0 

type TypeCheckingPtrInput interface {
	pulumi.Input

	ToTypeCheckingPtrOutput() TypeCheckingPtrOutput
	ToTypeCheckingPtrOutputWithContext(context.Context) TypeCheckingPtrOutput
}

TypeCheckingPtrInput is an input type that accepts TypeCheckingArgs, TypeCheckingPtr and TypeCheckingPtrOutput values. You can construct a concrete instance of `TypeCheckingPtrInput` via: 

        TypeCheckingArgs{...}

or:

        nil

func TypeCheckingPtr added in v4.11.0 

func TypeCheckingPtr(v *TypeCheckingArgs) TypeCheckingPtrInput

type TypeCheckingPtrOutput added in v4.11.0 

type TypeCheckingPtrOutput struct{ *pulumi.OutputState }

func (TypeCheckingPtrOutput) Elem added in v4.11.0 

func (o TypeCheckingPtrOutput) Elem() TypeCheckingOutput

func (TypeCheckingPtrOutput) ElementType added in v4.11.0 

func (TypeCheckingPtrOutput) ElementType() reflect.Type

func (TypeCheckingPtrOutput) ExpressionWarnings added in v4.11.0 

func (o TypeCheckingPtrOutput) ExpressionWarnings() ExpressionWarningArrayOutput

The type checking warnings for each expression.

func (TypeCheckingPtrOutput) ToTypeCheckingPtrOutput added in v4.11.0 

func (o TypeCheckingPtrOutput) ToTypeCheckingPtrOutput() TypeCheckingPtrOutput

func (TypeCheckingPtrOutput) ToTypeCheckingPtrOutputWithContext added in v4.11.0 

func (o TypeCheckingPtrOutput) ToTypeCheckingPtrOutputWithContext(ctx context.Context) TypeCheckingPtrOutput

type ValidatingAdmissionPolicy added in v4.11.0 

type ValidatingAdmissionPolicy struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringOutput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringOutput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaOutput `pulumi:"metadata"`
	// Specification of the desired behavior of the ValidatingAdmissionPolicy.
	Spec ValidatingAdmissionPolicySpecOutput `pulumi:"spec"`
	// The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.
	Status ValidatingAdmissionPolicyStatusPtrOutput `pulumi:"status"`
}

ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.

func GetValidatingAdmissionPolicy added in v4.11.0 

func GetValidatingAdmissionPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ValidatingAdmissionPolicyState, opts ...pulumi.ResourceOption) (*ValidatingAdmissionPolicy, error)

GetValidatingAdmissionPolicy gets an existing ValidatingAdmissionPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewValidatingAdmissionPolicy added in v4.11.0 

func NewValidatingAdmissionPolicy(ctx *pulumi.Context,
	name string, args *ValidatingAdmissionPolicyArgs, opts ...pulumi.ResourceOption) (*ValidatingAdmissionPolicy, error)

NewValidatingAdmissionPolicy registers a new resource with the given unique name, arguments, and options.

func (*ValidatingAdmissionPolicy) ElementType added in v4.11.0 

func (*ValidatingAdmissionPolicy) ElementType() reflect.Type

func (*ValidatingAdmissionPolicy) ToValidatingAdmissionPolicyOutput added in v4.11.0 

func (i *ValidatingAdmissionPolicy) ToValidatingAdmissionPolicyOutput() ValidatingAdmissionPolicyOutput

func (*ValidatingAdmissionPolicy) ToValidatingAdmissionPolicyOutputWithContext added in v4.11.0 

func (i *ValidatingAdmissionPolicy) ToValidatingAdmissionPolicyOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyOutput

type ValidatingAdmissionPolicyArgs added in v4.11.0 

type ValidatingAdmissionPolicyArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPtrInput
	// Specification of the desired behavior of the ValidatingAdmissionPolicy.
	Spec ValidatingAdmissionPolicySpecPtrInput
}

The set of arguments for constructing a ValidatingAdmissionPolicy resource.

func (ValidatingAdmissionPolicyArgs) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyArgs) ElementType() reflect.Type

type ValidatingAdmissionPolicyArray added in v4.11.0 

type ValidatingAdmissionPolicyArray []ValidatingAdmissionPolicyInput

func (ValidatingAdmissionPolicyArray) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyArray) ElementType() reflect.Type

func (ValidatingAdmissionPolicyArray) ToValidatingAdmissionPolicyArrayOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyArray) ToValidatingAdmissionPolicyArrayOutput() ValidatingAdmissionPolicyArrayOutput

func (ValidatingAdmissionPolicyArray) ToValidatingAdmissionPolicyArrayOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyArray) ToValidatingAdmissionPolicyArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyArrayOutput

type ValidatingAdmissionPolicyArrayInput added in v4.11.0 

type ValidatingAdmissionPolicyArrayInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyArrayOutput() ValidatingAdmissionPolicyArrayOutput
	ToValidatingAdmissionPolicyArrayOutputWithContext(context.Context) ValidatingAdmissionPolicyArrayOutput
}

ValidatingAdmissionPolicyArrayInput is an input type that accepts ValidatingAdmissionPolicyArray and ValidatingAdmissionPolicyArrayOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyArrayInput` via: 

ValidatingAdmissionPolicyArray{ ValidatingAdmissionPolicyArgs{...} }

type ValidatingAdmissionPolicyArrayOutput added in v4.11.0 

type ValidatingAdmissionPolicyArrayOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyArrayOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyArrayOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyArrayOutput) Index added in v4.11.0 

func (o ValidatingAdmissionPolicyArrayOutput) Index(i pulumi.IntInput) ValidatingAdmissionPolicyOutput

func (ValidatingAdmissionPolicyArrayOutput) ToValidatingAdmissionPolicyArrayOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyArrayOutput) ToValidatingAdmissionPolicyArrayOutput() ValidatingAdmissionPolicyArrayOutput

func (ValidatingAdmissionPolicyArrayOutput) ToValidatingAdmissionPolicyArrayOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyArrayOutput) ToValidatingAdmissionPolicyArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyArrayOutput

type ValidatingAdmissionPolicyBinding added in v4.11.0 

type ValidatingAdmissionPolicyBinding struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringOutput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringOutput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaOutput `pulumi:"metadata"`
	// Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.
	Spec ValidatingAdmissionPolicyBindingSpecOutput `pulumi:"spec"`
}

ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.

For a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.

The CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.

func GetValidatingAdmissionPolicyBinding added in v4.11.0 

func GetValidatingAdmissionPolicyBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ValidatingAdmissionPolicyBindingState, opts ...pulumi.ResourceOption) (*ValidatingAdmissionPolicyBinding, error)

GetValidatingAdmissionPolicyBinding gets an existing ValidatingAdmissionPolicyBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewValidatingAdmissionPolicyBinding added in v4.11.0 

func NewValidatingAdmissionPolicyBinding(ctx *pulumi.Context,
	name string, args *ValidatingAdmissionPolicyBindingArgs, opts ...pulumi.ResourceOption) (*ValidatingAdmissionPolicyBinding, error)

NewValidatingAdmissionPolicyBinding registers a new resource with the given unique name, arguments, and options.

func (*ValidatingAdmissionPolicyBinding) ElementType added in v4.11.0 

func (*ValidatingAdmissionPolicyBinding) ElementType() reflect.Type

func (*ValidatingAdmissionPolicyBinding) ToValidatingAdmissionPolicyBindingOutput added in v4.11.0 

func (i *ValidatingAdmissionPolicyBinding) ToValidatingAdmissionPolicyBindingOutput() ValidatingAdmissionPolicyBindingOutput

func (*ValidatingAdmissionPolicyBinding) ToValidatingAdmissionPolicyBindingOutputWithContext added in v4.11.0 

func (i *ValidatingAdmissionPolicyBinding) ToValidatingAdmissionPolicyBindingOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingOutput

type ValidatingAdmissionPolicyBindingArgs added in v4.11.0 

type ValidatingAdmissionPolicyBindingArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPtrInput
	// Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.
	Spec ValidatingAdmissionPolicyBindingSpecPtrInput
}

The set of arguments for constructing a ValidatingAdmissionPolicyBinding resource.

func (ValidatingAdmissionPolicyBindingArgs) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingArgs) ElementType() reflect.Type

type ValidatingAdmissionPolicyBindingArray added in v4.11.0 

type ValidatingAdmissionPolicyBindingArray []ValidatingAdmissionPolicyBindingInput

func (ValidatingAdmissionPolicyBindingArray) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingArray) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingArray) ToValidatingAdmissionPolicyBindingArrayOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingArray) ToValidatingAdmissionPolicyBindingArrayOutput() ValidatingAdmissionPolicyBindingArrayOutput

func (ValidatingAdmissionPolicyBindingArray) ToValidatingAdmissionPolicyBindingArrayOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingArray) ToValidatingAdmissionPolicyBindingArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingArrayOutput

type ValidatingAdmissionPolicyBindingArrayInput added in v4.11.0 

type ValidatingAdmissionPolicyBindingArrayInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingArrayOutput() ValidatingAdmissionPolicyBindingArrayOutput
	ToValidatingAdmissionPolicyBindingArrayOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingArrayOutput
}

ValidatingAdmissionPolicyBindingArrayInput is an input type that accepts ValidatingAdmissionPolicyBindingArray and ValidatingAdmissionPolicyBindingArrayOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingArrayInput` via: 

ValidatingAdmissionPolicyBindingArray{ ValidatingAdmissionPolicyBindingArgs{...} }

type ValidatingAdmissionPolicyBindingArrayOutput added in v4.11.0 

type ValidatingAdmissionPolicyBindingArrayOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyBindingArrayOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingArrayOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingArrayOutput) Index added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingArrayOutput) Index(i pulumi.IntInput) ValidatingAdmissionPolicyBindingOutput

func (ValidatingAdmissionPolicyBindingArrayOutput) ToValidatingAdmissionPolicyBindingArrayOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingArrayOutput) ToValidatingAdmissionPolicyBindingArrayOutput() ValidatingAdmissionPolicyBindingArrayOutput

func (ValidatingAdmissionPolicyBindingArrayOutput) ToValidatingAdmissionPolicyBindingArrayOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingArrayOutput) ToValidatingAdmissionPolicyBindingArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingArrayOutput

type ValidatingAdmissionPolicyBindingInput added in v4.11.0 

type ValidatingAdmissionPolicyBindingInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingOutput() ValidatingAdmissionPolicyBindingOutput
	ToValidatingAdmissionPolicyBindingOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingOutput
}

type ValidatingAdmissionPolicyBindingList added in v4.11.0 

type ValidatingAdmissionPolicyBindingList struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringOutput `pulumi:"apiVersion"`
	// List of PolicyBinding.
	Items ValidatingAdmissionPolicyBindingTypeArrayOutput `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringOutput `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaOutput `pulumi:"metadata"`
}

ValidatingAdmissionPolicyBindingList is a list of ValidatingAdmissionPolicyBinding.

func GetValidatingAdmissionPolicyBindingList added in v4.11.0 

func GetValidatingAdmissionPolicyBindingList(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ValidatingAdmissionPolicyBindingListState, opts ...pulumi.ResourceOption) (*ValidatingAdmissionPolicyBindingList, error)

GetValidatingAdmissionPolicyBindingList gets an existing ValidatingAdmissionPolicyBindingList resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewValidatingAdmissionPolicyBindingList added in v4.11.0 

func NewValidatingAdmissionPolicyBindingList(ctx *pulumi.Context,
	name string, args *ValidatingAdmissionPolicyBindingListArgs, opts ...pulumi.ResourceOption) (*ValidatingAdmissionPolicyBindingList, error)

NewValidatingAdmissionPolicyBindingList registers a new resource with the given unique name, arguments, and options.

func (*ValidatingAdmissionPolicyBindingList) ElementType added in v4.11.0 

func (*ValidatingAdmissionPolicyBindingList) ElementType() reflect.Type

func (*ValidatingAdmissionPolicyBindingList) ToValidatingAdmissionPolicyBindingListOutput added in v4.11.0 

func (i *ValidatingAdmissionPolicyBindingList) ToValidatingAdmissionPolicyBindingListOutput() ValidatingAdmissionPolicyBindingListOutput

func (*ValidatingAdmissionPolicyBindingList) ToValidatingAdmissionPolicyBindingListOutputWithContext added in v4.11.0 

func (i *ValidatingAdmissionPolicyBindingList) ToValidatingAdmissionPolicyBindingListOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingListOutput

type ValidatingAdmissionPolicyBindingListArgs added in v4.11.0 

type ValidatingAdmissionPolicyBindingListArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// List of PolicyBinding.
	Items ValidatingAdmissionPolicyBindingTypeArrayInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaPtrInput
}

The set of arguments for constructing a ValidatingAdmissionPolicyBindingList resource.

func (ValidatingAdmissionPolicyBindingListArgs) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingListArgs) ElementType() reflect.Type

type ValidatingAdmissionPolicyBindingListArray added in v4.11.0 

type ValidatingAdmissionPolicyBindingListArray []ValidatingAdmissionPolicyBindingListInput

func (ValidatingAdmissionPolicyBindingListArray) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingListArray) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingListArray) ToValidatingAdmissionPolicyBindingListArrayOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingListArray) ToValidatingAdmissionPolicyBindingListArrayOutput() ValidatingAdmissionPolicyBindingListArrayOutput

func (ValidatingAdmissionPolicyBindingListArray) ToValidatingAdmissionPolicyBindingListArrayOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingListArray) ToValidatingAdmissionPolicyBindingListArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingListArrayOutput

type ValidatingAdmissionPolicyBindingListArrayInput added in v4.11.0 

type ValidatingAdmissionPolicyBindingListArrayInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingListArrayOutput() ValidatingAdmissionPolicyBindingListArrayOutput
	ToValidatingAdmissionPolicyBindingListArrayOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingListArrayOutput
}

ValidatingAdmissionPolicyBindingListArrayInput is an input type that accepts ValidatingAdmissionPolicyBindingListArray and ValidatingAdmissionPolicyBindingListArrayOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingListArrayInput` via: 

ValidatingAdmissionPolicyBindingListArray{ ValidatingAdmissionPolicyBindingListArgs{...} }

type ValidatingAdmissionPolicyBindingListArrayOutput added in v4.11.0 

type ValidatingAdmissionPolicyBindingListArrayOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyBindingListArrayOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingListArrayOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingListArrayOutput) Index added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingListArrayOutput) Index(i pulumi.IntInput) ValidatingAdmissionPolicyBindingListOutput

func (ValidatingAdmissionPolicyBindingListArrayOutput) ToValidatingAdmissionPolicyBindingListArrayOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingListArrayOutput) ToValidatingAdmissionPolicyBindingListArrayOutput() ValidatingAdmissionPolicyBindingListArrayOutput

func (ValidatingAdmissionPolicyBindingListArrayOutput) ToValidatingAdmissionPolicyBindingListArrayOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingListArrayOutput) ToValidatingAdmissionPolicyBindingListArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingListArrayOutput

type ValidatingAdmissionPolicyBindingListInput added in v4.11.0 

type ValidatingAdmissionPolicyBindingListInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingListOutput() ValidatingAdmissionPolicyBindingListOutput
	ToValidatingAdmissionPolicyBindingListOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingListOutput
}

type ValidatingAdmissionPolicyBindingListMap added in v4.11.0 

type ValidatingAdmissionPolicyBindingListMap map[string]ValidatingAdmissionPolicyBindingListInput

func (ValidatingAdmissionPolicyBindingListMap) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingListMap) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingListMap) ToValidatingAdmissionPolicyBindingListMapOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingListMap) ToValidatingAdmissionPolicyBindingListMapOutput() ValidatingAdmissionPolicyBindingListMapOutput

func (ValidatingAdmissionPolicyBindingListMap) ToValidatingAdmissionPolicyBindingListMapOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingListMap) ToValidatingAdmissionPolicyBindingListMapOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingListMapOutput

type ValidatingAdmissionPolicyBindingListMapInput added in v4.11.0 

type ValidatingAdmissionPolicyBindingListMapInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingListMapOutput() ValidatingAdmissionPolicyBindingListMapOutput
	ToValidatingAdmissionPolicyBindingListMapOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingListMapOutput
}

ValidatingAdmissionPolicyBindingListMapInput is an input type that accepts ValidatingAdmissionPolicyBindingListMap and ValidatingAdmissionPolicyBindingListMapOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingListMapInput` via: 

ValidatingAdmissionPolicyBindingListMap{ "key": ValidatingAdmissionPolicyBindingListArgs{...} }

type ValidatingAdmissionPolicyBindingListMapOutput added in v4.11.0 

type ValidatingAdmissionPolicyBindingListMapOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyBindingListMapOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingListMapOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingListMapOutput) MapIndex added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingListMapOutput) MapIndex(k pulumi.StringInput) ValidatingAdmissionPolicyBindingListOutput

func (ValidatingAdmissionPolicyBindingListMapOutput) ToValidatingAdmissionPolicyBindingListMapOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingListMapOutput) ToValidatingAdmissionPolicyBindingListMapOutput() ValidatingAdmissionPolicyBindingListMapOutput

func (ValidatingAdmissionPolicyBindingListMapOutput) ToValidatingAdmissionPolicyBindingListMapOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingListMapOutput) ToValidatingAdmissionPolicyBindingListMapOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingListMapOutput

type ValidatingAdmissionPolicyBindingListOutput added in v4.11.0 

type ValidatingAdmissionPolicyBindingListOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyBindingListOutput) ApiVersion added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingListOutput) ApiVersion() pulumi.StringOutput

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingAdmissionPolicyBindingListOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingListOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingListOutput) Items added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingListOutput) Items() ValidatingAdmissionPolicyBindingTypeArrayOutput

List of PolicyBinding.

func (ValidatingAdmissionPolicyBindingListOutput) Kind added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingListOutput) Kind() pulumi.StringOutput

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyBindingListOutput) Metadata added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingListOutput) Metadata() metav1.ListMetaOutput

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyBindingListOutput) ToValidatingAdmissionPolicyBindingListOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingListOutput) ToValidatingAdmissionPolicyBindingListOutput() ValidatingAdmissionPolicyBindingListOutput

func (ValidatingAdmissionPolicyBindingListOutput) ToValidatingAdmissionPolicyBindingListOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingListOutput) ToValidatingAdmissionPolicyBindingListOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingListOutput

type ValidatingAdmissionPolicyBindingListState added in v4.11.0 

type ValidatingAdmissionPolicyBindingListState struct {
}

func (ValidatingAdmissionPolicyBindingListState) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingListState) ElementType() reflect.Type

type ValidatingAdmissionPolicyBindingListType added in v4.11.0 

type ValidatingAdmissionPolicyBindingListType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// List of PolicyBinding.
	Items []ValidatingAdmissionPolicyBindingType `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata *metav1.ListMeta `pulumi:"metadata"`
}

ValidatingAdmissionPolicyBindingList is a list of ValidatingAdmissionPolicyBinding.

type ValidatingAdmissionPolicyBindingListTypeArgs added in v4.11.0 

type ValidatingAdmissionPolicyBindingListTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// List of PolicyBinding.
	Items ValidatingAdmissionPolicyBindingTypeArrayInput `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaPtrInput `pulumi:"metadata"`
}

ValidatingAdmissionPolicyBindingList is a list of ValidatingAdmissionPolicyBinding.

func (ValidatingAdmissionPolicyBindingListTypeArgs) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingListTypeArgs) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingListTypeArgs) ToValidatingAdmissionPolicyBindingListTypeOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingListTypeArgs) ToValidatingAdmissionPolicyBindingListTypeOutput() ValidatingAdmissionPolicyBindingListTypeOutput

func (ValidatingAdmissionPolicyBindingListTypeArgs) ToValidatingAdmissionPolicyBindingListTypeOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingListTypeArgs) ToValidatingAdmissionPolicyBindingListTypeOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingListTypeOutput

type ValidatingAdmissionPolicyBindingListTypeInput added in v4.11.0 

type ValidatingAdmissionPolicyBindingListTypeInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingListTypeOutput() ValidatingAdmissionPolicyBindingListTypeOutput
	ToValidatingAdmissionPolicyBindingListTypeOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingListTypeOutput
}

ValidatingAdmissionPolicyBindingListTypeInput is an input type that accepts ValidatingAdmissionPolicyBindingListTypeArgs and ValidatingAdmissionPolicyBindingListTypeOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingListTypeInput` via: 

ValidatingAdmissionPolicyBindingListTypeArgs{...}

type ValidatingAdmissionPolicyBindingListTypeOutput added in v4.11.0 

type ValidatingAdmissionPolicyBindingListTypeOutput struct{ *pulumi.OutputState }

ValidatingAdmissionPolicyBindingList is a list of ValidatingAdmissionPolicyBinding.

func (ValidatingAdmissionPolicyBindingListTypeOutput) ApiVersion added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingListTypeOutput) ApiVersion() pulumi.StringPtrOutput

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingAdmissionPolicyBindingListTypeOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingListTypeOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingListTypeOutput) Items added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingListTypeOutput) Items() ValidatingAdmissionPolicyBindingTypeArrayOutput

List of PolicyBinding.

func (ValidatingAdmissionPolicyBindingListTypeOutput) Kind added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingListTypeOutput) Kind() pulumi.StringPtrOutput

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyBindingListTypeOutput) Metadata added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingListTypeOutput) Metadata() metav1.ListMetaPtrOutput

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyBindingListTypeOutput) ToValidatingAdmissionPolicyBindingListTypeOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingListTypeOutput) ToValidatingAdmissionPolicyBindingListTypeOutput() ValidatingAdmissionPolicyBindingListTypeOutput

func (ValidatingAdmissionPolicyBindingListTypeOutput) ToValidatingAdmissionPolicyBindingListTypeOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingListTypeOutput) ToValidatingAdmissionPolicyBindingListTypeOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingListTypeOutput

type ValidatingAdmissionPolicyBindingMap added in v4.11.0 

type ValidatingAdmissionPolicyBindingMap map[string]ValidatingAdmissionPolicyBindingInput

func (ValidatingAdmissionPolicyBindingMap) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingMap) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingMap) ToValidatingAdmissionPolicyBindingMapOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingMap) ToValidatingAdmissionPolicyBindingMapOutput() ValidatingAdmissionPolicyBindingMapOutput

func (ValidatingAdmissionPolicyBindingMap) ToValidatingAdmissionPolicyBindingMapOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingMap) ToValidatingAdmissionPolicyBindingMapOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingMapOutput

type ValidatingAdmissionPolicyBindingMapInput added in v4.11.0 

type ValidatingAdmissionPolicyBindingMapInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingMapOutput() ValidatingAdmissionPolicyBindingMapOutput
	ToValidatingAdmissionPolicyBindingMapOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingMapOutput
}

ValidatingAdmissionPolicyBindingMapInput is an input type that accepts ValidatingAdmissionPolicyBindingMap and ValidatingAdmissionPolicyBindingMapOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingMapInput` via: 

ValidatingAdmissionPolicyBindingMap{ "key": ValidatingAdmissionPolicyBindingArgs{...} }

type ValidatingAdmissionPolicyBindingMapOutput added in v4.11.0 

type ValidatingAdmissionPolicyBindingMapOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyBindingMapOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingMapOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingMapOutput) MapIndex added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingMapOutput) MapIndex(k pulumi.StringInput) ValidatingAdmissionPolicyBindingOutput

func (ValidatingAdmissionPolicyBindingMapOutput) ToValidatingAdmissionPolicyBindingMapOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingMapOutput) ToValidatingAdmissionPolicyBindingMapOutput() ValidatingAdmissionPolicyBindingMapOutput

func (ValidatingAdmissionPolicyBindingMapOutput) ToValidatingAdmissionPolicyBindingMapOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingMapOutput) ToValidatingAdmissionPolicyBindingMapOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingMapOutput

type ValidatingAdmissionPolicyBindingOutput added in v4.11.0 

type ValidatingAdmissionPolicyBindingOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyBindingOutput) ApiVersion added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingOutput) ApiVersion() pulumi.StringOutput

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingAdmissionPolicyBindingOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingOutput) Kind added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingOutput) Kind() pulumi.StringOutput

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyBindingOutput) Metadata added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingOutput) Metadata() metav1.ObjectMetaOutput

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (ValidatingAdmissionPolicyBindingOutput) Spec added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingOutput) Spec() ValidatingAdmissionPolicyBindingSpecOutput

Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.

func (ValidatingAdmissionPolicyBindingOutput) ToValidatingAdmissionPolicyBindingOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingOutput) ToValidatingAdmissionPolicyBindingOutput() ValidatingAdmissionPolicyBindingOutput

func (ValidatingAdmissionPolicyBindingOutput) ToValidatingAdmissionPolicyBindingOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingOutput) ToValidatingAdmissionPolicyBindingOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingOutput

type ValidatingAdmissionPolicyBindingPatch added in v4.11.0 

type ValidatingAdmissionPolicyBindingPatch struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrOutput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrOutput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrOutput `pulumi:"metadata"`
	// Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.
	Spec ValidatingAdmissionPolicyBindingSpecPatchPtrOutput `pulumi:"spec"`
}

Patch resources are used to modify existing Kubernetes resources by using Server-Side Apply updates. The name of the resource must be specified, but all other properties are optional. More than one patch may be applied to the same resource, and a random FieldManager name will be used for each Patch resource. Conflicts will result in an error by default, but can be forced using the "pulumi.com/patchForce" annotation. See the [Server-Side Apply Docs](https://www.pulumi.com/registry/packages/kubernetes/how-to-guides/managing-resources-with-server-side-apply/) for additional information about using Server-Side Apply to manage Kubernetes resources with Pulumi. ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.

For a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.

The CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.

func GetValidatingAdmissionPolicyBindingPatch added in v4.11.0 

func GetValidatingAdmissionPolicyBindingPatch(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ValidatingAdmissionPolicyBindingPatchState, opts ...pulumi.ResourceOption) (*ValidatingAdmissionPolicyBindingPatch, error)

GetValidatingAdmissionPolicyBindingPatch gets an existing ValidatingAdmissionPolicyBindingPatch resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewValidatingAdmissionPolicyBindingPatch added in v4.11.0 

func NewValidatingAdmissionPolicyBindingPatch(ctx *pulumi.Context,
	name string, args *ValidatingAdmissionPolicyBindingPatchArgs, opts ...pulumi.ResourceOption) (*ValidatingAdmissionPolicyBindingPatch, error)

NewValidatingAdmissionPolicyBindingPatch registers a new resource with the given unique name, arguments, and options.

func (*ValidatingAdmissionPolicyBindingPatch) ElementType added in v4.11.0 

func (*ValidatingAdmissionPolicyBindingPatch) ElementType() reflect.Type

func (*ValidatingAdmissionPolicyBindingPatch) ToValidatingAdmissionPolicyBindingPatchOutput added in v4.11.0 

func (i *ValidatingAdmissionPolicyBindingPatch) ToValidatingAdmissionPolicyBindingPatchOutput() ValidatingAdmissionPolicyBindingPatchOutput

func (*ValidatingAdmissionPolicyBindingPatch) ToValidatingAdmissionPolicyBindingPatchOutputWithContext added in v4.11.0 

func (i *ValidatingAdmissionPolicyBindingPatch) ToValidatingAdmissionPolicyBindingPatchOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingPatchOutput

type ValidatingAdmissionPolicyBindingPatchArgs added in v4.11.0 

type ValidatingAdmissionPolicyBindingPatchArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrInput
	// Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.
	Spec ValidatingAdmissionPolicyBindingSpecPatchPtrInput
}

The set of arguments for constructing a ValidatingAdmissionPolicyBindingPatch resource.

func (ValidatingAdmissionPolicyBindingPatchArgs) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingPatchArgs) ElementType() reflect.Type

type ValidatingAdmissionPolicyBindingPatchArray added in v4.11.0 

type ValidatingAdmissionPolicyBindingPatchArray []ValidatingAdmissionPolicyBindingPatchInput

func (ValidatingAdmissionPolicyBindingPatchArray) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingPatchArray) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingPatchArray) ToValidatingAdmissionPolicyBindingPatchArrayOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingPatchArray) ToValidatingAdmissionPolicyBindingPatchArrayOutput() ValidatingAdmissionPolicyBindingPatchArrayOutput

func (ValidatingAdmissionPolicyBindingPatchArray) ToValidatingAdmissionPolicyBindingPatchArrayOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingPatchArray) ToValidatingAdmissionPolicyBindingPatchArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingPatchArrayOutput

type ValidatingAdmissionPolicyBindingPatchArrayInput added in v4.11.0 

type ValidatingAdmissionPolicyBindingPatchArrayInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingPatchArrayOutput() ValidatingAdmissionPolicyBindingPatchArrayOutput
	ToValidatingAdmissionPolicyBindingPatchArrayOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingPatchArrayOutput
}

ValidatingAdmissionPolicyBindingPatchArrayInput is an input type that accepts ValidatingAdmissionPolicyBindingPatchArray and ValidatingAdmissionPolicyBindingPatchArrayOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingPatchArrayInput` via: 

ValidatingAdmissionPolicyBindingPatchArray{ ValidatingAdmissionPolicyBindingPatchArgs{...} }

type ValidatingAdmissionPolicyBindingPatchArrayOutput added in v4.11.0 

type ValidatingAdmissionPolicyBindingPatchArrayOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyBindingPatchArrayOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingPatchArrayOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingPatchArrayOutput) Index added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingPatchArrayOutput) Index(i pulumi.IntInput) ValidatingAdmissionPolicyBindingPatchOutput

func (ValidatingAdmissionPolicyBindingPatchArrayOutput) ToValidatingAdmissionPolicyBindingPatchArrayOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingPatchArrayOutput) ToValidatingAdmissionPolicyBindingPatchArrayOutput() ValidatingAdmissionPolicyBindingPatchArrayOutput

func (ValidatingAdmissionPolicyBindingPatchArrayOutput) ToValidatingAdmissionPolicyBindingPatchArrayOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingPatchArrayOutput) ToValidatingAdmissionPolicyBindingPatchArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingPatchArrayOutput

type ValidatingAdmissionPolicyBindingPatchInput added in v4.11.0 

type ValidatingAdmissionPolicyBindingPatchInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingPatchOutput() ValidatingAdmissionPolicyBindingPatchOutput
	ToValidatingAdmissionPolicyBindingPatchOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingPatchOutput
}

type ValidatingAdmissionPolicyBindingPatchMap added in v4.11.0 

type ValidatingAdmissionPolicyBindingPatchMap map[string]ValidatingAdmissionPolicyBindingPatchInput

func (ValidatingAdmissionPolicyBindingPatchMap) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingPatchMap) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingPatchMap) ToValidatingAdmissionPolicyBindingPatchMapOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingPatchMap) ToValidatingAdmissionPolicyBindingPatchMapOutput() ValidatingAdmissionPolicyBindingPatchMapOutput

func (ValidatingAdmissionPolicyBindingPatchMap) ToValidatingAdmissionPolicyBindingPatchMapOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingPatchMap) ToValidatingAdmissionPolicyBindingPatchMapOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingPatchMapOutput

type ValidatingAdmissionPolicyBindingPatchMapInput added in v4.11.0 

type ValidatingAdmissionPolicyBindingPatchMapInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingPatchMapOutput() ValidatingAdmissionPolicyBindingPatchMapOutput
	ToValidatingAdmissionPolicyBindingPatchMapOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingPatchMapOutput
}

ValidatingAdmissionPolicyBindingPatchMapInput is an input type that accepts ValidatingAdmissionPolicyBindingPatchMap and ValidatingAdmissionPolicyBindingPatchMapOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingPatchMapInput` via: 

ValidatingAdmissionPolicyBindingPatchMap{ "key": ValidatingAdmissionPolicyBindingPatchArgs{...} }

type ValidatingAdmissionPolicyBindingPatchMapOutput added in v4.11.0 

type ValidatingAdmissionPolicyBindingPatchMapOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyBindingPatchMapOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingPatchMapOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingPatchMapOutput) MapIndex added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingPatchMapOutput) MapIndex(k pulumi.StringInput) ValidatingAdmissionPolicyBindingPatchOutput

func (ValidatingAdmissionPolicyBindingPatchMapOutput) ToValidatingAdmissionPolicyBindingPatchMapOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingPatchMapOutput) ToValidatingAdmissionPolicyBindingPatchMapOutput() ValidatingAdmissionPolicyBindingPatchMapOutput

func (ValidatingAdmissionPolicyBindingPatchMapOutput) ToValidatingAdmissionPolicyBindingPatchMapOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingPatchMapOutput) ToValidatingAdmissionPolicyBindingPatchMapOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingPatchMapOutput

type ValidatingAdmissionPolicyBindingPatchOutput added in v4.11.0 

type ValidatingAdmissionPolicyBindingPatchOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyBindingPatchOutput) ApiVersion added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingPatchOutput) ApiVersion() pulumi.StringPtrOutput

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingAdmissionPolicyBindingPatchOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingPatchOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingPatchOutput) Kind added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingPatchOutput) Kind() pulumi.StringPtrOutput

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyBindingPatchOutput) Metadata added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingPatchOutput) Metadata() metav1.ObjectMetaPatchPtrOutput

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (ValidatingAdmissionPolicyBindingPatchOutput) Spec added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingPatchOutput) Spec() ValidatingAdmissionPolicyBindingSpecPatchPtrOutput

Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.

func (ValidatingAdmissionPolicyBindingPatchOutput) ToValidatingAdmissionPolicyBindingPatchOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingPatchOutput) ToValidatingAdmissionPolicyBindingPatchOutput() ValidatingAdmissionPolicyBindingPatchOutput

func (ValidatingAdmissionPolicyBindingPatchOutput) ToValidatingAdmissionPolicyBindingPatchOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingPatchOutput) ToValidatingAdmissionPolicyBindingPatchOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingPatchOutput

type ValidatingAdmissionPolicyBindingPatchState added in v4.11.0 

type ValidatingAdmissionPolicyBindingPatchState struct {
}

func (ValidatingAdmissionPolicyBindingPatchState) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingPatchState) ElementType() reflect.Type

type ValidatingAdmissionPolicyBindingPatchType added in v4.11.0 

type ValidatingAdmissionPolicyBindingPatchType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata *metav1.ObjectMetaPatch `pulumi:"metadata"`
	// Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.
	Spec *ValidatingAdmissionPolicyBindingSpecPatch `pulumi:"spec"`
}

ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.

For a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.

The CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.

type ValidatingAdmissionPolicyBindingPatchTypeArgs added in v4.11.0 

type ValidatingAdmissionPolicyBindingPatchTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrInput `pulumi:"metadata"`
	// Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.
	Spec ValidatingAdmissionPolicyBindingSpecPatchPtrInput `pulumi:"spec"`
}

ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.

For a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.

The CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.

func (ValidatingAdmissionPolicyBindingPatchTypeArgs) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingPatchTypeArgs) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingPatchTypeArgs) ToValidatingAdmissionPolicyBindingPatchTypeOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingPatchTypeArgs) ToValidatingAdmissionPolicyBindingPatchTypeOutput() ValidatingAdmissionPolicyBindingPatchTypeOutput

func (ValidatingAdmissionPolicyBindingPatchTypeArgs) ToValidatingAdmissionPolicyBindingPatchTypeOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingPatchTypeArgs) ToValidatingAdmissionPolicyBindingPatchTypeOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingPatchTypeOutput

type ValidatingAdmissionPolicyBindingPatchTypeInput added in v4.11.0 

type ValidatingAdmissionPolicyBindingPatchTypeInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingPatchTypeOutput() ValidatingAdmissionPolicyBindingPatchTypeOutput
	ToValidatingAdmissionPolicyBindingPatchTypeOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingPatchTypeOutput
}

ValidatingAdmissionPolicyBindingPatchTypeInput is an input type that accepts ValidatingAdmissionPolicyBindingPatchTypeArgs and ValidatingAdmissionPolicyBindingPatchTypeOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingPatchTypeInput` via: 

ValidatingAdmissionPolicyBindingPatchTypeArgs{...}

type ValidatingAdmissionPolicyBindingPatchTypeOutput added in v4.11.0 

type ValidatingAdmissionPolicyBindingPatchTypeOutput struct{ *pulumi.OutputState }

ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.

For a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.

The CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.

func (ValidatingAdmissionPolicyBindingPatchTypeOutput) ApiVersion added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingPatchTypeOutput) ApiVersion() pulumi.StringPtrOutput

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingAdmissionPolicyBindingPatchTypeOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingPatchTypeOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingPatchTypeOutput) Kind added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingPatchTypeOutput) Kind() pulumi.StringPtrOutput

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyBindingPatchTypeOutput) Metadata added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingPatchTypeOutput) Metadata() metav1.ObjectMetaPatchPtrOutput

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (ValidatingAdmissionPolicyBindingPatchTypeOutput) Spec added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingPatchTypeOutput) Spec() ValidatingAdmissionPolicyBindingSpecPatchPtrOutput

Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.

func (ValidatingAdmissionPolicyBindingPatchTypeOutput) ToValidatingAdmissionPolicyBindingPatchTypeOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingPatchTypeOutput) ToValidatingAdmissionPolicyBindingPatchTypeOutput() ValidatingAdmissionPolicyBindingPatchTypeOutput

func (ValidatingAdmissionPolicyBindingPatchTypeOutput) ToValidatingAdmissionPolicyBindingPatchTypeOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingPatchTypeOutput) ToValidatingAdmissionPolicyBindingPatchTypeOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingPatchTypeOutput

type ValidatingAdmissionPolicyBindingSpec added in v4.11.0 

type ValidatingAdmissionPolicyBindingSpec struct {
	// MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.
	MatchResources *MatchResources `pulumi:"matchResources"`
	// paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.
	ParamRef *ParamRef `pulumi:"paramRef"`
	// PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.
	PolicyName *string `pulumi:"policyName"`
	// validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.
	//
	// Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.
	//
	// validationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.
	//
	// The supported actions values are:
	//
	// "Deny" specifies that a validation failure results in a denied request.
	//
	// "Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.
	//
	// "Audit" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{"message": "Invalid value", {"policy": "policy.example.com", {"binding": "policybinding.example.com", {"expressionIndex": "1", {"validationActions": ["Audit"]}]"`
	//
	// Clients should expect to handle additional values by ignoring any values not recognized.
	//
	// "Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.
	//
	// Required.
	ValidationActions []string `pulumi:"validationActions"`
}

ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.

type ValidatingAdmissionPolicyBindingSpecArgs added in v4.11.0 

type ValidatingAdmissionPolicyBindingSpecArgs struct {
	// MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.
	MatchResources MatchResourcesPtrInput `pulumi:"matchResources"`
	// paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.
	ParamRef ParamRefPtrInput `pulumi:"paramRef"`
	// PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.
	PolicyName pulumi.StringPtrInput `pulumi:"policyName"`
	// validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.
	//
	// Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.
	//
	// validationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.
	//
	// The supported actions values are:
	//
	// "Deny" specifies that a validation failure results in a denied request.
	//
	// "Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.
	//
	// "Audit" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{"message": "Invalid value", {"policy": "policy.example.com", {"binding": "policybinding.example.com", {"expressionIndex": "1", {"validationActions": ["Audit"]}]"`
	//
	// Clients should expect to handle additional values by ignoring any values not recognized.
	//
	// "Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.
	//
	// Required.
	ValidationActions pulumi.StringArrayInput `pulumi:"validationActions"`
}

ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.

func (ValidatingAdmissionPolicyBindingSpecArgs) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingSpecArgs) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingSpecArgs) ToValidatingAdmissionPolicyBindingSpecOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingSpecArgs) ToValidatingAdmissionPolicyBindingSpecOutput() ValidatingAdmissionPolicyBindingSpecOutput

func (ValidatingAdmissionPolicyBindingSpecArgs) ToValidatingAdmissionPolicyBindingSpecOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingSpecArgs) ToValidatingAdmissionPolicyBindingSpecOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingSpecOutput

func (ValidatingAdmissionPolicyBindingSpecArgs) ToValidatingAdmissionPolicyBindingSpecPtrOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingSpecArgs) ToValidatingAdmissionPolicyBindingSpecPtrOutput() ValidatingAdmissionPolicyBindingSpecPtrOutput

func (ValidatingAdmissionPolicyBindingSpecArgs) ToValidatingAdmissionPolicyBindingSpecPtrOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingSpecArgs) ToValidatingAdmissionPolicyBindingSpecPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingSpecPtrOutput

type ValidatingAdmissionPolicyBindingSpecInput added in v4.11.0 

type ValidatingAdmissionPolicyBindingSpecInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingSpecOutput() ValidatingAdmissionPolicyBindingSpecOutput
	ToValidatingAdmissionPolicyBindingSpecOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingSpecOutput
}

ValidatingAdmissionPolicyBindingSpecInput is an input type that accepts ValidatingAdmissionPolicyBindingSpecArgs and ValidatingAdmissionPolicyBindingSpecOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingSpecInput` via: 

ValidatingAdmissionPolicyBindingSpecArgs{...}

type ValidatingAdmissionPolicyBindingSpecOutput added in v4.11.0 

type ValidatingAdmissionPolicyBindingSpecOutput struct{ *pulumi.OutputState }

ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.

func (ValidatingAdmissionPolicyBindingSpecOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingSpecOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingSpecOutput) MatchResources added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecOutput) MatchResources() MatchResourcesPtrOutput

MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.

func (ValidatingAdmissionPolicyBindingSpecOutput) ParamRef added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecOutput) ParamRef() ParamRefPtrOutput

paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.

func (ValidatingAdmissionPolicyBindingSpecOutput) PolicyName added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecOutput) PolicyName() pulumi.StringPtrOutput

PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.

func (ValidatingAdmissionPolicyBindingSpecOutput) ToValidatingAdmissionPolicyBindingSpecOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecOutput) ToValidatingAdmissionPolicyBindingSpecOutput() ValidatingAdmissionPolicyBindingSpecOutput

func (ValidatingAdmissionPolicyBindingSpecOutput) ToValidatingAdmissionPolicyBindingSpecOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecOutput) ToValidatingAdmissionPolicyBindingSpecOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingSpecOutput

func (ValidatingAdmissionPolicyBindingSpecOutput) ToValidatingAdmissionPolicyBindingSpecPtrOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecOutput) ToValidatingAdmissionPolicyBindingSpecPtrOutput() ValidatingAdmissionPolicyBindingSpecPtrOutput

func (ValidatingAdmissionPolicyBindingSpecOutput) ToValidatingAdmissionPolicyBindingSpecPtrOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecOutput) ToValidatingAdmissionPolicyBindingSpecPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingSpecPtrOutput

func (ValidatingAdmissionPolicyBindingSpecOutput) ValidationActions added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecOutput) ValidationActions() pulumi.StringArrayOutput

validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.

Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.

validationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.

The supported actions values are:

"Deny" specifies that a validation failure results in a denied request.

"Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.

"Audit" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{"message": "Invalid value", {"policy": "policy.example.com", {"binding": "policybinding.example.com", {"expressionIndex": "1", {"validationActions": ["Audit"]}]"`

Clients should expect to handle additional values by ignoring any values not recognized.

"Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.

Required.

type ValidatingAdmissionPolicyBindingSpecPatch added in v4.11.0 

type ValidatingAdmissionPolicyBindingSpecPatch struct {
	// MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.
	MatchResources *MatchResourcesPatch `pulumi:"matchResources"`
	// paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.
	ParamRef *ParamRefPatch `pulumi:"paramRef"`
	// PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.
	PolicyName *string `pulumi:"policyName"`
	// validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.
	//
	// Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.
	//
	// validationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.
	//
	// The supported actions values are:
	//
	// "Deny" specifies that a validation failure results in a denied request.
	//
	// "Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.
	//
	// "Audit" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{"message": "Invalid value", {"policy": "policy.example.com", {"binding": "policybinding.example.com", {"expressionIndex": "1", {"validationActions": ["Audit"]}]"`
	//
	// Clients should expect to handle additional values by ignoring any values not recognized.
	//
	// "Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.
	//
	// Required.
	ValidationActions []string `pulumi:"validationActions"`
}

ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.

type ValidatingAdmissionPolicyBindingSpecPatchArgs added in v4.11.0 

type ValidatingAdmissionPolicyBindingSpecPatchArgs struct {
	// MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.
	MatchResources MatchResourcesPatchPtrInput `pulumi:"matchResources"`
	// paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.
	ParamRef ParamRefPatchPtrInput `pulumi:"paramRef"`
	// PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.
	PolicyName pulumi.StringPtrInput `pulumi:"policyName"`
	// validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.
	//
	// Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.
	//
	// validationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.
	//
	// The supported actions values are:
	//
	// "Deny" specifies that a validation failure results in a denied request.
	//
	// "Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.
	//
	// "Audit" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{"message": "Invalid value", {"policy": "policy.example.com", {"binding": "policybinding.example.com", {"expressionIndex": "1", {"validationActions": ["Audit"]}]"`
	//
	// Clients should expect to handle additional values by ignoring any values not recognized.
	//
	// "Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.
	//
	// Required.
	ValidationActions pulumi.StringArrayInput `pulumi:"validationActions"`
}

ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.

func (ValidatingAdmissionPolicyBindingSpecPatchArgs) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingSpecPatchArgs) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingSpecPatchArgs) ToValidatingAdmissionPolicyBindingSpecPatchOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingSpecPatchArgs) ToValidatingAdmissionPolicyBindingSpecPatchOutput() ValidatingAdmissionPolicyBindingSpecPatchOutput

func (ValidatingAdmissionPolicyBindingSpecPatchArgs) ToValidatingAdmissionPolicyBindingSpecPatchOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingSpecPatchArgs) ToValidatingAdmissionPolicyBindingSpecPatchOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingSpecPatchOutput

func (ValidatingAdmissionPolicyBindingSpecPatchArgs) ToValidatingAdmissionPolicyBindingSpecPatchPtrOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingSpecPatchArgs) ToValidatingAdmissionPolicyBindingSpecPatchPtrOutput() ValidatingAdmissionPolicyBindingSpecPatchPtrOutput

func (ValidatingAdmissionPolicyBindingSpecPatchArgs) ToValidatingAdmissionPolicyBindingSpecPatchPtrOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingSpecPatchArgs) ToValidatingAdmissionPolicyBindingSpecPatchPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingSpecPatchPtrOutput

type ValidatingAdmissionPolicyBindingSpecPatchInput added in v4.11.0 

type ValidatingAdmissionPolicyBindingSpecPatchInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingSpecPatchOutput() ValidatingAdmissionPolicyBindingSpecPatchOutput
	ToValidatingAdmissionPolicyBindingSpecPatchOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingSpecPatchOutput
}

ValidatingAdmissionPolicyBindingSpecPatchInput is an input type that accepts ValidatingAdmissionPolicyBindingSpecPatchArgs and ValidatingAdmissionPolicyBindingSpecPatchOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingSpecPatchInput` via: 

ValidatingAdmissionPolicyBindingSpecPatchArgs{...}

type ValidatingAdmissionPolicyBindingSpecPatchOutput added in v4.11.0 

type ValidatingAdmissionPolicyBindingSpecPatchOutput struct{ *pulumi.OutputState }

ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.

func (ValidatingAdmissionPolicyBindingSpecPatchOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingSpecPatchOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingSpecPatchOutput) MatchResources added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecPatchOutput) MatchResources() MatchResourcesPatchPtrOutput

MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.

func (ValidatingAdmissionPolicyBindingSpecPatchOutput) ParamRef added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecPatchOutput) ParamRef() ParamRefPatchPtrOutput

paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.

func (ValidatingAdmissionPolicyBindingSpecPatchOutput) PolicyName added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecPatchOutput) PolicyName() pulumi.StringPtrOutput

PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.

func (ValidatingAdmissionPolicyBindingSpecPatchOutput) ToValidatingAdmissionPolicyBindingSpecPatchOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecPatchOutput) ToValidatingAdmissionPolicyBindingSpecPatchOutput() ValidatingAdmissionPolicyBindingSpecPatchOutput

func (ValidatingAdmissionPolicyBindingSpecPatchOutput) ToValidatingAdmissionPolicyBindingSpecPatchOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecPatchOutput) ToValidatingAdmissionPolicyBindingSpecPatchOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingSpecPatchOutput

func (ValidatingAdmissionPolicyBindingSpecPatchOutput) ToValidatingAdmissionPolicyBindingSpecPatchPtrOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecPatchOutput) ToValidatingAdmissionPolicyBindingSpecPatchPtrOutput() ValidatingAdmissionPolicyBindingSpecPatchPtrOutput

func (ValidatingAdmissionPolicyBindingSpecPatchOutput) ToValidatingAdmissionPolicyBindingSpecPatchPtrOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecPatchOutput) ToValidatingAdmissionPolicyBindingSpecPatchPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingSpecPatchPtrOutput

func (ValidatingAdmissionPolicyBindingSpecPatchOutput) ValidationActions added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecPatchOutput) ValidationActions() pulumi.StringArrayOutput

validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.

Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.

validationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.

The supported actions values are:

"Deny" specifies that a validation failure results in a denied request.

"Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.

"Audit" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{"message": "Invalid value", {"policy": "policy.example.com", {"binding": "policybinding.example.com", {"expressionIndex": "1", {"validationActions": ["Audit"]}]"`

Clients should expect to handle additional values by ignoring any values not recognized.

"Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.

Required.

type ValidatingAdmissionPolicyBindingSpecPatchPtrInput added in v4.11.0 

type ValidatingAdmissionPolicyBindingSpecPatchPtrInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingSpecPatchPtrOutput() ValidatingAdmissionPolicyBindingSpecPatchPtrOutput
	ToValidatingAdmissionPolicyBindingSpecPatchPtrOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingSpecPatchPtrOutput
}

ValidatingAdmissionPolicyBindingSpecPatchPtrInput is an input type that accepts ValidatingAdmissionPolicyBindingSpecPatchArgs, ValidatingAdmissionPolicyBindingSpecPatchPtr and ValidatingAdmissionPolicyBindingSpecPatchPtrOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingSpecPatchPtrInput` via: 

        ValidatingAdmissionPolicyBindingSpecPatchArgs{...}

or:

        nil

func ValidatingAdmissionPolicyBindingSpecPatchPtr added in v4.11.0 

func ValidatingAdmissionPolicyBindingSpecPatchPtr(v *ValidatingAdmissionPolicyBindingSpecPatchArgs) ValidatingAdmissionPolicyBindingSpecPatchPtrInput

type ValidatingAdmissionPolicyBindingSpecPatchPtrOutput added in v4.11.0 

type ValidatingAdmissionPolicyBindingSpecPatchPtrOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) Elem added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) Elem() ValidatingAdmissionPolicyBindingSpecPatchOutput

func (ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) MatchResources added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) MatchResources() MatchResourcesPatchPtrOutput

MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.

func (ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) ParamRef added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) ParamRef() ParamRefPatchPtrOutput

paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.

func (ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) PolicyName added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) PolicyName() pulumi.StringPtrOutput

PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.

func (ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) ToValidatingAdmissionPolicyBindingSpecPatchPtrOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) ToValidatingAdmissionPolicyBindingSpecPatchPtrOutput() ValidatingAdmissionPolicyBindingSpecPatchPtrOutput

func (ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) ToValidatingAdmissionPolicyBindingSpecPatchPtrOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) ToValidatingAdmissionPolicyBindingSpecPatchPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingSpecPatchPtrOutput

func (ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) ValidationActions added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) ValidationActions() pulumi.StringArrayOutput

validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.

Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.

validationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.

The supported actions values are:

"Deny" specifies that a validation failure results in a denied request.

"Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.

"Audit" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{"message": "Invalid value", {"policy": "policy.example.com", {"binding": "policybinding.example.com", {"expressionIndex": "1", {"validationActions": ["Audit"]}]"`

Clients should expect to handle additional values by ignoring any values not recognized.

"Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.

Required.

type ValidatingAdmissionPolicyBindingSpecPtrInput added in v4.11.0 

type ValidatingAdmissionPolicyBindingSpecPtrInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingSpecPtrOutput() ValidatingAdmissionPolicyBindingSpecPtrOutput
	ToValidatingAdmissionPolicyBindingSpecPtrOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingSpecPtrOutput
}

ValidatingAdmissionPolicyBindingSpecPtrInput is an input type that accepts ValidatingAdmissionPolicyBindingSpecArgs, ValidatingAdmissionPolicyBindingSpecPtr and ValidatingAdmissionPolicyBindingSpecPtrOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingSpecPtrInput` via: 

        ValidatingAdmissionPolicyBindingSpecArgs{...}

or:

        nil

func ValidatingAdmissionPolicyBindingSpecPtr added in v4.11.0 

func ValidatingAdmissionPolicyBindingSpecPtr(v *ValidatingAdmissionPolicyBindingSpecArgs) ValidatingAdmissionPolicyBindingSpecPtrInput

type ValidatingAdmissionPolicyBindingSpecPtrOutput added in v4.11.0 

type ValidatingAdmissionPolicyBindingSpecPtrOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyBindingSpecPtrOutput) Elem added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecPtrOutput) Elem() ValidatingAdmissionPolicyBindingSpecOutput

func (ValidatingAdmissionPolicyBindingSpecPtrOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingSpecPtrOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingSpecPtrOutput) MatchResources added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecPtrOutput) MatchResources() MatchResourcesPtrOutput

MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.

func (ValidatingAdmissionPolicyBindingSpecPtrOutput) ParamRef added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecPtrOutput) ParamRef() ParamRefPtrOutput

paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.

func (ValidatingAdmissionPolicyBindingSpecPtrOutput) PolicyName added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecPtrOutput) PolicyName() pulumi.StringPtrOutput

PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.

func (ValidatingAdmissionPolicyBindingSpecPtrOutput) ToValidatingAdmissionPolicyBindingSpecPtrOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecPtrOutput) ToValidatingAdmissionPolicyBindingSpecPtrOutput() ValidatingAdmissionPolicyBindingSpecPtrOutput

func (ValidatingAdmissionPolicyBindingSpecPtrOutput) ToValidatingAdmissionPolicyBindingSpecPtrOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecPtrOutput) ToValidatingAdmissionPolicyBindingSpecPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingSpecPtrOutput

func (ValidatingAdmissionPolicyBindingSpecPtrOutput) ValidationActions added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingSpecPtrOutput) ValidationActions() pulumi.StringArrayOutput

validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.

Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.

validationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.

The supported actions values are:

"Deny" specifies that a validation failure results in a denied request.

"Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.

"Audit" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{"message": "Invalid value", {"policy": "policy.example.com", {"binding": "policybinding.example.com", {"expressionIndex": "1", {"validationActions": ["Audit"]}]"`

Clients should expect to handle additional values by ignoring any values not recognized.

"Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.

Required.

type ValidatingAdmissionPolicyBindingState added in v4.11.0 

type ValidatingAdmissionPolicyBindingState struct {
}

func (ValidatingAdmissionPolicyBindingState) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingState) ElementType() reflect.Type

type ValidatingAdmissionPolicyBindingType added in v4.11.0 

type ValidatingAdmissionPolicyBindingType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata *metav1.ObjectMeta `pulumi:"metadata"`
	// Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.
	Spec *ValidatingAdmissionPolicyBindingSpec `pulumi:"spec"`
}

ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.

For a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.

The CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.

type ValidatingAdmissionPolicyBindingTypeArgs added in v4.11.0 

type ValidatingAdmissionPolicyBindingTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPtrInput `pulumi:"metadata"`
	// Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.
	Spec ValidatingAdmissionPolicyBindingSpecPtrInput `pulumi:"spec"`
}

ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.

For a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.

The CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.

func (ValidatingAdmissionPolicyBindingTypeArgs) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingTypeArgs) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingTypeArgs) ToValidatingAdmissionPolicyBindingTypeOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingTypeArgs) ToValidatingAdmissionPolicyBindingTypeOutput() ValidatingAdmissionPolicyBindingTypeOutput

func (ValidatingAdmissionPolicyBindingTypeArgs) ToValidatingAdmissionPolicyBindingTypeOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingTypeArgs) ToValidatingAdmissionPolicyBindingTypeOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingTypeOutput

type ValidatingAdmissionPolicyBindingTypeArray added in v4.11.0 

type ValidatingAdmissionPolicyBindingTypeArray []ValidatingAdmissionPolicyBindingTypeInput

func (ValidatingAdmissionPolicyBindingTypeArray) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingTypeArray) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingTypeArray) ToValidatingAdmissionPolicyBindingTypeArrayOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingTypeArray) ToValidatingAdmissionPolicyBindingTypeArrayOutput() ValidatingAdmissionPolicyBindingTypeArrayOutput

func (ValidatingAdmissionPolicyBindingTypeArray) ToValidatingAdmissionPolicyBindingTypeArrayOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyBindingTypeArray) ToValidatingAdmissionPolicyBindingTypeArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingTypeArrayOutput

type ValidatingAdmissionPolicyBindingTypeArrayInput added in v4.11.0 

type ValidatingAdmissionPolicyBindingTypeArrayInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingTypeArrayOutput() ValidatingAdmissionPolicyBindingTypeArrayOutput
	ToValidatingAdmissionPolicyBindingTypeArrayOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingTypeArrayOutput
}

ValidatingAdmissionPolicyBindingTypeArrayInput is an input type that accepts ValidatingAdmissionPolicyBindingTypeArray and ValidatingAdmissionPolicyBindingTypeArrayOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingTypeArrayInput` via: 

ValidatingAdmissionPolicyBindingTypeArray{ ValidatingAdmissionPolicyBindingTypeArgs{...} }

type ValidatingAdmissionPolicyBindingTypeArrayOutput added in v4.11.0 

type ValidatingAdmissionPolicyBindingTypeArrayOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyBindingTypeArrayOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingTypeArrayOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingTypeArrayOutput) Index added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingTypeArrayOutput) Index(i pulumi.IntInput) ValidatingAdmissionPolicyBindingTypeOutput

func (ValidatingAdmissionPolicyBindingTypeArrayOutput) ToValidatingAdmissionPolicyBindingTypeArrayOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingTypeArrayOutput) ToValidatingAdmissionPolicyBindingTypeArrayOutput() ValidatingAdmissionPolicyBindingTypeArrayOutput

func (ValidatingAdmissionPolicyBindingTypeArrayOutput) ToValidatingAdmissionPolicyBindingTypeArrayOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingTypeArrayOutput) ToValidatingAdmissionPolicyBindingTypeArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingTypeArrayOutput

type ValidatingAdmissionPolicyBindingTypeInput added in v4.11.0 

type ValidatingAdmissionPolicyBindingTypeInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingTypeOutput() ValidatingAdmissionPolicyBindingTypeOutput
	ToValidatingAdmissionPolicyBindingTypeOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingTypeOutput
}

ValidatingAdmissionPolicyBindingTypeInput is an input type that accepts ValidatingAdmissionPolicyBindingTypeArgs and ValidatingAdmissionPolicyBindingTypeOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingTypeInput` via: 

ValidatingAdmissionPolicyBindingTypeArgs{...}

type ValidatingAdmissionPolicyBindingTypeOutput added in v4.11.0 

type ValidatingAdmissionPolicyBindingTypeOutput struct{ *pulumi.OutputState }

ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.

For a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.

The CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.

func (ValidatingAdmissionPolicyBindingTypeOutput) ApiVersion added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingTypeOutput) ApiVersion() pulumi.StringPtrOutput

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingAdmissionPolicyBindingTypeOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyBindingTypeOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyBindingTypeOutput) Kind added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingTypeOutput) Kind() pulumi.StringPtrOutput

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyBindingTypeOutput) Metadata added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingTypeOutput) Metadata() metav1.ObjectMetaPtrOutput

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (ValidatingAdmissionPolicyBindingTypeOutput) Spec added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingTypeOutput) Spec() ValidatingAdmissionPolicyBindingSpecPtrOutput

Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.

func (ValidatingAdmissionPolicyBindingTypeOutput) ToValidatingAdmissionPolicyBindingTypeOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingTypeOutput) ToValidatingAdmissionPolicyBindingTypeOutput() ValidatingAdmissionPolicyBindingTypeOutput

func (ValidatingAdmissionPolicyBindingTypeOutput) ToValidatingAdmissionPolicyBindingTypeOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyBindingTypeOutput) ToValidatingAdmissionPolicyBindingTypeOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingTypeOutput

type ValidatingAdmissionPolicyInput added in v4.11.0 

type ValidatingAdmissionPolicyInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyOutput() ValidatingAdmissionPolicyOutput
	ToValidatingAdmissionPolicyOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyOutput
}

type ValidatingAdmissionPolicyList added in v4.11.0 

type ValidatingAdmissionPolicyList struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringOutput `pulumi:"apiVersion"`
	// List of ValidatingAdmissionPolicy.
	Items ValidatingAdmissionPolicyTypeArrayOutput `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringOutput `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaOutput `pulumi:"metadata"`
}

ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy.

func GetValidatingAdmissionPolicyList added in v4.11.0 

func GetValidatingAdmissionPolicyList(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ValidatingAdmissionPolicyListState, opts ...pulumi.ResourceOption) (*ValidatingAdmissionPolicyList, error)

GetValidatingAdmissionPolicyList gets an existing ValidatingAdmissionPolicyList resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewValidatingAdmissionPolicyList added in v4.11.0 

func NewValidatingAdmissionPolicyList(ctx *pulumi.Context,
	name string, args *ValidatingAdmissionPolicyListArgs, opts ...pulumi.ResourceOption) (*ValidatingAdmissionPolicyList, error)

NewValidatingAdmissionPolicyList registers a new resource with the given unique name, arguments, and options.

func (*ValidatingAdmissionPolicyList) ElementType added in v4.11.0 

func (*ValidatingAdmissionPolicyList) ElementType() reflect.Type

func (*ValidatingAdmissionPolicyList) ToValidatingAdmissionPolicyListOutput added in v4.11.0 

func (i *ValidatingAdmissionPolicyList) ToValidatingAdmissionPolicyListOutput() ValidatingAdmissionPolicyListOutput

func (*ValidatingAdmissionPolicyList) ToValidatingAdmissionPolicyListOutputWithContext added in v4.11.0 

func (i *ValidatingAdmissionPolicyList) ToValidatingAdmissionPolicyListOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyListOutput

type ValidatingAdmissionPolicyListArgs added in v4.11.0 

type ValidatingAdmissionPolicyListArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// List of ValidatingAdmissionPolicy.
	Items ValidatingAdmissionPolicyTypeArrayInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaPtrInput
}

The set of arguments for constructing a ValidatingAdmissionPolicyList resource.

func (ValidatingAdmissionPolicyListArgs) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyListArgs) ElementType() reflect.Type

type ValidatingAdmissionPolicyListArray added in v4.11.0 

type ValidatingAdmissionPolicyListArray []ValidatingAdmissionPolicyListInput

func (ValidatingAdmissionPolicyListArray) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyListArray) ElementType() reflect.Type

func (ValidatingAdmissionPolicyListArray) ToValidatingAdmissionPolicyListArrayOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyListArray) ToValidatingAdmissionPolicyListArrayOutput() ValidatingAdmissionPolicyListArrayOutput

func (ValidatingAdmissionPolicyListArray) ToValidatingAdmissionPolicyListArrayOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyListArray) ToValidatingAdmissionPolicyListArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyListArrayOutput

type ValidatingAdmissionPolicyListArrayInput added in v4.11.0 

type ValidatingAdmissionPolicyListArrayInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyListArrayOutput() ValidatingAdmissionPolicyListArrayOutput
	ToValidatingAdmissionPolicyListArrayOutputWithContext(context.Context) ValidatingAdmissionPolicyListArrayOutput
}

ValidatingAdmissionPolicyListArrayInput is an input type that accepts ValidatingAdmissionPolicyListArray and ValidatingAdmissionPolicyListArrayOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyListArrayInput` via: 

ValidatingAdmissionPolicyListArray{ ValidatingAdmissionPolicyListArgs{...} }

type ValidatingAdmissionPolicyListArrayOutput added in v4.11.0 

type ValidatingAdmissionPolicyListArrayOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyListArrayOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyListArrayOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyListArrayOutput) Index added in v4.11.0 

func (o ValidatingAdmissionPolicyListArrayOutput) Index(i pulumi.IntInput) ValidatingAdmissionPolicyListOutput

func (ValidatingAdmissionPolicyListArrayOutput) ToValidatingAdmissionPolicyListArrayOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyListArrayOutput) ToValidatingAdmissionPolicyListArrayOutput() ValidatingAdmissionPolicyListArrayOutput

func (ValidatingAdmissionPolicyListArrayOutput) ToValidatingAdmissionPolicyListArrayOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyListArrayOutput) ToValidatingAdmissionPolicyListArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyListArrayOutput

type ValidatingAdmissionPolicyListInput added in v4.11.0 

type ValidatingAdmissionPolicyListInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyListOutput() ValidatingAdmissionPolicyListOutput
	ToValidatingAdmissionPolicyListOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyListOutput
}

type ValidatingAdmissionPolicyListMap added in v4.11.0 

type ValidatingAdmissionPolicyListMap map[string]ValidatingAdmissionPolicyListInput

func (ValidatingAdmissionPolicyListMap) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyListMap) ElementType() reflect.Type

func (ValidatingAdmissionPolicyListMap) ToValidatingAdmissionPolicyListMapOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyListMap) ToValidatingAdmissionPolicyListMapOutput() ValidatingAdmissionPolicyListMapOutput

func (ValidatingAdmissionPolicyListMap) ToValidatingAdmissionPolicyListMapOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyListMap) ToValidatingAdmissionPolicyListMapOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyListMapOutput

type ValidatingAdmissionPolicyListMapInput added in v4.11.0 

type ValidatingAdmissionPolicyListMapInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyListMapOutput() ValidatingAdmissionPolicyListMapOutput
	ToValidatingAdmissionPolicyListMapOutputWithContext(context.Context) ValidatingAdmissionPolicyListMapOutput
}

ValidatingAdmissionPolicyListMapInput is an input type that accepts ValidatingAdmissionPolicyListMap and ValidatingAdmissionPolicyListMapOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyListMapInput` via: 

ValidatingAdmissionPolicyListMap{ "key": ValidatingAdmissionPolicyListArgs{...} }

type ValidatingAdmissionPolicyListMapOutput added in v4.11.0 

type ValidatingAdmissionPolicyListMapOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyListMapOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyListMapOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyListMapOutput) MapIndex added in v4.11.0 

func (o ValidatingAdmissionPolicyListMapOutput) MapIndex(k pulumi.StringInput) ValidatingAdmissionPolicyListOutput

func (ValidatingAdmissionPolicyListMapOutput) ToValidatingAdmissionPolicyListMapOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyListMapOutput) ToValidatingAdmissionPolicyListMapOutput() ValidatingAdmissionPolicyListMapOutput

func (ValidatingAdmissionPolicyListMapOutput) ToValidatingAdmissionPolicyListMapOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyListMapOutput) ToValidatingAdmissionPolicyListMapOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyListMapOutput

type ValidatingAdmissionPolicyListOutput added in v4.11.0 

type ValidatingAdmissionPolicyListOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyListOutput) ApiVersion added in v4.11.0 

func (o ValidatingAdmissionPolicyListOutput) ApiVersion() pulumi.StringOutput

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingAdmissionPolicyListOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyListOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyListOutput) Items added in v4.11.0 

func (o ValidatingAdmissionPolicyListOutput) Items() ValidatingAdmissionPolicyTypeArrayOutput

List of ValidatingAdmissionPolicy.

func (ValidatingAdmissionPolicyListOutput) Kind added in v4.11.0 

func (o ValidatingAdmissionPolicyListOutput) Kind() pulumi.StringOutput

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyListOutput) Metadata added in v4.11.0 

func (o ValidatingAdmissionPolicyListOutput) Metadata() metav1.ListMetaOutput

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyListOutput) ToValidatingAdmissionPolicyListOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyListOutput) ToValidatingAdmissionPolicyListOutput() ValidatingAdmissionPolicyListOutput

func (ValidatingAdmissionPolicyListOutput) ToValidatingAdmissionPolicyListOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyListOutput) ToValidatingAdmissionPolicyListOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyListOutput

type ValidatingAdmissionPolicyListState added in v4.11.0 

type ValidatingAdmissionPolicyListState struct {
}

func (ValidatingAdmissionPolicyListState) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyListState) ElementType() reflect.Type

type ValidatingAdmissionPolicyListType added in v4.11.0 

type ValidatingAdmissionPolicyListType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// List of ValidatingAdmissionPolicy.
	Items []ValidatingAdmissionPolicyType `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata *metav1.ListMeta `pulumi:"metadata"`
}

ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy.

type ValidatingAdmissionPolicyListTypeArgs added in v4.11.0 

type ValidatingAdmissionPolicyListTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// List of ValidatingAdmissionPolicy.
	Items ValidatingAdmissionPolicyTypeArrayInput `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaPtrInput `pulumi:"metadata"`
}

ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy.

func (ValidatingAdmissionPolicyListTypeArgs) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyListTypeArgs) ElementType() reflect.Type

func (ValidatingAdmissionPolicyListTypeArgs) ToValidatingAdmissionPolicyListTypeOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyListTypeArgs) ToValidatingAdmissionPolicyListTypeOutput() ValidatingAdmissionPolicyListTypeOutput

func (ValidatingAdmissionPolicyListTypeArgs) ToValidatingAdmissionPolicyListTypeOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyListTypeArgs) ToValidatingAdmissionPolicyListTypeOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyListTypeOutput

type ValidatingAdmissionPolicyListTypeInput added in v4.11.0 

type ValidatingAdmissionPolicyListTypeInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyListTypeOutput() ValidatingAdmissionPolicyListTypeOutput
	ToValidatingAdmissionPolicyListTypeOutputWithContext(context.Context) ValidatingAdmissionPolicyListTypeOutput
}

ValidatingAdmissionPolicyListTypeInput is an input type that accepts ValidatingAdmissionPolicyListTypeArgs and ValidatingAdmissionPolicyListTypeOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyListTypeInput` via: 

ValidatingAdmissionPolicyListTypeArgs{...}

type ValidatingAdmissionPolicyListTypeOutput added in v4.11.0 

type ValidatingAdmissionPolicyListTypeOutput struct{ *pulumi.OutputState }

ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy.

func (ValidatingAdmissionPolicyListTypeOutput) ApiVersion added in v4.11.0 

func (o ValidatingAdmissionPolicyListTypeOutput) ApiVersion() pulumi.StringPtrOutput

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingAdmissionPolicyListTypeOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyListTypeOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyListTypeOutput) Items added in v4.11.0 

func (o ValidatingAdmissionPolicyListTypeOutput) Items() ValidatingAdmissionPolicyTypeArrayOutput

List of ValidatingAdmissionPolicy.

func (ValidatingAdmissionPolicyListTypeOutput) Kind added in v4.11.0 

func (o ValidatingAdmissionPolicyListTypeOutput) Kind() pulumi.StringPtrOutput

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyListTypeOutput) Metadata added in v4.11.0 

func (o ValidatingAdmissionPolicyListTypeOutput) Metadata() metav1.ListMetaPtrOutput

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyListTypeOutput) ToValidatingAdmissionPolicyListTypeOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyListTypeOutput) ToValidatingAdmissionPolicyListTypeOutput() ValidatingAdmissionPolicyListTypeOutput

func (ValidatingAdmissionPolicyListTypeOutput) ToValidatingAdmissionPolicyListTypeOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyListTypeOutput) ToValidatingAdmissionPolicyListTypeOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyListTypeOutput

type ValidatingAdmissionPolicyMap added in v4.11.0 

type ValidatingAdmissionPolicyMap map[string]ValidatingAdmissionPolicyInput

func (ValidatingAdmissionPolicyMap) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyMap) ElementType() reflect.Type

func (ValidatingAdmissionPolicyMap) ToValidatingAdmissionPolicyMapOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyMap) ToValidatingAdmissionPolicyMapOutput() ValidatingAdmissionPolicyMapOutput

func (ValidatingAdmissionPolicyMap) ToValidatingAdmissionPolicyMapOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyMap) ToValidatingAdmissionPolicyMapOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyMapOutput

type ValidatingAdmissionPolicyMapInput added in v4.11.0 

type ValidatingAdmissionPolicyMapInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyMapOutput() ValidatingAdmissionPolicyMapOutput
	ToValidatingAdmissionPolicyMapOutputWithContext(context.Context) ValidatingAdmissionPolicyMapOutput
}

ValidatingAdmissionPolicyMapInput is an input type that accepts ValidatingAdmissionPolicyMap and ValidatingAdmissionPolicyMapOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyMapInput` via: 

ValidatingAdmissionPolicyMap{ "key": ValidatingAdmissionPolicyArgs{...} }

type ValidatingAdmissionPolicyMapOutput added in v4.11.0 

type ValidatingAdmissionPolicyMapOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyMapOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyMapOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyMapOutput) MapIndex added in v4.11.0 

func (o ValidatingAdmissionPolicyMapOutput) MapIndex(k pulumi.StringInput) ValidatingAdmissionPolicyOutput

func (ValidatingAdmissionPolicyMapOutput) ToValidatingAdmissionPolicyMapOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyMapOutput) ToValidatingAdmissionPolicyMapOutput() ValidatingAdmissionPolicyMapOutput

func (ValidatingAdmissionPolicyMapOutput) ToValidatingAdmissionPolicyMapOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyMapOutput) ToValidatingAdmissionPolicyMapOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyMapOutput

type ValidatingAdmissionPolicyOutput added in v4.11.0 

type ValidatingAdmissionPolicyOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyOutput) ApiVersion added in v4.11.0 

func (o ValidatingAdmissionPolicyOutput) ApiVersion() pulumi.StringOutput

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingAdmissionPolicyOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyOutput) Kind added in v4.11.0 

func (o ValidatingAdmissionPolicyOutput) Kind() pulumi.StringOutput

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyOutput) Metadata added in v4.11.0 

func (o ValidatingAdmissionPolicyOutput) Metadata() metav1.ObjectMetaOutput

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (ValidatingAdmissionPolicyOutput) Spec added in v4.11.0 

func (o ValidatingAdmissionPolicyOutput) Spec() ValidatingAdmissionPolicySpecOutput

Specification of the desired behavior of the ValidatingAdmissionPolicy.

func (ValidatingAdmissionPolicyOutput) Status added in v4.11.0 

func (o ValidatingAdmissionPolicyOutput) Status() ValidatingAdmissionPolicyStatusPtrOutput

The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.

func (ValidatingAdmissionPolicyOutput) ToValidatingAdmissionPolicyOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyOutput) ToValidatingAdmissionPolicyOutput() ValidatingAdmissionPolicyOutput

func (ValidatingAdmissionPolicyOutput) ToValidatingAdmissionPolicyOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyOutput) ToValidatingAdmissionPolicyOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyOutput

type ValidatingAdmissionPolicyPatch added in v4.11.0 

type ValidatingAdmissionPolicyPatch struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrOutput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrOutput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrOutput `pulumi:"metadata"`
	// Specification of the desired behavior of the ValidatingAdmissionPolicy.
	Spec ValidatingAdmissionPolicySpecPatchPtrOutput `pulumi:"spec"`
	// The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.
	Status ValidatingAdmissionPolicyStatusPatchPtrOutput `pulumi:"status"`
}

Patch resources are used to modify existing Kubernetes resources by using Server-Side Apply updates. The name of the resource must be specified, but all other properties are optional. More than one patch may be applied to the same resource, and a random FieldManager name will be used for each Patch resource. Conflicts will result in an error by default, but can be forced using the "pulumi.com/patchForce" annotation. See the [Server-Side Apply Docs](https://www.pulumi.com/registry/packages/kubernetes/how-to-guides/managing-resources-with-server-side-apply/) for additional information about using Server-Side Apply to manage Kubernetes resources with Pulumi. ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.

func GetValidatingAdmissionPolicyPatch added in v4.11.0 

func GetValidatingAdmissionPolicyPatch(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ValidatingAdmissionPolicyPatchState, opts ...pulumi.ResourceOption) (*ValidatingAdmissionPolicyPatch, error)

GetValidatingAdmissionPolicyPatch gets an existing ValidatingAdmissionPolicyPatch resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewValidatingAdmissionPolicyPatch added in v4.11.0 

func NewValidatingAdmissionPolicyPatch(ctx *pulumi.Context,
	name string, args *ValidatingAdmissionPolicyPatchArgs, opts ...pulumi.ResourceOption) (*ValidatingAdmissionPolicyPatch, error)

NewValidatingAdmissionPolicyPatch registers a new resource with the given unique name, arguments, and options.

func (*ValidatingAdmissionPolicyPatch) ElementType added in v4.11.0 

func (*ValidatingAdmissionPolicyPatch) ElementType() reflect.Type

func (*ValidatingAdmissionPolicyPatch) ToValidatingAdmissionPolicyPatchOutput added in v4.11.0 

func (i *ValidatingAdmissionPolicyPatch) ToValidatingAdmissionPolicyPatchOutput() ValidatingAdmissionPolicyPatchOutput

func (*ValidatingAdmissionPolicyPatch) ToValidatingAdmissionPolicyPatchOutputWithContext added in v4.11.0 

func (i *ValidatingAdmissionPolicyPatch) ToValidatingAdmissionPolicyPatchOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyPatchOutput

type ValidatingAdmissionPolicyPatchArgs added in v4.11.0 

type ValidatingAdmissionPolicyPatchArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrInput
	// Specification of the desired behavior of the ValidatingAdmissionPolicy.
	Spec ValidatingAdmissionPolicySpecPatchPtrInput
}

The set of arguments for constructing a ValidatingAdmissionPolicyPatch resource.

func (ValidatingAdmissionPolicyPatchArgs) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyPatchArgs) ElementType() reflect.Type

type ValidatingAdmissionPolicyPatchArray added in v4.11.0 

type ValidatingAdmissionPolicyPatchArray []ValidatingAdmissionPolicyPatchInput

func (ValidatingAdmissionPolicyPatchArray) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyPatchArray) ElementType() reflect.Type

func (ValidatingAdmissionPolicyPatchArray) ToValidatingAdmissionPolicyPatchArrayOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyPatchArray) ToValidatingAdmissionPolicyPatchArrayOutput() ValidatingAdmissionPolicyPatchArrayOutput

func (ValidatingAdmissionPolicyPatchArray) ToValidatingAdmissionPolicyPatchArrayOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyPatchArray) ToValidatingAdmissionPolicyPatchArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyPatchArrayOutput

type ValidatingAdmissionPolicyPatchArrayInput added in v4.11.0 

type ValidatingAdmissionPolicyPatchArrayInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyPatchArrayOutput() ValidatingAdmissionPolicyPatchArrayOutput
	ToValidatingAdmissionPolicyPatchArrayOutputWithContext(context.Context) ValidatingAdmissionPolicyPatchArrayOutput
}

ValidatingAdmissionPolicyPatchArrayInput is an input type that accepts ValidatingAdmissionPolicyPatchArray and ValidatingAdmissionPolicyPatchArrayOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyPatchArrayInput` via: 

ValidatingAdmissionPolicyPatchArray{ ValidatingAdmissionPolicyPatchArgs{...} }

type ValidatingAdmissionPolicyPatchArrayOutput added in v4.11.0 

type ValidatingAdmissionPolicyPatchArrayOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyPatchArrayOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyPatchArrayOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyPatchArrayOutput) Index added in v4.11.0 

func (o ValidatingAdmissionPolicyPatchArrayOutput) Index(i pulumi.IntInput) ValidatingAdmissionPolicyPatchOutput

func (ValidatingAdmissionPolicyPatchArrayOutput) ToValidatingAdmissionPolicyPatchArrayOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyPatchArrayOutput) ToValidatingAdmissionPolicyPatchArrayOutput() ValidatingAdmissionPolicyPatchArrayOutput

func (ValidatingAdmissionPolicyPatchArrayOutput) ToValidatingAdmissionPolicyPatchArrayOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyPatchArrayOutput) ToValidatingAdmissionPolicyPatchArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyPatchArrayOutput

type ValidatingAdmissionPolicyPatchInput added in v4.11.0 

type ValidatingAdmissionPolicyPatchInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyPatchOutput() ValidatingAdmissionPolicyPatchOutput
	ToValidatingAdmissionPolicyPatchOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyPatchOutput
}

type ValidatingAdmissionPolicyPatchMap added in v4.11.0 

type ValidatingAdmissionPolicyPatchMap map[string]ValidatingAdmissionPolicyPatchInput

func (ValidatingAdmissionPolicyPatchMap) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyPatchMap) ElementType() reflect.Type

func (ValidatingAdmissionPolicyPatchMap) ToValidatingAdmissionPolicyPatchMapOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyPatchMap) ToValidatingAdmissionPolicyPatchMapOutput() ValidatingAdmissionPolicyPatchMapOutput

func (ValidatingAdmissionPolicyPatchMap) ToValidatingAdmissionPolicyPatchMapOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyPatchMap) ToValidatingAdmissionPolicyPatchMapOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyPatchMapOutput

type ValidatingAdmissionPolicyPatchMapInput added in v4.11.0 

type ValidatingAdmissionPolicyPatchMapInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyPatchMapOutput() ValidatingAdmissionPolicyPatchMapOutput
	ToValidatingAdmissionPolicyPatchMapOutputWithContext(context.Context) ValidatingAdmissionPolicyPatchMapOutput
}

ValidatingAdmissionPolicyPatchMapInput is an input type that accepts ValidatingAdmissionPolicyPatchMap and ValidatingAdmissionPolicyPatchMapOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyPatchMapInput` via: 

ValidatingAdmissionPolicyPatchMap{ "key": ValidatingAdmissionPolicyPatchArgs{...} }

type ValidatingAdmissionPolicyPatchMapOutput added in v4.11.0 

type ValidatingAdmissionPolicyPatchMapOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyPatchMapOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyPatchMapOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyPatchMapOutput) MapIndex added in v4.11.0 

func (o ValidatingAdmissionPolicyPatchMapOutput) MapIndex(k pulumi.StringInput) ValidatingAdmissionPolicyPatchOutput

func (ValidatingAdmissionPolicyPatchMapOutput) ToValidatingAdmissionPolicyPatchMapOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyPatchMapOutput) ToValidatingAdmissionPolicyPatchMapOutput() ValidatingAdmissionPolicyPatchMapOutput

func (ValidatingAdmissionPolicyPatchMapOutput) ToValidatingAdmissionPolicyPatchMapOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyPatchMapOutput) ToValidatingAdmissionPolicyPatchMapOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyPatchMapOutput

type ValidatingAdmissionPolicyPatchOutput added in v4.11.0 

type ValidatingAdmissionPolicyPatchOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyPatchOutput) ApiVersion added in v4.11.0 

func (o ValidatingAdmissionPolicyPatchOutput) ApiVersion() pulumi.StringPtrOutput

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingAdmissionPolicyPatchOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyPatchOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyPatchOutput) Kind added in v4.11.0 

func (o ValidatingAdmissionPolicyPatchOutput) Kind() pulumi.StringPtrOutput

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyPatchOutput) Metadata added in v4.11.0 

func (o ValidatingAdmissionPolicyPatchOutput) Metadata() metav1.ObjectMetaPatchPtrOutput

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (ValidatingAdmissionPolicyPatchOutput) Spec added in v4.11.0 

func (o ValidatingAdmissionPolicyPatchOutput) Spec() ValidatingAdmissionPolicySpecPatchPtrOutput

Specification of the desired behavior of the ValidatingAdmissionPolicy.

func (ValidatingAdmissionPolicyPatchOutput) Status added in v4.11.0 

func (o ValidatingAdmissionPolicyPatchOutput) Status() ValidatingAdmissionPolicyStatusPatchPtrOutput

The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.

func (ValidatingAdmissionPolicyPatchOutput) ToValidatingAdmissionPolicyPatchOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyPatchOutput) ToValidatingAdmissionPolicyPatchOutput() ValidatingAdmissionPolicyPatchOutput

func (ValidatingAdmissionPolicyPatchOutput) ToValidatingAdmissionPolicyPatchOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyPatchOutput) ToValidatingAdmissionPolicyPatchOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyPatchOutput

type ValidatingAdmissionPolicyPatchState added in v4.11.0 

type ValidatingAdmissionPolicyPatchState struct {
}

func (ValidatingAdmissionPolicyPatchState) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyPatchState) ElementType() reflect.Type

type ValidatingAdmissionPolicyPatchType added in v4.11.0 

type ValidatingAdmissionPolicyPatchType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata *metav1.ObjectMetaPatch `pulumi:"metadata"`
	// Specification of the desired behavior of the ValidatingAdmissionPolicy.
	Spec *ValidatingAdmissionPolicySpecPatch `pulumi:"spec"`
	// The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.
	Status *ValidatingAdmissionPolicyStatusPatch `pulumi:"status"`
}

ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.

type ValidatingAdmissionPolicyPatchTypeArgs added in v4.11.0 

type ValidatingAdmissionPolicyPatchTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrInput `pulumi:"metadata"`
	// Specification of the desired behavior of the ValidatingAdmissionPolicy.
	Spec ValidatingAdmissionPolicySpecPatchPtrInput `pulumi:"spec"`
	// The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.
	Status ValidatingAdmissionPolicyStatusPatchPtrInput `pulumi:"status"`
}

ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.

func (ValidatingAdmissionPolicyPatchTypeArgs) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyPatchTypeArgs) ElementType() reflect.Type

func (ValidatingAdmissionPolicyPatchTypeArgs) ToValidatingAdmissionPolicyPatchTypeOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyPatchTypeArgs) ToValidatingAdmissionPolicyPatchTypeOutput() ValidatingAdmissionPolicyPatchTypeOutput

func (ValidatingAdmissionPolicyPatchTypeArgs) ToValidatingAdmissionPolicyPatchTypeOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyPatchTypeArgs) ToValidatingAdmissionPolicyPatchTypeOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyPatchTypeOutput

type ValidatingAdmissionPolicyPatchTypeInput added in v4.11.0 

type ValidatingAdmissionPolicyPatchTypeInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyPatchTypeOutput() ValidatingAdmissionPolicyPatchTypeOutput
	ToValidatingAdmissionPolicyPatchTypeOutputWithContext(context.Context) ValidatingAdmissionPolicyPatchTypeOutput
}

ValidatingAdmissionPolicyPatchTypeInput is an input type that accepts ValidatingAdmissionPolicyPatchTypeArgs and ValidatingAdmissionPolicyPatchTypeOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyPatchTypeInput` via: 

ValidatingAdmissionPolicyPatchTypeArgs{...}

type ValidatingAdmissionPolicyPatchTypeOutput added in v4.11.0 

type ValidatingAdmissionPolicyPatchTypeOutput struct{ *pulumi.OutputState }

ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.

func (ValidatingAdmissionPolicyPatchTypeOutput) ApiVersion added in v4.11.0 

func (o ValidatingAdmissionPolicyPatchTypeOutput) ApiVersion() pulumi.StringPtrOutput

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingAdmissionPolicyPatchTypeOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyPatchTypeOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyPatchTypeOutput) Kind added in v4.11.0 

func (o ValidatingAdmissionPolicyPatchTypeOutput) Kind() pulumi.StringPtrOutput

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyPatchTypeOutput) Metadata added in v4.11.0 

func (o ValidatingAdmissionPolicyPatchTypeOutput) Metadata() metav1.ObjectMetaPatchPtrOutput

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (ValidatingAdmissionPolicyPatchTypeOutput) Spec added in v4.11.0 

func (o ValidatingAdmissionPolicyPatchTypeOutput) Spec() ValidatingAdmissionPolicySpecPatchPtrOutput

Specification of the desired behavior of the ValidatingAdmissionPolicy.

func (ValidatingAdmissionPolicyPatchTypeOutput) Status added in v4.11.0 

func (o ValidatingAdmissionPolicyPatchTypeOutput) Status() ValidatingAdmissionPolicyStatusPatchPtrOutput

The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.

func (ValidatingAdmissionPolicyPatchTypeOutput) ToValidatingAdmissionPolicyPatchTypeOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyPatchTypeOutput) ToValidatingAdmissionPolicyPatchTypeOutput() ValidatingAdmissionPolicyPatchTypeOutput

func (ValidatingAdmissionPolicyPatchTypeOutput) ToValidatingAdmissionPolicyPatchTypeOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyPatchTypeOutput) ToValidatingAdmissionPolicyPatchTypeOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyPatchTypeOutput

type ValidatingAdmissionPolicySpec added in v4.11.0 

type ValidatingAdmissionPolicySpec struct {
	// auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required.
	AuditAnnotations []AuditAnnotation `pulumi:"auditAnnotations"`
	// failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.
	//
	// A policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource.
	//
	// failurePolicy does not define how validations that evaluate to false are handled.
	//
	// When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.
	//
	// Allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy *string `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// If a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the policy is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the policy is skipped
	MatchConditions []MatchCondition `pulumi:"matchConditions"`
	// MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request if it matches _all_ Constraints. However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Required.
	MatchConstraints *MatchResources `pulumi:"matchConstraints"`
	// ParamKind specifies the kind of resources used to parameterize this policy. If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.
	ParamKind *ParamKind `pulumi:"paramKind"`
	// Validations contain CEL expressions which is used to apply the validation. Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is required.
	Validations []Validation `pulumi:"validations"`
	// Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.
	//
	// The expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.
	Variables []Variable `pulumi:"variables"`
}

ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.

type ValidatingAdmissionPolicySpecArgs added in v4.11.0 

type ValidatingAdmissionPolicySpecArgs struct {
	// auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required.
	AuditAnnotations AuditAnnotationArrayInput `pulumi:"auditAnnotations"`
	// failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.
	//
	// A policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource.
	//
	// failurePolicy does not define how validations that evaluate to false are handled.
	//
	// When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.
	//
	// Allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy pulumi.StringPtrInput `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// If a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the policy is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the policy is skipped
	MatchConditions MatchConditionArrayInput `pulumi:"matchConditions"`
	// MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request if it matches _all_ Constraints. However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Required.
	MatchConstraints MatchResourcesPtrInput `pulumi:"matchConstraints"`
	// ParamKind specifies the kind of resources used to parameterize this policy. If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.
	ParamKind ParamKindPtrInput `pulumi:"paramKind"`
	// Validations contain CEL expressions which is used to apply the validation. Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is required.
	Validations ValidationArrayInput `pulumi:"validations"`
	// Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.
	//
	// The expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.
	Variables VariableArrayInput `pulumi:"variables"`
}

ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.

func (ValidatingAdmissionPolicySpecArgs) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicySpecArgs) ElementType() reflect.Type

func (ValidatingAdmissionPolicySpecArgs) ToValidatingAdmissionPolicySpecOutput added in v4.11.0 

func (i ValidatingAdmissionPolicySpecArgs) ToValidatingAdmissionPolicySpecOutput() ValidatingAdmissionPolicySpecOutput

func (ValidatingAdmissionPolicySpecArgs) ToValidatingAdmissionPolicySpecOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicySpecArgs) ToValidatingAdmissionPolicySpecOutputWithContext(ctx context.Context) ValidatingAdmissionPolicySpecOutput

func (ValidatingAdmissionPolicySpecArgs) ToValidatingAdmissionPolicySpecPtrOutput added in v4.11.0 

func (i ValidatingAdmissionPolicySpecArgs) ToValidatingAdmissionPolicySpecPtrOutput() ValidatingAdmissionPolicySpecPtrOutput

func (ValidatingAdmissionPolicySpecArgs) ToValidatingAdmissionPolicySpecPtrOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicySpecArgs) ToValidatingAdmissionPolicySpecPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicySpecPtrOutput

type ValidatingAdmissionPolicySpecInput added in v4.11.0 

type ValidatingAdmissionPolicySpecInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicySpecOutput() ValidatingAdmissionPolicySpecOutput
	ToValidatingAdmissionPolicySpecOutputWithContext(context.Context) ValidatingAdmissionPolicySpecOutput
}

ValidatingAdmissionPolicySpecInput is an input type that accepts ValidatingAdmissionPolicySpecArgs and ValidatingAdmissionPolicySpecOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicySpecInput` via: 

ValidatingAdmissionPolicySpecArgs{...}

type ValidatingAdmissionPolicySpecOutput added in v4.11.0 

type ValidatingAdmissionPolicySpecOutput struct{ *pulumi.OutputState }

ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.

func (ValidatingAdmissionPolicySpecOutput) AuditAnnotations added in v4.11.0 

func (o ValidatingAdmissionPolicySpecOutput) AuditAnnotations() AuditAnnotationArrayOutput

auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required.

func (ValidatingAdmissionPolicySpecOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicySpecOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicySpecOutput) FailurePolicy added in v4.11.0 

func (o ValidatingAdmissionPolicySpecOutput) FailurePolicy() pulumi.StringPtrOutput

failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.

A policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource.

failurePolicy does not define how validations that evaluate to false are handled.

When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.

Allowed values are Ignore or Fail. Defaults to Fail.

func (ValidatingAdmissionPolicySpecOutput) MatchConditions added in v4.11.0 

func (o ValidatingAdmissionPolicySpecOutput) MatchConditions() MatchConditionArrayOutput

MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.

If a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.

The exact matching logic is (in order):

  1. If ANY matchCondition evaluates to FALSE, the policy is skipped.
  2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.
  3. If any matchCondition evaluates to an error (but none are FALSE): - If failurePolicy=Fail, reject the request - If failurePolicy=Ignore, the policy is skipped

func (ValidatingAdmissionPolicySpecOutput) MatchConstraints added in v4.11.0 

func (o ValidatingAdmissionPolicySpecOutput) MatchConstraints() MatchResourcesPtrOutput

MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request if it matches _all_ Constraints. However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Required.

func (ValidatingAdmissionPolicySpecOutput) ParamKind added in v4.11.0 

func (o ValidatingAdmissionPolicySpecOutput) ParamKind() ParamKindPtrOutput

ParamKind specifies the kind of resources used to parameterize this policy. If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.

func (ValidatingAdmissionPolicySpecOutput) ToValidatingAdmissionPolicySpecOutput added in v4.11.0 

func (o ValidatingAdmissionPolicySpecOutput) ToValidatingAdmissionPolicySpecOutput() ValidatingAdmissionPolicySpecOutput

func (ValidatingAdmissionPolicySpecOutput) ToValidatingAdmissionPolicySpecOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicySpecOutput) ToValidatingAdmissionPolicySpecOutputWithContext(ctx context.Context) ValidatingAdmissionPolicySpecOutput

func (ValidatingAdmissionPolicySpecOutput) ToValidatingAdmissionPolicySpecPtrOutput added in v4.11.0 

func (o ValidatingAdmissionPolicySpecOutput) ToValidatingAdmissionPolicySpecPtrOutput() ValidatingAdmissionPolicySpecPtrOutput

func (ValidatingAdmissionPolicySpecOutput) ToValidatingAdmissionPolicySpecPtrOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicySpecOutput) ToValidatingAdmissionPolicySpecPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicySpecPtrOutput

func (ValidatingAdmissionPolicySpecOutput) Validations added in v4.11.0 

func (o ValidatingAdmissionPolicySpecOutput) Validations() ValidationArrayOutput

Validations contain CEL expressions which is used to apply the validation. Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is required.

func (ValidatingAdmissionPolicySpecOutput) Variables added in v4.11.0 

func (o ValidatingAdmissionPolicySpecOutput) Variables() VariableArrayOutput

Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.

The expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.

type ValidatingAdmissionPolicySpecPatch added in v4.11.0 

type ValidatingAdmissionPolicySpecPatch struct {
	// auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required.
	AuditAnnotations []AuditAnnotationPatch `pulumi:"auditAnnotations"`
	// failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.
	//
	// A policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource.
	//
	// failurePolicy does not define how validations that evaluate to false are handled.
	//
	// When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.
	//
	// Allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy *string `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// If a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the policy is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the policy is skipped
	MatchConditions []MatchConditionPatch `pulumi:"matchConditions"`
	// MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request if it matches _all_ Constraints. However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Required.
	MatchConstraints *MatchResourcesPatch `pulumi:"matchConstraints"`
	// ParamKind specifies the kind of resources used to parameterize this policy. If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.
	ParamKind *ParamKindPatch `pulumi:"paramKind"`
	// Validations contain CEL expressions which is used to apply the validation. Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is required.
	Validations []ValidationPatch `pulumi:"validations"`
	// Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.
	//
	// The expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.
	Variables []VariablePatch `pulumi:"variables"`
}

ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.

type ValidatingAdmissionPolicySpecPatchArgs added in v4.11.0 

type ValidatingAdmissionPolicySpecPatchArgs struct {
	// auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required.
	AuditAnnotations AuditAnnotationPatchArrayInput `pulumi:"auditAnnotations"`
	// failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.
	//
	// A policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource.
	//
	// failurePolicy does not define how validations that evaluate to false are handled.
	//
	// When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.
	//
	// Allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy pulumi.StringPtrInput `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// If a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the policy is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the policy is skipped
	MatchConditions MatchConditionPatchArrayInput `pulumi:"matchConditions"`
	// MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request if it matches _all_ Constraints. However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Required.
	MatchConstraints MatchResourcesPatchPtrInput `pulumi:"matchConstraints"`
	// ParamKind specifies the kind of resources used to parameterize this policy. If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.
	ParamKind ParamKindPatchPtrInput `pulumi:"paramKind"`
	// Validations contain CEL expressions which is used to apply the validation. Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is required.
	Validations ValidationPatchArrayInput `pulumi:"validations"`
	// Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.
	//
	// The expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.
	Variables VariablePatchArrayInput `pulumi:"variables"`
}

ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.

func (ValidatingAdmissionPolicySpecPatchArgs) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicySpecPatchArgs) ElementType() reflect.Type

func (ValidatingAdmissionPolicySpecPatchArgs) ToValidatingAdmissionPolicySpecPatchOutput added in v4.11.0 

func (i ValidatingAdmissionPolicySpecPatchArgs) ToValidatingAdmissionPolicySpecPatchOutput() ValidatingAdmissionPolicySpecPatchOutput

func (ValidatingAdmissionPolicySpecPatchArgs) ToValidatingAdmissionPolicySpecPatchOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicySpecPatchArgs) ToValidatingAdmissionPolicySpecPatchOutputWithContext(ctx context.Context) ValidatingAdmissionPolicySpecPatchOutput

func (ValidatingAdmissionPolicySpecPatchArgs) ToValidatingAdmissionPolicySpecPatchPtrOutput added in v4.11.0 

func (i ValidatingAdmissionPolicySpecPatchArgs) ToValidatingAdmissionPolicySpecPatchPtrOutput() ValidatingAdmissionPolicySpecPatchPtrOutput

func (ValidatingAdmissionPolicySpecPatchArgs) ToValidatingAdmissionPolicySpecPatchPtrOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicySpecPatchArgs) ToValidatingAdmissionPolicySpecPatchPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicySpecPatchPtrOutput

type ValidatingAdmissionPolicySpecPatchInput added in v4.11.0 

type ValidatingAdmissionPolicySpecPatchInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicySpecPatchOutput() ValidatingAdmissionPolicySpecPatchOutput
	ToValidatingAdmissionPolicySpecPatchOutputWithContext(context.Context) ValidatingAdmissionPolicySpecPatchOutput
}

ValidatingAdmissionPolicySpecPatchInput is an input type that accepts ValidatingAdmissionPolicySpecPatchArgs and ValidatingAdmissionPolicySpecPatchOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicySpecPatchInput` via: 

ValidatingAdmissionPolicySpecPatchArgs{...}

type ValidatingAdmissionPolicySpecPatchOutput added in v4.11.0 

type ValidatingAdmissionPolicySpecPatchOutput struct{ *pulumi.OutputState }

ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.

func (ValidatingAdmissionPolicySpecPatchOutput) AuditAnnotations added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPatchOutput) AuditAnnotations() AuditAnnotationPatchArrayOutput

auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required.

func (ValidatingAdmissionPolicySpecPatchOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicySpecPatchOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicySpecPatchOutput) FailurePolicy added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPatchOutput) FailurePolicy() pulumi.StringPtrOutput

failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.

A policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource.

failurePolicy does not define how validations that evaluate to false are handled.

When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.

Allowed values are Ignore or Fail. Defaults to Fail.

func (ValidatingAdmissionPolicySpecPatchOutput) MatchConditions added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPatchOutput) MatchConditions() MatchConditionPatchArrayOutput

MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.

If a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.

The exact matching logic is (in order):

  1. If ANY matchCondition evaluates to FALSE, the policy is skipped.
  2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.
  3. If any matchCondition evaluates to an error (but none are FALSE): - If failurePolicy=Fail, reject the request - If failurePolicy=Ignore, the policy is skipped

func (ValidatingAdmissionPolicySpecPatchOutput) MatchConstraints added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPatchOutput) MatchConstraints() MatchResourcesPatchPtrOutput

MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request if it matches _all_ Constraints. However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Required.

func (ValidatingAdmissionPolicySpecPatchOutput) ParamKind added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPatchOutput) ParamKind() ParamKindPatchPtrOutput

ParamKind specifies the kind of resources used to parameterize this policy. If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.

func (ValidatingAdmissionPolicySpecPatchOutput) ToValidatingAdmissionPolicySpecPatchOutput added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPatchOutput) ToValidatingAdmissionPolicySpecPatchOutput() ValidatingAdmissionPolicySpecPatchOutput

func (ValidatingAdmissionPolicySpecPatchOutput) ToValidatingAdmissionPolicySpecPatchOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPatchOutput) ToValidatingAdmissionPolicySpecPatchOutputWithContext(ctx context.Context) ValidatingAdmissionPolicySpecPatchOutput

func (ValidatingAdmissionPolicySpecPatchOutput) ToValidatingAdmissionPolicySpecPatchPtrOutput added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPatchOutput) ToValidatingAdmissionPolicySpecPatchPtrOutput() ValidatingAdmissionPolicySpecPatchPtrOutput

func (ValidatingAdmissionPolicySpecPatchOutput) ToValidatingAdmissionPolicySpecPatchPtrOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPatchOutput) ToValidatingAdmissionPolicySpecPatchPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicySpecPatchPtrOutput

func (ValidatingAdmissionPolicySpecPatchOutput) Validations added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPatchOutput) Validations() ValidationPatchArrayOutput

Validations contain CEL expressions which is used to apply the validation. Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is required.

func (ValidatingAdmissionPolicySpecPatchOutput) Variables added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPatchOutput) Variables() VariablePatchArrayOutput

Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.

The expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.

type ValidatingAdmissionPolicySpecPatchPtrInput added in v4.11.0 

type ValidatingAdmissionPolicySpecPatchPtrInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicySpecPatchPtrOutput() ValidatingAdmissionPolicySpecPatchPtrOutput
	ToValidatingAdmissionPolicySpecPatchPtrOutputWithContext(context.Context) ValidatingAdmissionPolicySpecPatchPtrOutput
}

ValidatingAdmissionPolicySpecPatchPtrInput is an input type that accepts ValidatingAdmissionPolicySpecPatchArgs, ValidatingAdmissionPolicySpecPatchPtr and ValidatingAdmissionPolicySpecPatchPtrOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicySpecPatchPtrInput` via: 

        ValidatingAdmissionPolicySpecPatchArgs{...}

or:

        nil

func ValidatingAdmissionPolicySpecPatchPtr added in v4.11.0 

func ValidatingAdmissionPolicySpecPatchPtr(v *ValidatingAdmissionPolicySpecPatchArgs) ValidatingAdmissionPolicySpecPatchPtrInput

type ValidatingAdmissionPolicySpecPatchPtrOutput added in v4.11.0 

type ValidatingAdmissionPolicySpecPatchPtrOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicySpecPatchPtrOutput) AuditAnnotations added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPatchPtrOutput) AuditAnnotations() AuditAnnotationPatchArrayOutput

auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required.

func (ValidatingAdmissionPolicySpecPatchPtrOutput) Elem added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPatchPtrOutput) Elem() ValidatingAdmissionPolicySpecPatchOutput

func (ValidatingAdmissionPolicySpecPatchPtrOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicySpecPatchPtrOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicySpecPatchPtrOutput) FailurePolicy added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPatchPtrOutput) FailurePolicy() pulumi.StringPtrOutput

failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.

A policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource.

failurePolicy does not define how validations that evaluate to false are handled.

When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.

Allowed values are Ignore or Fail. Defaults to Fail.

func (ValidatingAdmissionPolicySpecPatchPtrOutput) MatchConditions added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPatchPtrOutput) MatchConditions() MatchConditionPatchArrayOutput

MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.

If a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.

The exact matching logic is (in order):

  1. If ANY matchCondition evaluates to FALSE, the policy is skipped.
  2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.
  3. If any matchCondition evaluates to an error (but none are FALSE): - If failurePolicy=Fail, reject the request - If failurePolicy=Ignore, the policy is skipped

func (ValidatingAdmissionPolicySpecPatchPtrOutput) MatchConstraints added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPatchPtrOutput) MatchConstraints() MatchResourcesPatchPtrOutput

MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request if it matches _all_ Constraints. However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Required.

func (ValidatingAdmissionPolicySpecPatchPtrOutput) ParamKind added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPatchPtrOutput) ParamKind() ParamKindPatchPtrOutput

ParamKind specifies the kind of resources used to parameterize this policy. If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.

func (ValidatingAdmissionPolicySpecPatchPtrOutput) ToValidatingAdmissionPolicySpecPatchPtrOutput added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPatchPtrOutput) ToValidatingAdmissionPolicySpecPatchPtrOutput() ValidatingAdmissionPolicySpecPatchPtrOutput

func (ValidatingAdmissionPolicySpecPatchPtrOutput) ToValidatingAdmissionPolicySpecPatchPtrOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPatchPtrOutput) ToValidatingAdmissionPolicySpecPatchPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicySpecPatchPtrOutput

func (ValidatingAdmissionPolicySpecPatchPtrOutput) Validations added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPatchPtrOutput) Validations() ValidationPatchArrayOutput

Validations contain CEL expressions which is used to apply the validation. Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is required.

func (ValidatingAdmissionPolicySpecPatchPtrOutput) Variables added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPatchPtrOutput) Variables() VariablePatchArrayOutput

Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.

The expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.

type ValidatingAdmissionPolicySpecPtrInput added in v4.11.0 

type ValidatingAdmissionPolicySpecPtrInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicySpecPtrOutput() ValidatingAdmissionPolicySpecPtrOutput
	ToValidatingAdmissionPolicySpecPtrOutputWithContext(context.Context) ValidatingAdmissionPolicySpecPtrOutput
}

ValidatingAdmissionPolicySpecPtrInput is an input type that accepts ValidatingAdmissionPolicySpecArgs, ValidatingAdmissionPolicySpecPtr and ValidatingAdmissionPolicySpecPtrOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicySpecPtrInput` via: 

        ValidatingAdmissionPolicySpecArgs{...}

or:

        nil

func ValidatingAdmissionPolicySpecPtr added in v4.11.0 

func ValidatingAdmissionPolicySpecPtr(v *ValidatingAdmissionPolicySpecArgs) ValidatingAdmissionPolicySpecPtrInput

type ValidatingAdmissionPolicySpecPtrOutput added in v4.11.0 

type ValidatingAdmissionPolicySpecPtrOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicySpecPtrOutput) AuditAnnotations added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPtrOutput) AuditAnnotations() AuditAnnotationArrayOutput

auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required.

func (ValidatingAdmissionPolicySpecPtrOutput) Elem added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPtrOutput) Elem() ValidatingAdmissionPolicySpecOutput

func (ValidatingAdmissionPolicySpecPtrOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicySpecPtrOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicySpecPtrOutput) FailurePolicy added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPtrOutput) FailurePolicy() pulumi.StringPtrOutput

failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.

A policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource.

failurePolicy does not define how validations that evaluate to false are handled.

When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.

Allowed values are Ignore or Fail. Defaults to Fail.

func (ValidatingAdmissionPolicySpecPtrOutput) MatchConditions added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPtrOutput) MatchConditions() MatchConditionArrayOutput

MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.

If a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.

The exact matching logic is (in order):

  1. If ANY matchCondition evaluates to FALSE, the policy is skipped.
  2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.
  3. If any matchCondition evaluates to an error (but none are FALSE): - If failurePolicy=Fail, reject the request - If failurePolicy=Ignore, the policy is skipped

func (ValidatingAdmissionPolicySpecPtrOutput) MatchConstraints added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPtrOutput) MatchConstraints() MatchResourcesPtrOutput

MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request if it matches _all_ Constraints. However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Required.

func (ValidatingAdmissionPolicySpecPtrOutput) ParamKind added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPtrOutput) ParamKind() ParamKindPtrOutput

ParamKind specifies the kind of resources used to parameterize this policy. If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.

func (ValidatingAdmissionPolicySpecPtrOutput) ToValidatingAdmissionPolicySpecPtrOutput added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPtrOutput) ToValidatingAdmissionPolicySpecPtrOutput() ValidatingAdmissionPolicySpecPtrOutput

func (ValidatingAdmissionPolicySpecPtrOutput) ToValidatingAdmissionPolicySpecPtrOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPtrOutput) ToValidatingAdmissionPolicySpecPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicySpecPtrOutput

func (ValidatingAdmissionPolicySpecPtrOutput) Validations added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPtrOutput) Validations() ValidationArrayOutput

Validations contain CEL expressions which is used to apply the validation. Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is required.

func (ValidatingAdmissionPolicySpecPtrOutput) Variables added in v4.11.0 

func (o ValidatingAdmissionPolicySpecPtrOutput) Variables() VariableArrayOutput

Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.

The expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.

type ValidatingAdmissionPolicyState added in v4.11.0 

type ValidatingAdmissionPolicyState struct {
}

func (ValidatingAdmissionPolicyState) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyState) ElementType() reflect.Type

type ValidatingAdmissionPolicyStatus added in v4.11.0 

type ValidatingAdmissionPolicyStatus struct {
	// The conditions represent the latest available observations of a policy's current state.
	Conditions []metav1.Condition `pulumi:"conditions"`
	// The generation observed by the controller.
	ObservedGeneration *int `pulumi:"observedGeneration"`
	// The results of type checking for each expression. Presence of this field indicates the completion of the type checking.
	TypeChecking *TypeChecking `pulumi:"typeChecking"`
}

ValidatingAdmissionPolicyStatus represents the status of an admission validation policy.

type ValidatingAdmissionPolicyStatusArgs added in v4.11.0 

type ValidatingAdmissionPolicyStatusArgs struct {
	// The conditions represent the latest available observations of a policy's current state.
	Conditions metav1.ConditionArrayInput `pulumi:"conditions"`
	// The generation observed by the controller.
	ObservedGeneration pulumi.IntPtrInput `pulumi:"observedGeneration"`
	// The results of type checking for each expression. Presence of this field indicates the completion of the type checking.
	TypeChecking TypeCheckingPtrInput `pulumi:"typeChecking"`
}

ValidatingAdmissionPolicyStatus represents the status of an admission validation policy.

func (ValidatingAdmissionPolicyStatusArgs) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyStatusArgs) ElementType() reflect.Type

func (ValidatingAdmissionPolicyStatusArgs) ToValidatingAdmissionPolicyStatusOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyStatusArgs) ToValidatingAdmissionPolicyStatusOutput() ValidatingAdmissionPolicyStatusOutput

func (ValidatingAdmissionPolicyStatusArgs) ToValidatingAdmissionPolicyStatusOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyStatusArgs) ToValidatingAdmissionPolicyStatusOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyStatusOutput

func (ValidatingAdmissionPolicyStatusArgs) ToValidatingAdmissionPolicyStatusPtrOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyStatusArgs) ToValidatingAdmissionPolicyStatusPtrOutput() ValidatingAdmissionPolicyStatusPtrOutput

func (ValidatingAdmissionPolicyStatusArgs) ToValidatingAdmissionPolicyStatusPtrOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyStatusArgs) ToValidatingAdmissionPolicyStatusPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyStatusPtrOutput

type ValidatingAdmissionPolicyStatusInput added in v4.11.0 

type ValidatingAdmissionPolicyStatusInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyStatusOutput() ValidatingAdmissionPolicyStatusOutput
	ToValidatingAdmissionPolicyStatusOutputWithContext(context.Context) ValidatingAdmissionPolicyStatusOutput
}

ValidatingAdmissionPolicyStatusInput is an input type that accepts ValidatingAdmissionPolicyStatusArgs and ValidatingAdmissionPolicyStatusOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyStatusInput` via: 

ValidatingAdmissionPolicyStatusArgs{...}

type ValidatingAdmissionPolicyStatusOutput added in v4.11.0 

type ValidatingAdmissionPolicyStatusOutput struct{ *pulumi.OutputState }

ValidatingAdmissionPolicyStatus represents the status of an admission validation policy.

func (ValidatingAdmissionPolicyStatusOutput) Conditions added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusOutput) Conditions() metav1.ConditionArrayOutput

The conditions represent the latest available observations of a policy's current state.

func (ValidatingAdmissionPolicyStatusOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyStatusOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyStatusOutput) ObservedGeneration added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusOutput) ObservedGeneration() pulumi.IntPtrOutput

The generation observed by the controller.

func (ValidatingAdmissionPolicyStatusOutput) ToValidatingAdmissionPolicyStatusOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusOutput) ToValidatingAdmissionPolicyStatusOutput() ValidatingAdmissionPolicyStatusOutput

func (ValidatingAdmissionPolicyStatusOutput) ToValidatingAdmissionPolicyStatusOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusOutput) ToValidatingAdmissionPolicyStatusOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyStatusOutput

func (ValidatingAdmissionPolicyStatusOutput) ToValidatingAdmissionPolicyStatusPtrOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusOutput) ToValidatingAdmissionPolicyStatusPtrOutput() ValidatingAdmissionPolicyStatusPtrOutput

func (ValidatingAdmissionPolicyStatusOutput) ToValidatingAdmissionPolicyStatusPtrOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusOutput) ToValidatingAdmissionPolicyStatusPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyStatusPtrOutput

func (ValidatingAdmissionPolicyStatusOutput) TypeChecking added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusOutput) TypeChecking() TypeCheckingPtrOutput

The results of type checking for each expression. Presence of this field indicates the completion of the type checking.

type ValidatingAdmissionPolicyStatusPatch added in v4.11.0 

type ValidatingAdmissionPolicyStatusPatch struct {
	// The conditions represent the latest available observations of a policy's current state.
	Conditions []metav1.ConditionPatch `pulumi:"conditions"`
	// The generation observed by the controller.
	ObservedGeneration *int `pulumi:"observedGeneration"`
	// The results of type checking for each expression. Presence of this field indicates the completion of the type checking.
	TypeChecking *TypeCheckingPatch `pulumi:"typeChecking"`
}

ValidatingAdmissionPolicyStatus represents the status of an admission validation policy.

type ValidatingAdmissionPolicyStatusPatchArgs added in v4.11.0 

type ValidatingAdmissionPolicyStatusPatchArgs struct {
	// The conditions represent the latest available observations of a policy's current state.
	Conditions metav1.ConditionPatchArrayInput `pulumi:"conditions"`
	// The generation observed by the controller.
	ObservedGeneration pulumi.IntPtrInput `pulumi:"observedGeneration"`
	// The results of type checking for each expression. Presence of this field indicates the completion of the type checking.
	TypeChecking TypeCheckingPatchPtrInput `pulumi:"typeChecking"`
}

ValidatingAdmissionPolicyStatus represents the status of an admission validation policy.

func (ValidatingAdmissionPolicyStatusPatchArgs) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyStatusPatchArgs) ElementType() reflect.Type

func (ValidatingAdmissionPolicyStatusPatchArgs) ToValidatingAdmissionPolicyStatusPatchOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyStatusPatchArgs) ToValidatingAdmissionPolicyStatusPatchOutput() ValidatingAdmissionPolicyStatusPatchOutput

func (ValidatingAdmissionPolicyStatusPatchArgs) ToValidatingAdmissionPolicyStatusPatchOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyStatusPatchArgs) ToValidatingAdmissionPolicyStatusPatchOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyStatusPatchOutput

func (ValidatingAdmissionPolicyStatusPatchArgs) ToValidatingAdmissionPolicyStatusPatchPtrOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyStatusPatchArgs) ToValidatingAdmissionPolicyStatusPatchPtrOutput() ValidatingAdmissionPolicyStatusPatchPtrOutput

func (ValidatingAdmissionPolicyStatusPatchArgs) ToValidatingAdmissionPolicyStatusPatchPtrOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyStatusPatchArgs) ToValidatingAdmissionPolicyStatusPatchPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyStatusPatchPtrOutput

type ValidatingAdmissionPolicyStatusPatchInput added in v4.11.0 

type ValidatingAdmissionPolicyStatusPatchInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyStatusPatchOutput() ValidatingAdmissionPolicyStatusPatchOutput
	ToValidatingAdmissionPolicyStatusPatchOutputWithContext(context.Context) ValidatingAdmissionPolicyStatusPatchOutput
}

ValidatingAdmissionPolicyStatusPatchInput is an input type that accepts ValidatingAdmissionPolicyStatusPatchArgs and ValidatingAdmissionPolicyStatusPatchOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyStatusPatchInput` via: 

ValidatingAdmissionPolicyStatusPatchArgs{...}

type ValidatingAdmissionPolicyStatusPatchOutput added in v4.11.0 

type ValidatingAdmissionPolicyStatusPatchOutput struct{ *pulumi.OutputState }

ValidatingAdmissionPolicyStatus represents the status of an admission validation policy.

func (ValidatingAdmissionPolicyStatusPatchOutput) Conditions added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusPatchOutput) Conditions() metav1.ConditionPatchArrayOutput

The conditions represent the latest available observations of a policy's current state.

func (ValidatingAdmissionPolicyStatusPatchOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyStatusPatchOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyStatusPatchOutput) ObservedGeneration added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusPatchOutput) ObservedGeneration() pulumi.IntPtrOutput

The generation observed by the controller.

func (ValidatingAdmissionPolicyStatusPatchOutput) ToValidatingAdmissionPolicyStatusPatchOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusPatchOutput) ToValidatingAdmissionPolicyStatusPatchOutput() ValidatingAdmissionPolicyStatusPatchOutput

func (ValidatingAdmissionPolicyStatusPatchOutput) ToValidatingAdmissionPolicyStatusPatchOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusPatchOutput) ToValidatingAdmissionPolicyStatusPatchOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyStatusPatchOutput

func (ValidatingAdmissionPolicyStatusPatchOutput) ToValidatingAdmissionPolicyStatusPatchPtrOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusPatchOutput) ToValidatingAdmissionPolicyStatusPatchPtrOutput() ValidatingAdmissionPolicyStatusPatchPtrOutput

func (ValidatingAdmissionPolicyStatusPatchOutput) ToValidatingAdmissionPolicyStatusPatchPtrOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusPatchOutput) ToValidatingAdmissionPolicyStatusPatchPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyStatusPatchPtrOutput

func (ValidatingAdmissionPolicyStatusPatchOutput) TypeChecking added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusPatchOutput) TypeChecking() TypeCheckingPatchPtrOutput

The results of type checking for each expression. Presence of this field indicates the completion of the type checking.

type ValidatingAdmissionPolicyStatusPatchPtrInput added in v4.11.0 

type ValidatingAdmissionPolicyStatusPatchPtrInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyStatusPatchPtrOutput() ValidatingAdmissionPolicyStatusPatchPtrOutput
	ToValidatingAdmissionPolicyStatusPatchPtrOutputWithContext(context.Context) ValidatingAdmissionPolicyStatusPatchPtrOutput
}

ValidatingAdmissionPolicyStatusPatchPtrInput is an input type that accepts ValidatingAdmissionPolicyStatusPatchArgs, ValidatingAdmissionPolicyStatusPatchPtr and ValidatingAdmissionPolicyStatusPatchPtrOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyStatusPatchPtrInput` via: 

        ValidatingAdmissionPolicyStatusPatchArgs{...}

or:

        nil

func ValidatingAdmissionPolicyStatusPatchPtr added in v4.11.0 

func ValidatingAdmissionPolicyStatusPatchPtr(v *ValidatingAdmissionPolicyStatusPatchArgs) ValidatingAdmissionPolicyStatusPatchPtrInput

type ValidatingAdmissionPolicyStatusPatchPtrOutput added in v4.11.0 

type ValidatingAdmissionPolicyStatusPatchPtrOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyStatusPatchPtrOutput) Conditions added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusPatchPtrOutput) Conditions() metav1.ConditionPatchArrayOutput

The conditions represent the latest available observations of a policy's current state.

func (ValidatingAdmissionPolicyStatusPatchPtrOutput) Elem added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusPatchPtrOutput) Elem() ValidatingAdmissionPolicyStatusPatchOutput

func (ValidatingAdmissionPolicyStatusPatchPtrOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyStatusPatchPtrOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyStatusPatchPtrOutput) ObservedGeneration added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusPatchPtrOutput) ObservedGeneration() pulumi.IntPtrOutput

The generation observed by the controller.

func (ValidatingAdmissionPolicyStatusPatchPtrOutput) ToValidatingAdmissionPolicyStatusPatchPtrOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusPatchPtrOutput) ToValidatingAdmissionPolicyStatusPatchPtrOutput() ValidatingAdmissionPolicyStatusPatchPtrOutput

func (ValidatingAdmissionPolicyStatusPatchPtrOutput) ToValidatingAdmissionPolicyStatusPatchPtrOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusPatchPtrOutput) ToValidatingAdmissionPolicyStatusPatchPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyStatusPatchPtrOutput

func (ValidatingAdmissionPolicyStatusPatchPtrOutput) TypeChecking added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusPatchPtrOutput) TypeChecking() TypeCheckingPatchPtrOutput

The results of type checking for each expression. Presence of this field indicates the completion of the type checking.

type ValidatingAdmissionPolicyStatusPtrInput added in v4.11.0 

type ValidatingAdmissionPolicyStatusPtrInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyStatusPtrOutput() ValidatingAdmissionPolicyStatusPtrOutput
	ToValidatingAdmissionPolicyStatusPtrOutputWithContext(context.Context) ValidatingAdmissionPolicyStatusPtrOutput
}

ValidatingAdmissionPolicyStatusPtrInput is an input type that accepts ValidatingAdmissionPolicyStatusArgs, ValidatingAdmissionPolicyStatusPtr and ValidatingAdmissionPolicyStatusPtrOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyStatusPtrInput` via: 

        ValidatingAdmissionPolicyStatusArgs{...}

or:

        nil

func ValidatingAdmissionPolicyStatusPtr added in v4.11.0 

func ValidatingAdmissionPolicyStatusPtr(v *ValidatingAdmissionPolicyStatusArgs) ValidatingAdmissionPolicyStatusPtrInput

type ValidatingAdmissionPolicyStatusPtrOutput added in v4.11.0 

type ValidatingAdmissionPolicyStatusPtrOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyStatusPtrOutput) Conditions added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusPtrOutput) Conditions() metav1.ConditionArrayOutput

The conditions represent the latest available observations of a policy's current state.

func (ValidatingAdmissionPolicyStatusPtrOutput) Elem added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusPtrOutput) Elem() ValidatingAdmissionPolicyStatusOutput

func (ValidatingAdmissionPolicyStatusPtrOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyStatusPtrOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyStatusPtrOutput) ObservedGeneration added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusPtrOutput) ObservedGeneration() pulumi.IntPtrOutput

The generation observed by the controller.

func (ValidatingAdmissionPolicyStatusPtrOutput) ToValidatingAdmissionPolicyStatusPtrOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusPtrOutput) ToValidatingAdmissionPolicyStatusPtrOutput() ValidatingAdmissionPolicyStatusPtrOutput

func (ValidatingAdmissionPolicyStatusPtrOutput) ToValidatingAdmissionPolicyStatusPtrOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusPtrOutput) ToValidatingAdmissionPolicyStatusPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyStatusPtrOutput

func (ValidatingAdmissionPolicyStatusPtrOutput) TypeChecking added in v4.11.0 

func (o ValidatingAdmissionPolicyStatusPtrOutput) TypeChecking() TypeCheckingPtrOutput

The results of type checking for each expression. Presence of this field indicates the completion of the type checking.

type ValidatingAdmissionPolicyType added in v4.11.0 

type ValidatingAdmissionPolicyType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata *metav1.ObjectMeta `pulumi:"metadata"`
	// Specification of the desired behavior of the ValidatingAdmissionPolicy.
	Spec *ValidatingAdmissionPolicySpec `pulumi:"spec"`
	// The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.
	Status *ValidatingAdmissionPolicyStatus `pulumi:"status"`
}

ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.

type ValidatingAdmissionPolicyTypeArgs added in v4.11.0 

type ValidatingAdmissionPolicyTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPtrInput `pulumi:"metadata"`
	// Specification of the desired behavior of the ValidatingAdmissionPolicy.
	Spec ValidatingAdmissionPolicySpecPtrInput `pulumi:"spec"`
	// The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.
	Status ValidatingAdmissionPolicyStatusPtrInput `pulumi:"status"`
}

ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.

func (ValidatingAdmissionPolicyTypeArgs) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyTypeArgs) ElementType() reflect.Type

func (ValidatingAdmissionPolicyTypeArgs) ToValidatingAdmissionPolicyTypeOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyTypeArgs) ToValidatingAdmissionPolicyTypeOutput() ValidatingAdmissionPolicyTypeOutput

func (ValidatingAdmissionPolicyTypeArgs) ToValidatingAdmissionPolicyTypeOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyTypeArgs) ToValidatingAdmissionPolicyTypeOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyTypeOutput

type ValidatingAdmissionPolicyTypeArray added in v4.11.0 

type ValidatingAdmissionPolicyTypeArray []ValidatingAdmissionPolicyTypeInput

func (ValidatingAdmissionPolicyTypeArray) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyTypeArray) ElementType() reflect.Type

func (ValidatingAdmissionPolicyTypeArray) ToValidatingAdmissionPolicyTypeArrayOutput added in v4.11.0 

func (i ValidatingAdmissionPolicyTypeArray) ToValidatingAdmissionPolicyTypeArrayOutput() ValidatingAdmissionPolicyTypeArrayOutput

func (ValidatingAdmissionPolicyTypeArray) ToValidatingAdmissionPolicyTypeArrayOutputWithContext added in v4.11.0 

func (i ValidatingAdmissionPolicyTypeArray) ToValidatingAdmissionPolicyTypeArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyTypeArrayOutput

type ValidatingAdmissionPolicyTypeArrayInput added in v4.11.0 

type ValidatingAdmissionPolicyTypeArrayInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyTypeArrayOutput() ValidatingAdmissionPolicyTypeArrayOutput
	ToValidatingAdmissionPolicyTypeArrayOutputWithContext(context.Context) ValidatingAdmissionPolicyTypeArrayOutput
}

ValidatingAdmissionPolicyTypeArrayInput is an input type that accepts ValidatingAdmissionPolicyTypeArray and ValidatingAdmissionPolicyTypeArrayOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyTypeArrayInput` via: 

ValidatingAdmissionPolicyTypeArray{ ValidatingAdmissionPolicyTypeArgs{...} }

type ValidatingAdmissionPolicyTypeArrayOutput added in v4.11.0 

type ValidatingAdmissionPolicyTypeArrayOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyTypeArrayOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyTypeArrayOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyTypeArrayOutput) Index added in v4.11.0 

func (o ValidatingAdmissionPolicyTypeArrayOutput) Index(i pulumi.IntInput) ValidatingAdmissionPolicyTypeOutput

func (ValidatingAdmissionPolicyTypeArrayOutput) ToValidatingAdmissionPolicyTypeArrayOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyTypeArrayOutput) ToValidatingAdmissionPolicyTypeArrayOutput() ValidatingAdmissionPolicyTypeArrayOutput

func (ValidatingAdmissionPolicyTypeArrayOutput) ToValidatingAdmissionPolicyTypeArrayOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyTypeArrayOutput) ToValidatingAdmissionPolicyTypeArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyTypeArrayOutput

type ValidatingAdmissionPolicyTypeInput added in v4.11.0 

type ValidatingAdmissionPolicyTypeInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyTypeOutput() ValidatingAdmissionPolicyTypeOutput
	ToValidatingAdmissionPolicyTypeOutputWithContext(context.Context) ValidatingAdmissionPolicyTypeOutput
}

ValidatingAdmissionPolicyTypeInput is an input type that accepts ValidatingAdmissionPolicyTypeArgs and ValidatingAdmissionPolicyTypeOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyTypeInput` via: 

ValidatingAdmissionPolicyTypeArgs{...}

type ValidatingAdmissionPolicyTypeOutput added in v4.11.0 

type ValidatingAdmissionPolicyTypeOutput struct{ *pulumi.OutputState }

ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.

func (ValidatingAdmissionPolicyTypeOutput) ApiVersion added in v4.11.0 

func (o ValidatingAdmissionPolicyTypeOutput) ApiVersion() pulumi.StringPtrOutput

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingAdmissionPolicyTypeOutput) ElementType added in v4.11.0 

func (ValidatingAdmissionPolicyTypeOutput) ElementType() reflect.Type

func (ValidatingAdmissionPolicyTypeOutput) Kind added in v4.11.0 

func (o ValidatingAdmissionPolicyTypeOutput) Kind() pulumi.StringPtrOutput

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyTypeOutput) Metadata added in v4.11.0 

func (o ValidatingAdmissionPolicyTypeOutput) Metadata() metav1.ObjectMetaPtrOutput

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (ValidatingAdmissionPolicyTypeOutput) Spec added in v4.11.0 

func (o ValidatingAdmissionPolicyTypeOutput) Spec() ValidatingAdmissionPolicySpecPtrOutput

Specification of the desired behavior of the ValidatingAdmissionPolicy.

func (ValidatingAdmissionPolicyTypeOutput) Status added in v4.11.0 

func (o ValidatingAdmissionPolicyTypeOutput) Status() ValidatingAdmissionPolicyStatusPtrOutput

The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.

func (ValidatingAdmissionPolicyTypeOutput) ToValidatingAdmissionPolicyTypeOutput added in v4.11.0 

func (o ValidatingAdmissionPolicyTypeOutput) ToValidatingAdmissionPolicyTypeOutput() ValidatingAdmissionPolicyTypeOutput

func (ValidatingAdmissionPolicyTypeOutput) ToValidatingAdmissionPolicyTypeOutputWithContext added in v4.11.0 

func (o ValidatingAdmissionPolicyTypeOutput) ToValidatingAdmissionPolicyTypeOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyTypeOutput

type ValidatingWebhook 

type ValidatingWebhook struct {
	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
	AdmissionReviewVersions []string `pulumi:"admissionReviewVersions"`
	// ClientConfig defines how to communicate with the hook. Required
	ClientConfig WebhookClientConfig `pulumi:"clientConfig"`
	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy *string `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
	MatchConditions []MatchCondition `pulumi:"matchConditions"`
	// matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
	//
	// Defaults to "Equivalent"
	MatchPolicy *string `pulumi:"matchPolicy"`
	// The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
	Name string `pulumi:"name"`
	// NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector *metav1.LabelSelector `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector *metav1.LabelSelector `pulumi:"objectSelector"`
	// Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
	Rules []RuleWithOperations `pulumi:"rules"`
	// SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
	SideEffects string `pulumi:"sideEffects"`
	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
	TimeoutSeconds *int `pulumi:"timeoutSeconds"`
}

ValidatingWebhook describes an admission webhook and the resources and operations it applies to.

type ValidatingWebhookArgs 

type ValidatingWebhookArgs struct {
	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
	AdmissionReviewVersions pulumi.StringArrayInput `pulumi:"admissionReviewVersions"`
	// ClientConfig defines how to communicate with the hook. Required
	ClientConfig WebhookClientConfigInput `pulumi:"clientConfig"`
	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy pulumi.StringPtrInput `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
	MatchConditions MatchConditionArrayInput `pulumi:"matchConditions"`
	// matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
	//
	// Defaults to "Equivalent"
	MatchPolicy pulumi.StringPtrInput `pulumi:"matchPolicy"`
	// The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
	Name pulumi.StringInput `pulumi:"name"`
	// NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector metav1.LabelSelectorPtrInput `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector metav1.LabelSelectorPtrInput `pulumi:"objectSelector"`
	// Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
	Rules RuleWithOperationsArrayInput `pulumi:"rules"`
	// SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
	SideEffects pulumi.StringInput `pulumi:"sideEffects"`
	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
	TimeoutSeconds pulumi.IntPtrInput `pulumi:"timeoutSeconds"`
}

ValidatingWebhook describes an admission webhook and the resources and operations it applies to.

func (ValidatingWebhookArgs) ElementType 

func (ValidatingWebhookArgs) ElementType() reflect.Type

func (ValidatingWebhookArgs) ToValidatingWebhookOutput 

func (i ValidatingWebhookArgs) ToValidatingWebhookOutput() ValidatingWebhookOutput

func (ValidatingWebhookArgs) ToValidatingWebhookOutputWithContext 

func (i ValidatingWebhookArgs) ToValidatingWebhookOutputWithContext(ctx context.Context) ValidatingWebhookOutput

type ValidatingWebhookArray 

type ValidatingWebhookArray []ValidatingWebhookInput

func (ValidatingWebhookArray) ElementType 

func (ValidatingWebhookArray) ElementType() reflect.Type

func (ValidatingWebhookArray) ToValidatingWebhookArrayOutput 

func (i ValidatingWebhookArray) ToValidatingWebhookArrayOutput() ValidatingWebhookArrayOutput

func (ValidatingWebhookArray) ToValidatingWebhookArrayOutputWithContext 

func (i ValidatingWebhookArray) ToValidatingWebhookArrayOutputWithContext(ctx context.Context) ValidatingWebhookArrayOutput

type ValidatingWebhookArrayInput 

type ValidatingWebhookArrayInput interface {
	pulumi.Input

	ToValidatingWebhookArrayOutput() ValidatingWebhookArrayOutput
	ToValidatingWebhookArrayOutputWithContext(context.Context) ValidatingWebhookArrayOutput
}

ValidatingWebhookArrayInput is an input type that accepts ValidatingWebhookArray and ValidatingWebhookArrayOutput values. You can construct a concrete instance of `ValidatingWebhookArrayInput` via: 

ValidatingWebhookArray{ ValidatingWebhookArgs{...} }

type ValidatingWebhookArrayOutput 

type ValidatingWebhookArrayOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookArrayOutput) ElementType 

func (ValidatingWebhookArrayOutput) ElementType() reflect.Type

func (ValidatingWebhookArrayOutput) Index 

func (o ValidatingWebhookArrayOutput) Index(i pulumi.IntInput) ValidatingWebhookOutput

func (ValidatingWebhookArrayOutput) ToValidatingWebhookArrayOutput 

func (o ValidatingWebhookArrayOutput) ToValidatingWebhookArrayOutput() ValidatingWebhookArrayOutput

func (ValidatingWebhookArrayOutput) ToValidatingWebhookArrayOutputWithContext 

func (o ValidatingWebhookArrayOutput) ToValidatingWebhookArrayOutputWithContext(ctx context.Context) ValidatingWebhookArrayOutput

type ValidatingWebhookConfiguration 

type ValidatingWebhookConfiguration struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringOutput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringOutput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaOutput `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks ValidatingWebhookArrayOutput `pulumi:"webhooks"`
}

ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.

func GetValidatingWebhookConfiguration 

func GetValidatingWebhookConfiguration(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ValidatingWebhookConfigurationState, opts ...pulumi.ResourceOption) (*ValidatingWebhookConfiguration, error)

GetValidatingWebhookConfiguration gets an existing ValidatingWebhookConfiguration resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewValidatingWebhookConfiguration 

func NewValidatingWebhookConfiguration(ctx *pulumi.Context,
	name string, args *ValidatingWebhookConfigurationArgs, opts ...pulumi.ResourceOption) (*ValidatingWebhookConfiguration, error)

NewValidatingWebhookConfiguration registers a new resource with the given unique name, arguments, and options.

func (*ValidatingWebhookConfiguration) ElementType 

func (*ValidatingWebhookConfiguration) ElementType() reflect.Type

func (*ValidatingWebhookConfiguration) ToValidatingWebhookConfigurationOutput 

func (i *ValidatingWebhookConfiguration) ToValidatingWebhookConfigurationOutput() ValidatingWebhookConfigurationOutput

func (*ValidatingWebhookConfiguration) ToValidatingWebhookConfigurationOutputWithContext 

func (i *ValidatingWebhookConfiguration) ToValidatingWebhookConfigurationOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationOutput

type ValidatingWebhookConfigurationArgs 

type ValidatingWebhookConfigurationArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPtrInput
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks ValidatingWebhookArrayInput
}

The set of arguments for constructing a ValidatingWebhookConfiguration resource.

func (ValidatingWebhookConfigurationArgs) ElementType 

func (ValidatingWebhookConfigurationArgs) ElementType() reflect.Type

type ValidatingWebhookConfigurationArray 

type ValidatingWebhookConfigurationArray []ValidatingWebhookConfigurationInput

func (ValidatingWebhookConfigurationArray) ElementType 

func (ValidatingWebhookConfigurationArray) ElementType() reflect.Type

func (ValidatingWebhookConfigurationArray) ToValidatingWebhookConfigurationArrayOutput 

func (i ValidatingWebhookConfigurationArray) ToValidatingWebhookConfigurationArrayOutput() ValidatingWebhookConfigurationArrayOutput

func (ValidatingWebhookConfigurationArray) ToValidatingWebhookConfigurationArrayOutputWithContext 

func (i ValidatingWebhookConfigurationArray) ToValidatingWebhookConfigurationArrayOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationArrayOutput

type ValidatingWebhookConfigurationArrayInput 

type ValidatingWebhookConfigurationArrayInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationArrayOutput() ValidatingWebhookConfigurationArrayOutput
	ToValidatingWebhookConfigurationArrayOutputWithContext(context.Context) ValidatingWebhookConfigurationArrayOutput
}

ValidatingWebhookConfigurationArrayInput is an input type that accepts ValidatingWebhookConfigurationArray and ValidatingWebhookConfigurationArrayOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationArrayInput` via: 

ValidatingWebhookConfigurationArray{ ValidatingWebhookConfigurationArgs{...} }

type ValidatingWebhookConfigurationArrayOutput 

type ValidatingWebhookConfigurationArrayOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationArrayOutput) ElementType 

func (ValidatingWebhookConfigurationArrayOutput) ElementType() reflect.Type

func (ValidatingWebhookConfigurationArrayOutput) Index 

func (o ValidatingWebhookConfigurationArrayOutput) Index(i pulumi.IntInput) ValidatingWebhookConfigurationOutput

func (ValidatingWebhookConfigurationArrayOutput) ToValidatingWebhookConfigurationArrayOutput 

func (o ValidatingWebhookConfigurationArrayOutput) ToValidatingWebhookConfigurationArrayOutput() ValidatingWebhookConfigurationArrayOutput

func (ValidatingWebhookConfigurationArrayOutput) ToValidatingWebhookConfigurationArrayOutputWithContext 

func (o ValidatingWebhookConfigurationArrayOutput) ToValidatingWebhookConfigurationArrayOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationArrayOutput

type ValidatingWebhookConfigurationInput 

type ValidatingWebhookConfigurationInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationOutput() ValidatingWebhookConfigurationOutput
	ToValidatingWebhookConfigurationOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationOutput
}

type ValidatingWebhookConfigurationList 

type ValidatingWebhookConfigurationList struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringOutput `pulumi:"apiVersion"`
	// List of ValidatingWebhookConfiguration.
	Items ValidatingWebhookConfigurationTypeArrayOutput `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringOutput `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaOutput `pulumi:"metadata"`
}

ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration.

func GetValidatingWebhookConfigurationList 

func GetValidatingWebhookConfigurationList(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ValidatingWebhookConfigurationListState, opts ...pulumi.ResourceOption) (*ValidatingWebhookConfigurationList, error)

GetValidatingWebhookConfigurationList gets an existing ValidatingWebhookConfigurationList resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewValidatingWebhookConfigurationList 

func NewValidatingWebhookConfigurationList(ctx *pulumi.Context,
	name string, args *ValidatingWebhookConfigurationListArgs, opts ...pulumi.ResourceOption) (*ValidatingWebhookConfigurationList, error)

NewValidatingWebhookConfigurationList registers a new resource with the given unique name, arguments, and options.

func (*ValidatingWebhookConfigurationList) ElementType 

func (*ValidatingWebhookConfigurationList) ElementType() reflect.Type

func (*ValidatingWebhookConfigurationList) ToValidatingWebhookConfigurationListOutput 

func (i *ValidatingWebhookConfigurationList) ToValidatingWebhookConfigurationListOutput() ValidatingWebhookConfigurationListOutput

func (*ValidatingWebhookConfigurationList) ToValidatingWebhookConfigurationListOutputWithContext 

func (i *ValidatingWebhookConfigurationList) ToValidatingWebhookConfigurationListOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListOutput

type ValidatingWebhookConfigurationListArgs 

type ValidatingWebhookConfigurationListArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// List of ValidatingWebhookConfiguration.
	Items ValidatingWebhookConfigurationTypeArrayInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaPtrInput
}

The set of arguments for constructing a ValidatingWebhookConfigurationList resource.

func (ValidatingWebhookConfigurationListArgs) ElementType 

func (ValidatingWebhookConfigurationListArgs) ElementType() reflect.Type

type ValidatingWebhookConfigurationListArray 

type ValidatingWebhookConfigurationListArray []ValidatingWebhookConfigurationListInput

func (ValidatingWebhookConfigurationListArray) ElementType 

func (ValidatingWebhookConfigurationListArray) ElementType() reflect.Type

func (ValidatingWebhookConfigurationListArray) ToValidatingWebhookConfigurationListArrayOutput 

func (i ValidatingWebhookConfigurationListArray) ToValidatingWebhookConfigurationListArrayOutput() ValidatingWebhookConfigurationListArrayOutput

func (ValidatingWebhookConfigurationListArray) ToValidatingWebhookConfigurationListArrayOutputWithContext 

func (i ValidatingWebhookConfigurationListArray) ToValidatingWebhookConfigurationListArrayOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListArrayOutput

type ValidatingWebhookConfigurationListArrayInput 

type ValidatingWebhookConfigurationListArrayInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationListArrayOutput() ValidatingWebhookConfigurationListArrayOutput
	ToValidatingWebhookConfigurationListArrayOutputWithContext(context.Context) ValidatingWebhookConfigurationListArrayOutput
}

ValidatingWebhookConfigurationListArrayInput is an input type that accepts ValidatingWebhookConfigurationListArray and ValidatingWebhookConfigurationListArrayOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationListArrayInput` via: 

ValidatingWebhookConfigurationListArray{ ValidatingWebhookConfigurationListArgs{...} }

type ValidatingWebhookConfigurationListArrayOutput 

type ValidatingWebhookConfigurationListArrayOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationListArrayOutput) ElementType 

func (ValidatingWebhookConfigurationListArrayOutput) ElementType() reflect.Type

func (ValidatingWebhookConfigurationListArrayOutput) Index 

func (o ValidatingWebhookConfigurationListArrayOutput) Index(i pulumi.IntInput) ValidatingWebhookConfigurationListOutput

func (ValidatingWebhookConfigurationListArrayOutput) ToValidatingWebhookConfigurationListArrayOutput 

func (o ValidatingWebhookConfigurationListArrayOutput) ToValidatingWebhookConfigurationListArrayOutput() ValidatingWebhookConfigurationListArrayOutput

func (ValidatingWebhookConfigurationListArrayOutput) ToValidatingWebhookConfigurationListArrayOutputWithContext 

func (o ValidatingWebhookConfigurationListArrayOutput) ToValidatingWebhookConfigurationListArrayOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListArrayOutput

type ValidatingWebhookConfigurationListInput 

type ValidatingWebhookConfigurationListInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationListOutput() ValidatingWebhookConfigurationListOutput
	ToValidatingWebhookConfigurationListOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListOutput
}

type ValidatingWebhookConfigurationListMap 

type ValidatingWebhookConfigurationListMap map[string]ValidatingWebhookConfigurationListInput

func (ValidatingWebhookConfigurationListMap) ElementType 

func (ValidatingWebhookConfigurationListMap) ElementType() reflect.Type

func (ValidatingWebhookConfigurationListMap) ToValidatingWebhookConfigurationListMapOutput 

func (i ValidatingWebhookConfigurationListMap) ToValidatingWebhookConfigurationListMapOutput() ValidatingWebhookConfigurationListMapOutput

func (ValidatingWebhookConfigurationListMap) ToValidatingWebhookConfigurationListMapOutputWithContext 

func (i ValidatingWebhookConfigurationListMap) ToValidatingWebhookConfigurationListMapOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListMapOutput

type ValidatingWebhookConfigurationListMapInput 

type ValidatingWebhookConfigurationListMapInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationListMapOutput() ValidatingWebhookConfigurationListMapOutput
	ToValidatingWebhookConfigurationListMapOutputWithContext(context.Context) ValidatingWebhookConfigurationListMapOutput
}

ValidatingWebhookConfigurationListMapInput is an input type that accepts ValidatingWebhookConfigurationListMap and ValidatingWebhookConfigurationListMapOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationListMapInput` via: 

ValidatingWebhookConfigurationListMap{ "key": ValidatingWebhookConfigurationListArgs{...} }

type ValidatingWebhookConfigurationListMapOutput 

type ValidatingWebhookConfigurationListMapOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationListMapOutput) ElementType 

func (ValidatingWebhookConfigurationListMapOutput) ElementType() reflect.Type

func (ValidatingWebhookConfigurationListMapOutput) MapIndex 

func (o ValidatingWebhookConfigurationListMapOutput) MapIndex(k pulumi.StringInput) ValidatingWebhookConfigurationListOutput

func (ValidatingWebhookConfigurationListMapOutput) ToValidatingWebhookConfigurationListMapOutput 

func (o ValidatingWebhookConfigurationListMapOutput) ToValidatingWebhookConfigurationListMapOutput() ValidatingWebhookConfigurationListMapOutput

func (ValidatingWebhookConfigurationListMapOutput) ToValidatingWebhookConfigurationListMapOutputWithContext 

func (o ValidatingWebhookConfigurationListMapOutput) ToValidatingWebhookConfigurationListMapOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListMapOutput

type ValidatingWebhookConfigurationListOutput 

type ValidatingWebhookConfigurationListOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationListOutput) ApiVersion 

func (o ValidatingWebhookConfigurationListOutput) ApiVersion() pulumi.StringOutput

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingWebhookConfigurationListOutput) ElementType 

func (ValidatingWebhookConfigurationListOutput) ElementType() reflect.Type

func (ValidatingWebhookConfigurationListOutput) Items 

func (o ValidatingWebhookConfigurationListOutput) Items() ValidatingWebhookConfigurationTypeArrayOutput

List of ValidatingWebhookConfiguration.

func (ValidatingWebhookConfigurationListOutput) Kind 

func (o ValidatingWebhookConfigurationListOutput) Kind() pulumi.StringOutput

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingWebhookConfigurationListOutput) Metadata 

func (o ValidatingWebhookConfigurationListOutput) Metadata() metav1.ListMetaOutput

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingWebhookConfigurationListOutput) ToValidatingWebhookConfigurationListOutput 

func (o ValidatingWebhookConfigurationListOutput) ToValidatingWebhookConfigurationListOutput() ValidatingWebhookConfigurationListOutput

func (ValidatingWebhookConfigurationListOutput) ToValidatingWebhookConfigurationListOutputWithContext 

func (o ValidatingWebhookConfigurationListOutput) ToValidatingWebhookConfigurationListOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListOutput

type ValidatingWebhookConfigurationListState 

type ValidatingWebhookConfigurationListState struct {
}

func (ValidatingWebhookConfigurationListState) ElementType 

func (ValidatingWebhookConfigurationListState) ElementType() reflect.Type

type ValidatingWebhookConfigurationListType 

type ValidatingWebhookConfigurationListType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// List of ValidatingWebhookConfiguration.
	Items []ValidatingWebhookConfigurationType `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata *metav1.ListMeta `pulumi:"metadata"`
}

ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration.

type ValidatingWebhookConfigurationListTypeArgs 

type ValidatingWebhookConfigurationListTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// List of ValidatingWebhookConfiguration.
	Items ValidatingWebhookConfigurationTypeArrayInput `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaPtrInput `pulumi:"metadata"`
}

ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration.

func (ValidatingWebhookConfigurationListTypeArgs) ElementType 

func (ValidatingWebhookConfigurationListTypeArgs) ElementType() reflect.Type

func (ValidatingWebhookConfigurationListTypeArgs) ToValidatingWebhookConfigurationListTypeOutput 

func (i ValidatingWebhookConfigurationListTypeArgs) ToValidatingWebhookConfigurationListTypeOutput() ValidatingWebhookConfigurationListTypeOutput

func (ValidatingWebhookConfigurationListTypeArgs) ToValidatingWebhookConfigurationListTypeOutputWithContext 

func (i ValidatingWebhookConfigurationListTypeArgs) ToValidatingWebhookConfigurationListTypeOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListTypeOutput

type ValidatingWebhookConfigurationListTypeInput 

type ValidatingWebhookConfigurationListTypeInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationListTypeOutput() ValidatingWebhookConfigurationListTypeOutput
	ToValidatingWebhookConfigurationListTypeOutputWithContext(context.Context) ValidatingWebhookConfigurationListTypeOutput
}

ValidatingWebhookConfigurationListTypeInput is an input type that accepts ValidatingWebhookConfigurationListTypeArgs and ValidatingWebhookConfigurationListTypeOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationListTypeInput` via: 

ValidatingWebhookConfigurationListTypeArgs{...}

type ValidatingWebhookConfigurationListTypeOutput 

type ValidatingWebhookConfigurationListTypeOutput struct{ *pulumi.OutputState }

ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration.

func (ValidatingWebhookConfigurationListTypeOutput) ApiVersion 

func (o ValidatingWebhookConfigurationListTypeOutput) ApiVersion() pulumi.StringPtrOutput

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingWebhookConfigurationListTypeOutput) ElementType 

func (ValidatingWebhookConfigurationListTypeOutput) ElementType() reflect.Type

func (ValidatingWebhookConfigurationListTypeOutput) Items 

func (o ValidatingWebhookConfigurationListTypeOutput) Items() ValidatingWebhookConfigurationTypeArrayOutput

List of ValidatingWebhookConfiguration.

func (ValidatingWebhookConfigurationListTypeOutput) Kind 

func (o ValidatingWebhookConfigurationListTypeOutput) Kind() pulumi.StringPtrOutput

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingWebhookConfigurationListTypeOutput) Metadata 

func (o ValidatingWebhookConfigurationListTypeOutput) Metadata() metav1.ListMetaPtrOutput

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingWebhookConfigurationListTypeOutput) ToValidatingWebhookConfigurationListTypeOutput 

func (o ValidatingWebhookConfigurationListTypeOutput) ToValidatingWebhookConfigurationListTypeOutput() ValidatingWebhookConfigurationListTypeOutput

func (ValidatingWebhookConfigurationListTypeOutput) ToValidatingWebhookConfigurationListTypeOutputWithContext 

func (o ValidatingWebhookConfigurationListTypeOutput) ToValidatingWebhookConfigurationListTypeOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListTypeOutput

type ValidatingWebhookConfigurationMap 

type ValidatingWebhookConfigurationMap map[string]ValidatingWebhookConfigurationInput

func (ValidatingWebhookConfigurationMap) ElementType 

func (ValidatingWebhookConfigurationMap) ElementType() reflect.Type

func (ValidatingWebhookConfigurationMap) ToValidatingWebhookConfigurationMapOutput 

func (i ValidatingWebhookConfigurationMap) ToValidatingWebhookConfigurationMapOutput() ValidatingWebhookConfigurationMapOutput

func (ValidatingWebhookConfigurationMap) ToValidatingWebhookConfigurationMapOutputWithContext 

func (i ValidatingWebhookConfigurationMap) ToValidatingWebhookConfigurationMapOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationMapOutput

type ValidatingWebhookConfigurationMapInput 

type ValidatingWebhookConfigurationMapInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationMapOutput() ValidatingWebhookConfigurationMapOutput
	ToValidatingWebhookConfigurationMapOutputWithContext(context.Context) ValidatingWebhookConfigurationMapOutput
}

ValidatingWebhookConfigurationMapInput is an input type that accepts ValidatingWebhookConfigurationMap and ValidatingWebhookConfigurationMapOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationMapInput` via: 

ValidatingWebhookConfigurationMap{ "key": ValidatingWebhookConfigurationArgs{...} }

type ValidatingWebhookConfigurationMapOutput 

type ValidatingWebhookConfigurationMapOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationMapOutput) ElementType 

func (ValidatingWebhookConfigurationMapOutput) ElementType() reflect.Type

func (ValidatingWebhookConfigurationMapOutput) MapIndex 

func (o ValidatingWebhookConfigurationMapOutput) MapIndex(k pulumi.StringInput) ValidatingWebhookConfigurationOutput

func (ValidatingWebhookConfigurationMapOutput) ToValidatingWebhookConfigurationMapOutput 

func (o ValidatingWebhookConfigurationMapOutput) ToValidatingWebhookConfigurationMapOutput() ValidatingWebhookConfigurationMapOutput

func (ValidatingWebhookConfigurationMapOutput) ToValidatingWebhookConfigurationMapOutputWithContext 

func (o ValidatingWebhookConfigurationMapOutput) ToValidatingWebhookConfigurationMapOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationMapOutput

type ValidatingWebhookConfigurationOutput 

type ValidatingWebhookConfigurationOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationOutput) ApiVersion 

func (o ValidatingWebhookConfigurationOutput) ApiVersion() pulumi.StringOutput

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingWebhookConfigurationOutput) ElementType 

func (ValidatingWebhookConfigurationOutput) ElementType() reflect.Type

func (ValidatingWebhookConfigurationOutput) Kind 

func (o ValidatingWebhookConfigurationOutput) Kind() pulumi.StringOutput

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingWebhookConfigurationOutput) Metadata 

func (o ValidatingWebhookConfigurationOutput) Metadata() metav1.ObjectMetaOutput

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (ValidatingWebhookConfigurationOutput) ToValidatingWebhookConfigurationOutput 

func (o ValidatingWebhookConfigurationOutput) ToValidatingWebhookConfigurationOutput() ValidatingWebhookConfigurationOutput

func (ValidatingWebhookConfigurationOutput) ToValidatingWebhookConfigurationOutputWithContext 

func (o ValidatingWebhookConfigurationOutput) ToValidatingWebhookConfigurationOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationOutput

func (ValidatingWebhookConfigurationOutput) Webhooks 

func (o ValidatingWebhookConfigurationOutput) Webhooks() ValidatingWebhookArrayOutput

Webhooks is a list of webhooks and the affected resources and operations.

type ValidatingWebhookConfigurationPatch 

type ValidatingWebhookConfigurationPatch struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrOutput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrOutput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrOutput `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks ValidatingWebhookPatchArrayOutput `pulumi:"webhooks"`
}

Patch resources are used to modify existing Kubernetes resources by using Server-Side Apply updates. The name of the resource must be specified, but all other properties are optional. More than one patch may be applied to the same resource, and a random FieldManager name will be used for each Patch resource. Conflicts will result in an error by default, but can be forced using the "pulumi.com/patchForce" annotation. See the [Server-Side Apply Docs](https://www.pulumi.com/registry/packages/kubernetes/how-to-guides/managing-resources-with-server-side-apply/) for additional information about using Server-Side Apply to manage Kubernetes resources with Pulumi. ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.

func GetValidatingWebhookConfigurationPatch 

func GetValidatingWebhookConfigurationPatch(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ValidatingWebhookConfigurationPatchState, opts ...pulumi.ResourceOption) (*ValidatingWebhookConfigurationPatch, error)

GetValidatingWebhookConfigurationPatch gets an existing ValidatingWebhookConfigurationPatch resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewValidatingWebhookConfigurationPatch 

func NewValidatingWebhookConfigurationPatch(ctx *pulumi.Context,
	name string, args *ValidatingWebhookConfigurationPatchArgs, opts ...pulumi.ResourceOption) (*ValidatingWebhookConfigurationPatch, error)

NewValidatingWebhookConfigurationPatch registers a new resource with the given unique name, arguments, and options.

func (*ValidatingWebhookConfigurationPatch) ElementType 

func (*ValidatingWebhookConfigurationPatch) ElementType() reflect.Type

func (*ValidatingWebhookConfigurationPatch) ToValidatingWebhookConfigurationPatchOutput 

func (i *ValidatingWebhookConfigurationPatch) ToValidatingWebhookConfigurationPatchOutput() ValidatingWebhookConfigurationPatchOutput

func (*ValidatingWebhookConfigurationPatch) ToValidatingWebhookConfigurationPatchOutputWithContext 

func (i *ValidatingWebhookConfigurationPatch) ToValidatingWebhookConfigurationPatchOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchOutput

type ValidatingWebhookConfigurationPatchArgs 

type ValidatingWebhookConfigurationPatchArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrInput
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks ValidatingWebhookPatchArrayInput
}

The set of arguments for constructing a ValidatingWebhookConfigurationPatch resource.

func (ValidatingWebhookConfigurationPatchArgs) ElementType 

func (ValidatingWebhookConfigurationPatchArgs) ElementType() reflect.Type

type ValidatingWebhookConfigurationPatchArray 

type ValidatingWebhookConfigurationPatchArray []ValidatingWebhookConfigurationPatchInput

func (ValidatingWebhookConfigurationPatchArray) ElementType 

func (ValidatingWebhookConfigurationPatchArray) ElementType() reflect.Type

func (ValidatingWebhookConfigurationPatchArray) ToValidatingWebhookConfigurationPatchArrayOutput 

func (i ValidatingWebhookConfigurationPatchArray) ToValidatingWebhookConfigurationPatchArrayOutput() ValidatingWebhookConfigurationPatchArrayOutput

func (ValidatingWebhookConfigurationPatchArray) ToValidatingWebhookConfigurationPatchArrayOutputWithContext 

func (i ValidatingWebhookConfigurationPatchArray) ToValidatingWebhookConfigurationPatchArrayOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchArrayOutput

type ValidatingWebhookConfigurationPatchArrayInput 

type ValidatingWebhookConfigurationPatchArrayInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationPatchArrayOutput() ValidatingWebhookConfigurationPatchArrayOutput
	ToValidatingWebhookConfigurationPatchArrayOutputWithContext(context.Context) ValidatingWebhookConfigurationPatchArrayOutput
}

ValidatingWebhookConfigurationPatchArrayInput is an input type that accepts ValidatingWebhookConfigurationPatchArray and ValidatingWebhookConfigurationPatchArrayOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationPatchArrayInput` via: 

ValidatingWebhookConfigurationPatchArray{ ValidatingWebhookConfigurationPatchArgs{...} }

type ValidatingWebhookConfigurationPatchArrayOutput 

type ValidatingWebhookConfigurationPatchArrayOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationPatchArrayOutput) ElementType 

func (ValidatingWebhookConfigurationPatchArrayOutput) ElementType() reflect.Type

func (ValidatingWebhookConfigurationPatchArrayOutput) Index 

func (o ValidatingWebhookConfigurationPatchArrayOutput) Index(i pulumi.IntInput) ValidatingWebhookConfigurationPatchOutput

func (ValidatingWebhookConfigurationPatchArrayOutput) ToValidatingWebhookConfigurationPatchArrayOutput 

func (o ValidatingWebhookConfigurationPatchArrayOutput) ToValidatingWebhookConfigurationPatchArrayOutput() ValidatingWebhookConfigurationPatchArrayOutput

func (ValidatingWebhookConfigurationPatchArrayOutput) ToValidatingWebhookConfigurationPatchArrayOutputWithContext 

func (o ValidatingWebhookConfigurationPatchArrayOutput) ToValidatingWebhookConfigurationPatchArrayOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchArrayOutput

type ValidatingWebhookConfigurationPatchInput 

type ValidatingWebhookConfigurationPatchInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationPatchOutput() ValidatingWebhookConfigurationPatchOutput
	ToValidatingWebhookConfigurationPatchOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchOutput
}

type ValidatingWebhookConfigurationPatchMap 

type ValidatingWebhookConfigurationPatchMap map[string]ValidatingWebhookConfigurationPatchInput

func (ValidatingWebhookConfigurationPatchMap) ElementType 

func (ValidatingWebhookConfigurationPatchMap) ElementType() reflect.Type

func (ValidatingWebhookConfigurationPatchMap) ToValidatingWebhookConfigurationPatchMapOutput 

func (i ValidatingWebhookConfigurationPatchMap) ToValidatingWebhookConfigurationPatchMapOutput() ValidatingWebhookConfigurationPatchMapOutput

func (ValidatingWebhookConfigurationPatchMap) ToValidatingWebhookConfigurationPatchMapOutputWithContext 

func (i ValidatingWebhookConfigurationPatchMap) ToValidatingWebhookConfigurationPatchMapOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchMapOutput

type ValidatingWebhookConfigurationPatchMapInput 

type ValidatingWebhookConfigurationPatchMapInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationPatchMapOutput() ValidatingWebhookConfigurationPatchMapOutput
	ToValidatingWebhookConfigurationPatchMapOutputWithContext(context.Context) ValidatingWebhookConfigurationPatchMapOutput
}

ValidatingWebhookConfigurationPatchMapInput is an input type that accepts ValidatingWebhookConfigurationPatchMap and ValidatingWebhookConfigurationPatchMapOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationPatchMapInput` via: 

ValidatingWebhookConfigurationPatchMap{ "key": ValidatingWebhookConfigurationPatchArgs{...} }

type ValidatingWebhookConfigurationPatchMapOutput 

type ValidatingWebhookConfigurationPatchMapOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationPatchMapOutput) ElementType 

func (ValidatingWebhookConfigurationPatchMapOutput) ElementType() reflect.Type

func (ValidatingWebhookConfigurationPatchMapOutput) MapIndex 

func (o ValidatingWebhookConfigurationPatchMapOutput) MapIndex(k pulumi.StringInput) ValidatingWebhookConfigurationPatchOutput

func (ValidatingWebhookConfigurationPatchMapOutput) ToValidatingWebhookConfigurationPatchMapOutput 

func (o ValidatingWebhookConfigurationPatchMapOutput) ToValidatingWebhookConfigurationPatchMapOutput() ValidatingWebhookConfigurationPatchMapOutput

func (ValidatingWebhookConfigurationPatchMapOutput) ToValidatingWebhookConfigurationPatchMapOutputWithContext 

func (o ValidatingWebhookConfigurationPatchMapOutput) ToValidatingWebhookConfigurationPatchMapOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchMapOutput

type ValidatingWebhookConfigurationPatchOutput 

type ValidatingWebhookConfigurationPatchOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationPatchOutput) ApiVersion 

func (o ValidatingWebhookConfigurationPatchOutput) ApiVersion() pulumi.StringPtrOutput

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingWebhookConfigurationPatchOutput) ElementType 

func (ValidatingWebhookConfigurationPatchOutput) ElementType() reflect.Type

func (ValidatingWebhookConfigurationPatchOutput) Kind 

func (o ValidatingWebhookConfigurationPatchOutput) Kind() pulumi.StringPtrOutput

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingWebhookConfigurationPatchOutput) Metadata 

func (o ValidatingWebhookConfigurationPatchOutput) Metadata() metav1.ObjectMetaPatchPtrOutput

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (ValidatingWebhookConfigurationPatchOutput) ToValidatingWebhookConfigurationPatchOutput 

func (o ValidatingWebhookConfigurationPatchOutput) ToValidatingWebhookConfigurationPatchOutput() ValidatingWebhookConfigurationPatchOutput

func (ValidatingWebhookConfigurationPatchOutput) ToValidatingWebhookConfigurationPatchOutputWithContext 

func (o ValidatingWebhookConfigurationPatchOutput) ToValidatingWebhookConfigurationPatchOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchOutput

func (ValidatingWebhookConfigurationPatchOutput) Webhooks 

func (o ValidatingWebhookConfigurationPatchOutput) Webhooks() ValidatingWebhookPatchArrayOutput

Webhooks is a list of webhooks and the affected resources and operations.

type ValidatingWebhookConfigurationPatchState 

type ValidatingWebhookConfigurationPatchState struct {
}

func (ValidatingWebhookConfigurationPatchState) ElementType 

func (ValidatingWebhookConfigurationPatchState) ElementType() reflect.Type

type ValidatingWebhookConfigurationPatchType 

type ValidatingWebhookConfigurationPatchType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata *metav1.ObjectMetaPatch `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks []ValidatingWebhookPatch `pulumi:"webhooks"`
}

ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.

type ValidatingWebhookConfigurationPatchTypeArgs 

type ValidatingWebhookConfigurationPatchTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrInput `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks ValidatingWebhookPatchArrayInput `pulumi:"webhooks"`
}

ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.

func (ValidatingWebhookConfigurationPatchTypeArgs) ElementType 

func (ValidatingWebhookConfigurationPatchTypeArgs) ElementType() reflect.Type

func (ValidatingWebhookConfigurationPatchTypeArgs) ToValidatingWebhookConfigurationPatchTypeOutput 

func (i ValidatingWebhookConfigurationPatchTypeArgs) ToValidatingWebhookConfigurationPatchTypeOutput() ValidatingWebhookConfigurationPatchTypeOutput

func (ValidatingWebhookConfigurationPatchTypeArgs) ToValidatingWebhookConfigurationPatchTypeOutputWithContext 

func (i ValidatingWebhookConfigurationPatchTypeArgs) ToValidatingWebhookConfigurationPatchTypeOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchTypeOutput

type ValidatingWebhookConfigurationPatchTypeInput 

type ValidatingWebhookConfigurationPatchTypeInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationPatchTypeOutput() ValidatingWebhookConfigurationPatchTypeOutput
	ToValidatingWebhookConfigurationPatchTypeOutputWithContext(context.Context) ValidatingWebhookConfigurationPatchTypeOutput
}

ValidatingWebhookConfigurationPatchTypeInput is an input type that accepts ValidatingWebhookConfigurationPatchTypeArgs and ValidatingWebhookConfigurationPatchTypeOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationPatchTypeInput` via: 

ValidatingWebhookConfigurationPatchTypeArgs{...}

type ValidatingWebhookConfigurationPatchTypeOutput 

type ValidatingWebhookConfigurationPatchTypeOutput struct{ *pulumi.OutputState }

ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.

func (ValidatingWebhookConfigurationPatchTypeOutput) ApiVersion 

func (o ValidatingWebhookConfigurationPatchTypeOutput) ApiVersion() pulumi.StringPtrOutput

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingWebhookConfigurationPatchTypeOutput) ElementType 

func (ValidatingWebhookConfigurationPatchTypeOutput) ElementType() reflect.Type

func (ValidatingWebhookConfigurationPatchTypeOutput) Kind 

func (o ValidatingWebhookConfigurationPatchTypeOutput) Kind() pulumi.StringPtrOutput

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingWebhookConfigurationPatchTypeOutput) Metadata 

func (o ValidatingWebhookConfigurationPatchTypeOutput) Metadata() metav1.ObjectMetaPatchPtrOutput

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (ValidatingWebhookConfigurationPatchTypeOutput) ToValidatingWebhookConfigurationPatchTypeOutput 

func (o ValidatingWebhookConfigurationPatchTypeOutput) ToValidatingWebhookConfigurationPatchTypeOutput() ValidatingWebhookConfigurationPatchTypeOutput

func (ValidatingWebhookConfigurationPatchTypeOutput) ToValidatingWebhookConfigurationPatchTypeOutputWithContext 

func (o ValidatingWebhookConfigurationPatchTypeOutput) ToValidatingWebhookConfigurationPatchTypeOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchTypeOutput

func (ValidatingWebhookConfigurationPatchTypeOutput) Webhooks 

func (o ValidatingWebhookConfigurationPatchTypeOutput) Webhooks() ValidatingWebhookPatchArrayOutput

Webhooks is a list of webhooks and the affected resources and operations.

type ValidatingWebhookConfigurationState 

type ValidatingWebhookConfigurationState struct {
}

func (ValidatingWebhookConfigurationState) ElementType 

func (ValidatingWebhookConfigurationState) ElementType() reflect.Type

type ValidatingWebhookConfigurationType 

type ValidatingWebhookConfigurationType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata *metav1.ObjectMeta `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks []ValidatingWebhook `pulumi:"webhooks"`
}

ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.

type ValidatingWebhookConfigurationTypeArgs 

type ValidatingWebhookConfigurationTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPtrInput `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks ValidatingWebhookArrayInput `pulumi:"webhooks"`
}

ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.

func (ValidatingWebhookConfigurationTypeArgs) ElementType 

func (ValidatingWebhookConfigurationTypeArgs) ElementType() reflect.Type

func (ValidatingWebhookConfigurationTypeArgs) ToValidatingWebhookConfigurationTypeOutput 

func (i ValidatingWebhookConfigurationTypeArgs) ToValidatingWebhookConfigurationTypeOutput() ValidatingWebhookConfigurationTypeOutput

func (ValidatingWebhookConfigurationTypeArgs) ToValidatingWebhookConfigurationTypeOutputWithContext 

func (i ValidatingWebhookConfigurationTypeArgs) ToValidatingWebhookConfigurationTypeOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationTypeOutput

type ValidatingWebhookConfigurationTypeArray 

type ValidatingWebhookConfigurationTypeArray []ValidatingWebhookConfigurationTypeInput

func (ValidatingWebhookConfigurationTypeArray) ElementType 

func (ValidatingWebhookConfigurationTypeArray) ElementType() reflect.Type

func (ValidatingWebhookConfigurationTypeArray) ToValidatingWebhookConfigurationTypeArrayOutput 

func (i ValidatingWebhookConfigurationTypeArray) ToValidatingWebhookConfigurationTypeArrayOutput() ValidatingWebhookConfigurationTypeArrayOutput

func (ValidatingWebhookConfigurationTypeArray) ToValidatingWebhookConfigurationTypeArrayOutputWithContext 

func (i ValidatingWebhookConfigurationTypeArray) ToValidatingWebhookConfigurationTypeArrayOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationTypeArrayOutput

type ValidatingWebhookConfigurationTypeArrayInput 

type ValidatingWebhookConfigurationTypeArrayInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationTypeArrayOutput() ValidatingWebhookConfigurationTypeArrayOutput
	ToValidatingWebhookConfigurationTypeArrayOutputWithContext(context.Context) ValidatingWebhookConfigurationTypeArrayOutput
}

ValidatingWebhookConfigurationTypeArrayInput is an input type that accepts ValidatingWebhookConfigurationTypeArray and ValidatingWebhookConfigurationTypeArrayOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationTypeArrayInput` via: 

ValidatingWebhookConfigurationTypeArray{ ValidatingWebhookConfigurationTypeArgs{...} }

type ValidatingWebhookConfigurationTypeArrayOutput 

type ValidatingWebhookConfigurationTypeArrayOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationTypeArrayOutput) ElementType 

func (ValidatingWebhookConfigurationTypeArrayOutput) ElementType() reflect.Type

func (ValidatingWebhookConfigurationTypeArrayOutput) Index 

func (o ValidatingWebhookConfigurationTypeArrayOutput) Index(i pulumi.IntInput) ValidatingWebhookConfigurationTypeOutput

func (ValidatingWebhookConfigurationTypeArrayOutput) ToValidatingWebhookConfigurationTypeArrayOutput 

func (o ValidatingWebhookConfigurationTypeArrayOutput) ToValidatingWebhookConfigurationTypeArrayOutput() ValidatingWebhookConfigurationTypeArrayOutput

func (ValidatingWebhookConfigurationTypeArrayOutput) ToValidatingWebhookConfigurationTypeArrayOutputWithContext 

func (o ValidatingWebhookConfigurationTypeArrayOutput) ToValidatingWebhookConfigurationTypeArrayOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationTypeArrayOutput

type ValidatingWebhookConfigurationTypeInput 

type ValidatingWebhookConfigurationTypeInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationTypeOutput() ValidatingWebhookConfigurationTypeOutput
	ToValidatingWebhookConfigurationTypeOutputWithContext(context.Context) ValidatingWebhookConfigurationTypeOutput
}

ValidatingWebhookConfigurationTypeInput is an input type that accepts ValidatingWebhookConfigurationTypeArgs and ValidatingWebhookConfigurationTypeOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationTypeInput` via: 

ValidatingWebhookConfigurationTypeArgs{...}

type ValidatingWebhookConfigurationTypeOutput 

type ValidatingWebhookConfigurationTypeOutput struct{ *pulumi.OutputState }

ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.

func (ValidatingWebhookConfigurationTypeOutput) ApiVersion 

func (o ValidatingWebhookConfigurationTypeOutput) ApiVersion() pulumi.StringPtrOutput

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingWebhookConfigurationTypeOutput) ElementType 

func (ValidatingWebhookConfigurationTypeOutput) ElementType() reflect.Type

func (ValidatingWebhookConfigurationTypeOutput) Kind 

func (o ValidatingWebhookConfigurationTypeOutput) Kind() pulumi.StringPtrOutput

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingWebhookConfigurationTypeOutput) Metadata 

func (o ValidatingWebhookConfigurationTypeOutput) Metadata() metav1.ObjectMetaPtrOutput

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (ValidatingWebhookConfigurationTypeOutput) ToValidatingWebhookConfigurationTypeOutput 

func (o ValidatingWebhookConfigurationTypeOutput) ToValidatingWebhookConfigurationTypeOutput() ValidatingWebhookConfigurationTypeOutput

func (ValidatingWebhookConfigurationTypeOutput) ToValidatingWebhookConfigurationTypeOutputWithContext 

func (o ValidatingWebhookConfigurationTypeOutput) ToValidatingWebhookConfigurationTypeOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationTypeOutput

func (ValidatingWebhookConfigurationTypeOutput) Webhooks 

func (o ValidatingWebhookConfigurationTypeOutput) Webhooks() ValidatingWebhookArrayOutput

Webhooks is a list of webhooks and the affected resources and operations.

type ValidatingWebhookInput 

type ValidatingWebhookInput interface {
	pulumi.Input

	ToValidatingWebhookOutput() ValidatingWebhookOutput
	ToValidatingWebhookOutputWithContext(context.Context) ValidatingWebhookOutput
}

ValidatingWebhookInput is an input type that accepts ValidatingWebhookArgs and ValidatingWebhookOutput values. You can construct a concrete instance of `ValidatingWebhookInput` via: 

ValidatingWebhookArgs{...}

type ValidatingWebhookOutput 

type ValidatingWebhookOutput struct{ *pulumi.OutputState }

ValidatingWebhook describes an admission webhook and the resources and operations it applies to.

func (ValidatingWebhookOutput) AdmissionReviewVersions 

func (o ValidatingWebhookOutput) AdmissionReviewVersions() pulumi.StringArrayOutput

AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.

func (ValidatingWebhookOutput) ClientConfig 

func (o ValidatingWebhookOutput) ClientConfig() WebhookClientConfigOutput

ClientConfig defines how to communicate with the hook. Required

func (ValidatingWebhookOutput) ElementType 

func (ValidatingWebhookOutput) ElementType() reflect.Type

func (ValidatingWebhookOutput) FailurePolicy 

func (o ValidatingWebhookOutput) FailurePolicy() pulumi.StringPtrOutput

FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.

func (ValidatingWebhookOutput) MatchConditions 

func (o ValidatingWebhookOutput) MatchConditions() MatchConditionArrayOutput

MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.

The exact matching logic is (in order):

  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
  2. If ALL matchConditions evaluate to TRUE, the webhook is called.
  3. If any matchCondition evaluates to an error (but none are FALSE): - If failurePolicy=Fail, reject the request - If failurePolicy=Ignore, the error is ignored and the webhook is skipped

func (ValidatingWebhookOutput) MatchPolicy 

func (o ValidatingWebhookOutput) MatchPolicy() pulumi.StringPtrOutput

matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.

- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.

Defaults to "Equivalent"

func (ValidatingWebhookOutput) Name 

func (o ValidatingWebhookOutput) Name() pulumi.StringOutput

The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.

func (ValidatingWebhookOutput) NamespaceSelector 

func (o ValidatingWebhookOutput) NamespaceSelector() metav1.LabelSelectorPtrOutput

NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook. 

For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "runlevel",
      "operator": "NotIn",
      "values": [
        "0",
        "1"
      ]
    }
  ]
}

If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "environment",
      "operator": "In",
      "values": [
        "prod",
        "staging"
      ]
    }
  ]
}

See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

func (ValidatingWebhookOutput) ObjectSelector 

func (o ValidatingWebhookOutput) ObjectSelector() metav1.LabelSelectorPtrOutput

ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.

func (ValidatingWebhookOutput) Rules 

func (o ValidatingWebhookOutput) Rules() RuleWithOperationsArrayOutput

Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.

func (ValidatingWebhookOutput) SideEffects 

func (o ValidatingWebhookOutput) SideEffects() pulumi.StringOutput

SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.

func (ValidatingWebhookOutput) TimeoutSeconds 

func (o ValidatingWebhookOutput) TimeoutSeconds() pulumi.IntPtrOutput

TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.

func (ValidatingWebhookOutput) ToValidatingWebhookOutput 

func (o ValidatingWebhookOutput) ToValidatingWebhookOutput() ValidatingWebhookOutput

func (ValidatingWebhookOutput) ToValidatingWebhookOutputWithContext 

func (o ValidatingWebhookOutput) ToValidatingWebhookOutputWithContext(ctx context.Context) ValidatingWebhookOutput

type ValidatingWebhookPatch 

type ValidatingWebhookPatch struct {
	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
	AdmissionReviewVersions []string `pulumi:"admissionReviewVersions"`
	// ClientConfig defines how to communicate with the hook. Required
	ClientConfig *WebhookClientConfigPatch `pulumi:"clientConfig"`
	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy *string `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
	MatchConditions []MatchConditionPatch `pulumi:"matchConditions"`
	// matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
	//
	// Defaults to "Equivalent"
	MatchPolicy *string `pulumi:"matchPolicy"`
	// The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
	Name *string `pulumi:"name"`
	// NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector *metav1.LabelSelectorPatch `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector *metav1.LabelSelectorPatch `pulumi:"objectSelector"`
	// Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
	Rules []RuleWithOperationsPatch `pulumi:"rules"`
	// SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
	SideEffects *string `pulumi:"sideEffects"`
	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
	TimeoutSeconds *int `pulumi:"timeoutSeconds"`
}

ValidatingWebhook describes an admission webhook and the resources and operations it applies to.

type ValidatingWebhookPatchArgs 

type ValidatingWebhookPatchArgs struct {
	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
	AdmissionReviewVersions pulumi.StringArrayInput `pulumi:"admissionReviewVersions"`
	// ClientConfig defines how to communicate with the hook. Required
	ClientConfig WebhookClientConfigPatchPtrInput `pulumi:"clientConfig"`
	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy pulumi.StringPtrInput `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
	MatchConditions MatchConditionPatchArrayInput `pulumi:"matchConditions"`
	// matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
	//
	// Defaults to "Equivalent"
	MatchPolicy pulumi.StringPtrInput `pulumi:"matchPolicy"`
	// The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
	Name pulumi.StringPtrInput `pulumi:"name"`
	// NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector metav1.LabelSelectorPatchPtrInput `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector metav1.LabelSelectorPatchPtrInput `pulumi:"objectSelector"`
	// Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
	Rules RuleWithOperationsPatchArrayInput `pulumi:"rules"`
	// SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
	SideEffects pulumi.StringPtrInput `pulumi:"sideEffects"`
	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
	TimeoutSeconds pulumi.IntPtrInput `pulumi:"timeoutSeconds"`
}

ValidatingWebhook describes an admission webhook and the resources and operations it applies to.

func (ValidatingWebhookPatchArgs) ElementType 

func (ValidatingWebhookPatchArgs) ElementType() reflect.Type

func (ValidatingWebhookPatchArgs) ToValidatingWebhookPatchOutput 

func (i ValidatingWebhookPatchArgs) ToValidatingWebhookPatchOutput() ValidatingWebhookPatchOutput

func (ValidatingWebhookPatchArgs) ToValidatingWebhookPatchOutputWithContext 

func (i ValidatingWebhookPatchArgs) ToValidatingWebhookPatchOutputWithContext(ctx context.Context) ValidatingWebhookPatchOutput

type ValidatingWebhookPatchArray 

type ValidatingWebhookPatchArray []ValidatingWebhookPatchInput

func (ValidatingWebhookPatchArray) ElementType 

func (ValidatingWebhookPatchArray) ElementType() reflect.Type

func (ValidatingWebhookPatchArray) ToValidatingWebhookPatchArrayOutput 

func (i ValidatingWebhookPatchArray) ToValidatingWebhookPatchArrayOutput() ValidatingWebhookPatchArrayOutput

func (ValidatingWebhookPatchArray) ToValidatingWebhookPatchArrayOutputWithContext 

func (i ValidatingWebhookPatchArray) ToValidatingWebhookPatchArrayOutputWithContext(ctx context.Context) ValidatingWebhookPatchArrayOutput

type ValidatingWebhookPatchArrayInput 

type ValidatingWebhookPatchArrayInput interface {
	pulumi.Input

	ToValidatingWebhookPatchArrayOutput() ValidatingWebhookPatchArrayOutput
	ToValidatingWebhookPatchArrayOutputWithContext(context.Context) ValidatingWebhookPatchArrayOutput
}

ValidatingWebhookPatchArrayInput is an input type that accepts ValidatingWebhookPatchArray and ValidatingWebhookPatchArrayOutput values. You can construct a concrete instance of `ValidatingWebhookPatchArrayInput` via: 

ValidatingWebhookPatchArray{ ValidatingWebhookPatchArgs{...} }

type ValidatingWebhookPatchArrayOutput 

type ValidatingWebhookPatchArrayOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookPatchArrayOutput) ElementType 

func (ValidatingWebhookPatchArrayOutput) ElementType() reflect.Type

func (ValidatingWebhookPatchArrayOutput) Index 

func (o ValidatingWebhookPatchArrayOutput) Index(i pulumi.IntInput) ValidatingWebhookPatchOutput

func (ValidatingWebhookPatchArrayOutput) ToValidatingWebhookPatchArrayOutput 

func (o ValidatingWebhookPatchArrayOutput) ToValidatingWebhookPatchArrayOutput() ValidatingWebhookPatchArrayOutput

func (ValidatingWebhookPatchArrayOutput) ToValidatingWebhookPatchArrayOutputWithContext 

func (o ValidatingWebhookPatchArrayOutput) ToValidatingWebhookPatchArrayOutputWithContext(ctx context.Context) ValidatingWebhookPatchArrayOutput

type ValidatingWebhookPatchInput 

type ValidatingWebhookPatchInput interface {
	pulumi.Input

	ToValidatingWebhookPatchOutput() ValidatingWebhookPatchOutput
	ToValidatingWebhookPatchOutputWithContext(context.Context) ValidatingWebhookPatchOutput
}

ValidatingWebhookPatchInput is an input type that accepts ValidatingWebhookPatchArgs and ValidatingWebhookPatchOutput values. You can construct a concrete instance of `ValidatingWebhookPatchInput` via: 

ValidatingWebhookPatchArgs{...}

type ValidatingWebhookPatchOutput 

type ValidatingWebhookPatchOutput struct{ *pulumi.OutputState }

ValidatingWebhook describes an admission webhook and the resources and operations it applies to.

func (ValidatingWebhookPatchOutput) AdmissionReviewVersions 

func (o ValidatingWebhookPatchOutput) AdmissionReviewVersions() pulumi.StringArrayOutput

AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.

func (ValidatingWebhookPatchOutput) ClientConfig 

func (o ValidatingWebhookPatchOutput) ClientConfig() WebhookClientConfigPatchPtrOutput

ClientConfig defines how to communicate with the hook. Required

func (ValidatingWebhookPatchOutput) ElementType 

func (ValidatingWebhookPatchOutput) ElementType() reflect.Type

func (ValidatingWebhookPatchOutput) FailurePolicy 

func (o ValidatingWebhookPatchOutput) FailurePolicy() pulumi.StringPtrOutput

FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.

func (ValidatingWebhookPatchOutput) MatchConditions 

func (o ValidatingWebhookPatchOutput) MatchConditions() MatchConditionPatchArrayOutput

MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.

The exact matching logic is (in order):

  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
  2. If ALL matchConditions evaluate to TRUE, the webhook is called.
  3. If any matchCondition evaluates to an error (but none are FALSE): - If failurePolicy=Fail, reject the request - If failurePolicy=Ignore, the error is ignored and the webhook is skipped

func (ValidatingWebhookPatchOutput) MatchPolicy 

func (o ValidatingWebhookPatchOutput) MatchPolicy() pulumi.StringPtrOutput

matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.

- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.

Defaults to "Equivalent"

func (ValidatingWebhookPatchOutput) Name 

func (o ValidatingWebhookPatchOutput) Name() pulumi.StringPtrOutput

The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.

func (ValidatingWebhookPatchOutput) NamespaceSelector 

func (o ValidatingWebhookPatchOutput) NamespaceSelector() metav1.LabelSelectorPatchPtrOutput

NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook. 

For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "runlevel",
      "operator": "NotIn",
      "values": [
        "0",
        "1"
      ]
    }
  ]
}

If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "environment",
      "operator": "In",
      "values": [
        "prod",
        "staging"
      ]
    }
  ]
}

See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

func (ValidatingWebhookPatchOutput) ObjectSelector 

func (o ValidatingWebhookPatchOutput) ObjectSelector() metav1.LabelSelectorPatchPtrOutput

ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.

func (ValidatingWebhookPatchOutput) Rules 

func (o ValidatingWebhookPatchOutput) Rules() RuleWithOperationsPatchArrayOutput

Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.

func (ValidatingWebhookPatchOutput) SideEffects 

func (o ValidatingWebhookPatchOutput) SideEffects() pulumi.StringPtrOutput

SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.

func (ValidatingWebhookPatchOutput) TimeoutSeconds 

func (o ValidatingWebhookPatchOutput) TimeoutSeconds() pulumi.IntPtrOutput

TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.

func (ValidatingWebhookPatchOutput) ToValidatingWebhookPatchOutput 

func (o ValidatingWebhookPatchOutput) ToValidatingWebhookPatchOutput() ValidatingWebhookPatchOutput

func (ValidatingWebhookPatchOutput) ToValidatingWebhookPatchOutputWithContext 

func (o ValidatingWebhookPatchOutput) ToValidatingWebhookPatchOutputWithContext(ctx context.Context) ValidatingWebhookPatchOutput

type Validation added in v4.11.0 

type Validation struct {
	// Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:
	//
	// - 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. - 'variables' - Map of composited variables, from its name to its lazily evaluated value.
	//   For example, a variable named 'foo' can be accessed as 'variables.foo'.
	// - 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
	// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
	//   request resource.
	//
	// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object. No other metadata properties are accessible.
	//
	// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:
	// 	  "true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if",
	// 	  "import", "let", "loop", "package", "namespace", "return".
	// Examples:
	//   - Expression accessing a property named "namespace": {"Expression": "object.__namespace__ > 0"}
	//   - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"}
	//   - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"}
	//
	// Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:
	//   - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and
	//     non-intersecting elements in `Y` are appended, retaining their partial order.
	//   - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values
	//     are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with
	//     non-intersecting keys are appended, retaining their partial order.
	//     Required.
	Expression string `pulumi:"expression"`
	// Message represents the message displayed when validation fails. The message is required if the Expression contains line breaks. The message must not contain line breaks. If unset, the message is "failed rule: {Rule}". e.g. "must be a URL with the host matching spec.host" If the Expression contains line breaks. Message is required. The message must not contain line breaks. If unset, the message is "failed Expression: {Expression}".
	Message *string `pulumi:"message"`
	// messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'. Example: "object.x must be less than max ("+string(params.max)+")"
	MessageExpression *string `pulumi:"messageExpression"`
	// Reason represents a machine-readable description of why this validation failed. If this is the first validation in the list to fail, this reason, as well as the corresponding HTTP response code, are used in the HTTP response to the client. The currently supported reasons are: "Unauthorized", "Forbidden", "Invalid", "RequestEntityTooLarge". If not set, StatusReasonInvalid is used in the response to the client.
	Reason *string `pulumi:"reason"`
}

Validation specifies the CEL expression which is used to apply the validation.

type ValidationArgs added in v4.11.0 

type ValidationArgs struct {
	// Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:
	//
	// - 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. - 'variables' - Map of composited variables, from its name to its lazily evaluated value.
	//   For example, a variable named 'foo' can be accessed as 'variables.foo'.
	// - 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
	// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
	//   request resource.
	//
	// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object. No other metadata properties are accessible.
	//
	// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:
	// 	  "true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if",
	// 	  "import", "let", "loop", "package", "namespace", "return".
	// Examples:
	//   - Expression accessing a property named "namespace": {"Expression": "object.__namespace__ > 0"}
	//   - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"}
	//   - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"}
	//
	// Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:
	//   - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and
	//     non-intersecting elements in `Y` are appended, retaining their partial order.
	//   - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values
	//     are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with
	//     non-intersecting keys are appended, retaining their partial order.
	//     Required.
	Expression pulumi.StringInput `pulumi:"expression"`
	// Message represents the message displayed when validation fails. The message is required if the Expression contains line breaks. The message must not contain line breaks. If unset, the message is "failed rule: {Rule}". e.g. "must be a URL with the host matching spec.host" If the Expression contains line breaks. Message is required. The message must not contain line breaks. If unset, the message is "failed Expression: {Expression}".
	Message pulumi.StringPtrInput `pulumi:"message"`
	// messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'. Example: "object.x must be less than max ("+string(params.max)+")"
	MessageExpression pulumi.StringPtrInput `pulumi:"messageExpression"`
	// Reason represents a machine-readable description of why this validation failed. If this is the first validation in the list to fail, this reason, as well as the corresponding HTTP response code, are used in the HTTP response to the client. The currently supported reasons are: "Unauthorized", "Forbidden", "Invalid", "RequestEntityTooLarge". If not set, StatusReasonInvalid is used in the response to the client.
	Reason pulumi.StringPtrInput `pulumi:"reason"`
}

Validation specifies the CEL expression which is used to apply the validation.

func (ValidationArgs) ElementType added in v4.11.0 

func (ValidationArgs) ElementType() reflect.Type

func (ValidationArgs) ToValidationOutput added in v4.11.0 

func (i ValidationArgs) ToValidationOutput() ValidationOutput

func (ValidationArgs) ToValidationOutputWithContext added in v4.11.0 

func (i ValidationArgs) ToValidationOutputWithContext(ctx context.Context) ValidationOutput

type ValidationArray added in v4.11.0 

type ValidationArray []ValidationInput

func (ValidationArray) ElementType added in v4.11.0 

func (ValidationArray) ElementType() reflect.Type

func (ValidationArray) ToValidationArrayOutput added in v4.11.0 

func (i ValidationArray) ToValidationArrayOutput() ValidationArrayOutput

func (ValidationArray) ToValidationArrayOutputWithContext added in v4.11.0 

func (i ValidationArray) ToValidationArrayOutputWithContext(ctx context.Context) ValidationArrayOutput

type ValidationArrayInput added in v4.11.0 

type ValidationArrayInput interface {
	pulumi.Input

	ToValidationArrayOutput() ValidationArrayOutput
	ToValidationArrayOutputWithContext(context.Context) ValidationArrayOutput
}

ValidationArrayInput is an input type that accepts ValidationArray and ValidationArrayOutput values. You can construct a concrete instance of `ValidationArrayInput` via: 

ValidationArray{ ValidationArgs{...} }

type ValidationArrayOutput added in v4.11.0 

type ValidationArrayOutput struct{ *pulumi.OutputState }

func (ValidationArrayOutput) ElementType added in v4.11.0 

func (ValidationArrayOutput) ElementType() reflect.Type

func (ValidationArrayOutput) Index added in v4.11.0 

func (o ValidationArrayOutput) Index(i pulumi.IntInput) ValidationOutput

func (ValidationArrayOutput) ToValidationArrayOutput added in v4.11.0 

func (o ValidationArrayOutput) ToValidationArrayOutput() ValidationArrayOutput

func (ValidationArrayOutput) ToValidationArrayOutputWithContext added in v4.11.0 

func (o ValidationArrayOutput) ToValidationArrayOutputWithContext(ctx context.Context) ValidationArrayOutput

type ValidationInput added in v4.11.0 

type ValidationInput interface {
	pulumi.Input

	ToValidationOutput() ValidationOutput
	ToValidationOutputWithContext(context.Context) ValidationOutput
}

ValidationInput is an input type that accepts ValidationArgs and ValidationOutput values. You can construct a concrete instance of `ValidationInput` via: 

ValidationArgs{...}

type ValidationOutput added in v4.11.0 

type ValidationOutput struct{ *pulumi.OutputState }

Validation specifies the CEL expression which is used to apply the validation.

func (ValidationOutput) ElementType added in v4.11.0 

func (ValidationOutput) ElementType() reflect.Type

func (ValidationOutput) Expression added in v4.11.0 

func (o ValidationOutput) Expression() pulumi.StringOutput

Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:

  • 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. - 'variables' - Map of composited variables, from its name to its lazily evaluated value. For example, a variable named 'foo' can be accessed as 'variables.foo'.
  • 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request. See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
  • 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the request resource.

The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object. No other metadata properties are accessible.

Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are: 

"true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if",
"import", "let", "loop", "package", "namespace", "return".

Examples:

  • Expression accessing a property named "namespace": {"Expression": "object.__namespace__ > 0"}
  • Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"}
  • Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"}

Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:

  • 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and non-intersecting elements in `Y` are appended, retaining their partial order.
  • 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with non-intersecting keys are appended, retaining their partial order. Required.

func (ValidationOutput) Message added in v4.11.0 

func (o ValidationOutput) Message() pulumi.StringPtrOutput

Message represents the message displayed when validation fails. The message is required if the Expression contains line breaks. The message must not contain line breaks. If unset, the message is "failed rule: {Rule}". e.g. "must be a URL with the host matching spec.host" If the Expression contains line breaks. Message is required. The message must not contain line breaks. If unset, the message is "failed Expression: {Expression}".

func (ValidationOutput) MessageExpression added in v4.11.0 

func (o ValidationOutput) MessageExpression() pulumi.StringPtrOutput

messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'. Example: "object.x must be less than max ("+string(params.max)+")"

func (ValidationOutput) Reason added in v4.11.0 

func (o ValidationOutput) Reason() pulumi.StringPtrOutput

Reason represents a machine-readable description of why this validation failed. If this is the first validation in the list to fail, this reason, as well as the corresponding HTTP response code, are used in the HTTP response to the client. The currently supported reasons are: "Unauthorized", "Forbidden", "Invalid", "RequestEntityTooLarge". If not set, StatusReasonInvalid is used in the response to the client.

func (ValidationOutput) ToValidationOutput added in v4.11.0 

func (o ValidationOutput) ToValidationOutput() ValidationOutput

func (ValidationOutput) ToValidationOutputWithContext added in v4.11.0 

func (o ValidationOutput) ToValidationOutputWithContext(ctx context.Context) ValidationOutput

type ValidationPatch added in v4.11.0 

type ValidationPatch struct {
	// Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:
	//
	// - 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. - 'variables' - Map of composited variables, from its name to its lazily evaluated value.
	//   For example, a variable named 'foo' can be accessed as 'variables.foo'.
	// - 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
	// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
	//   request resource.
	//
	// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object. No other metadata properties are accessible.
	//
	// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:
	// 	  "true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if",
	// 	  "import", "let", "loop", "package", "namespace", "return".
	// Examples:
	//   - Expression accessing a property named "namespace": {"Expression": "object.__namespace__ > 0"}
	//   - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"}
	//   - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"}
	//
	// Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:
	//   - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and
	//     non-intersecting elements in `Y` are appended, retaining their partial order.
	//   - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values
	//     are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with
	//     non-intersecting keys are appended, retaining their partial order.
	//     Required.
	Expression *string `pulumi:"expression"`
	// Message represents the message displayed when validation fails. The message is required if the Expression contains line breaks. The message must not contain line breaks. If unset, the message is "failed rule: {Rule}". e.g. "must be a URL with the host matching spec.host" If the Expression contains line breaks. Message is required. The message must not contain line breaks. If unset, the message is "failed Expression: {Expression}".
	Message *string `pulumi:"message"`
	// messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'. Example: "object.x must be less than max ("+string(params.max)+")"
	MessageExpression *string `pulumi:"messageExpression"`
	// Reason represents a machine-readable description of why this validation failed. If this is the first validation in the list to fail, this reason, as well as the corresponding HTTP response code, are used in the HTTP response to the client. The currently supported reasons are: "Unauthorized", "Forbidden", "Invalid", "RequestEntityTooLarge". If not set, StatusReasonInvalid is used in the response to the client.
	Reason *string `pulumi:"reason"`
}

Validation specifies the CEL expression which is used to apply the validation.

type ValidationPatchArgs added in v4.11.0 

type ValidationPatchArgs struct {
	// Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:
	//
	// - 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. - 'variables' - Map of composited variables, from its name to its lazily evaluated value.
	//   For example, a variable named 'foo' can be accessed as 'variables.foo'.
	// - 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
	// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
	//   request resource.
	//
	// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object. No other metadata properties are accessible.
	//
	// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:
	// 	  "true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if",
	// 	  "import", "let", "loop", "package", "namespace", "return".
	// Examples:
	//   - Expression accessing a property named "namespace": {"Expression": "object.__namespace__ > 0"}
	//   - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"}
	//   - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"}
	//
	// Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:
	//   - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and
	//     non-intersecting elements in `Y` are appended, retaining their partial order.
	//   - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values
	//     are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with
	//     non-intersecting keys are appended, retaining their partial order.
	//     Required.
	Expression pulumi.StringPtrInput `pulumi:"expression"`
	// Message represents the message displayed when validation fails. The message is required if the Expression contains line breaks. The message must not contain line breaks. If unset, the message is "failed rule: {Rule}". e.g. "must be a URL with the host matching spec.host" If the Expression contains line breaks. Message is required. The message must not contain line breaks. If unset, the message is "failed Expression: {Expression}".
	Message pulumi.StringPtrInput `pulumi:"message"`
	// messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'. Example: "object.x must be less than max ("+string(params.max)+")"
	MessageExpression pulumi.StringPtrInput `pulumi:"messageExpression"`
	// Reason represents a machine-readable description of why this validation failed. If this is the first validation in the list to fail, this reason, as well as the corresponding HTTP response code, are used in the HTTP response to the client. The currently supported reasons are: "Unauthorized", "Forbidden", "Invalid", "RequestEntityTooLarge". If not set, StatusReasonInvalid is used in the response to the client.
	Reason pulumi.StringPtrInput `pulumi:"reason"`
}

Validation specifies the CEL expression which is used to apply the validation.

func (ValidationPatchArgs) ElementType added in v4.11.0 

func (ValidationPatchArgs) ElementType() reflect.Type

func (ValidationPatchArgs) ToValidationPatchOutput added in v4.11.0 

func (i ValidationPatchArgs) ToValidationPatchOutput() ValidationPatchOutput

func (ValidationPatchArgs) ToValidationPatchOutputWithContext added in v4.11.0 

func (i ValidationPatchArgs) ToValidationPatchOutputWithContext(ctx context.Context) ValidationPatchOutput

type ValidationPatchArray added in v4.11.0 

type ValidationPatchArray []ValidationPatchInput

func (ValidationPatchArray) ElementType added in v4.11.0 

func (ValidationPatchArray) ElementType() reflect.Type

func (ValidationPatchArray) ToValidationPatchArrayOutput added in v4.11.0 

func (i ValidationPatchArray) ToValidationPatchArrayOutput() ValidationPatchArrayOutput

func (ValidationPatchArray) ToValidationPatchArrayOutputWithContext added in v4.11.0 

func (i ValidationPatchArray) ToValidationPatchArrayOutputWithContext(ctx context.Context) ValidationPatchArrayOutput

type ValidationPatchArrayInput added in v4.11.0 

type ValidationPatchArrayInput interface {
	pulumi.Input

	ToValidationPatchArrayOutput() ValidationPatchArrayOutput
	ToValidationPatchArrayOutputWithContext(context.Context) ValidationPatchArrayOutput
}

ValidationPatchArrayInput is an input type that accepts ValidationPatchArray and ValidationPatchArrayOutput values. You can construct a concrete instance of `ValidationPatchArrayInput` via: 

ValidationPatchArray{ ValidationPatchArgs{...} }

type ValidationPatchArrayOutput added in v4.11.0 

type ValidationPatchArrayOutput struct{ *pulumi.OutputState }

func (ValidationPatchArrayOutput) ElementType added in v4.11.0 

func (ValidationPatchArrayOutput) ElementType() reflect.Type

func (ValidationPatchArrayOutput) Index added in v4.11.0 

func (o ValidationPatchArrayOutput) Index(i pulumi.IntInput) ValidationPatchOutput

func (ValidationPatchArrayOutput) ToValidationPatchArrayOutput added in v4.11.0 

func (o ValidationPatchArrayOutput) ToValidationPatchArrayOutput() ValidationPatchArrayOutput

func (ValidationPatchArrayOutput) ToValidationPatchArrayOutputWithContext added in v4.11.0 

func (o ValidationPatchArrayOutput) ToValidationPatchArrayOutputWithContext(ctx context.Context) ValidationPatchArrayOutput

type ValidationPatchInput added in v4.11.0 

type ValidationPatchInput interface {
	pulumi.Input

	ToValidationPatchOutput() ValidationPatchOutput
	ToValidationPatchOutputWithContext(context.Context) ValidationPatchOutput
}

ValidationPatchInput is an input type that accepts ValidationPatchArgs and ValidationPatchOutput values. You can construct a concrete instance of `ValidationPatchInput` via: 

ValidationPatchArgs{...}

type ValidationPatchOutput added in v4.11.0 

type ValidationPatchOutput struct{ *pulumi.OutputState }

Validation specifies the CEL expression which is used to apply the validation.

func (ValidationPatchOutput) ElementType added in v4.11.0 

func (ValidationPatchOutput) ElementType() reflect.Type

func (ValidationPatchOutput) Expression added in v4.11.0 

func (o ValidationPatchOutput) Expression() pulumi.StringPtrOutput

Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:

  • 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. - 'variables' - Map of composited variables, from its name to its lazily evaluated value. For example, a variable named 'foo' can be accessed as 'variables.foo'.
  • 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request. See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
  • 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the request resource.

The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object. No other metadata properties are accessible.

Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are: 

"true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if",
"import", "let", "loop", "package", "namespace", "return".

Examples:

  • Expression accessing a property named "namespace": {"Expression": "object.__namespace__ > 0"}
  • Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"}
  • Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"}

Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:

  • 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and non-intersecting elements in `Y` are appended, retaining their partial order.
  • 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with non-intersecting keys are appended, retaining their partial order. Required.

func (ValidationPatchOutput) Message added in v4.11.0 

func (o ValidationPatchOutput) Message() pulumi.StringPtrOutput

Message represents the message displayed when validation fails. The message is required if the Expression contains line breaks. The message must not contain line breaks. If unset, the message is "failed rule: {Rule}". e.g. "must be a URL with the host matching spec.host" If the Expression contains line breaks. Message is required. The message must not contain line breaks. If unset, the message is "failed Expression: {Expression}".

func (ValidationPatchOutput) MessageExpression added in v4.11.0 

func (o ValidationPatchOutput) MessageExpression() pulumi.StringPtrOutput

messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'. Example: "object.x must be less than max ("+string(params.max)+")"

func (ValidationPatchOutput) Reason added in v4.11.0 

func (o ValidationPatchOutput) Reason() pulumi.StringPtrOutput

Reason represents a machine-readable description of why this validation failed. If this is the first validation in the list to fail, this reason, as well as the corresponding HTTP response code, are used in the HTTP response to the client. The currently supported reasons are: "Unauthorized", "Forbidden", "Invalid", "RequestEntityTooLarge". If not set, StatusReasonInvalid is used in the response to the client.

func (ValidationPatchOutput) ToValidationPatchOutput added in v4.11.0 

func (o ValidationPatchOutput) ToValidationPatchOutput() ValidationPatchOutput

func (ValidationPatchOutput) ToValidationPatchOutputWithContext added in v4.11.0 

func (o ValidationPatchOutput) ToValidationPatchOutputWithContext(ctx context.Context) ValidationPatchOutput

type Variable added in v4.11.0 

type Variable struct {
	// Expression is the expression that will be evaluated as the value of the variable. The CEL expression has access to the same identifiers as the CEL expressions in Validation.
	Expression string `pulumi:"expression"`
	// Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables. The variable can be accessed in other expressions through `variables` For example, if name is "foo", the variable will be available as `variables.foo`
	Name string `pulumi:"name"`
}

Variable is the definition of a variable that is used for composition. A variable is defined as a named expression.

type VariableArgs added in v4.11.0 

type VariableArgs struct {
	// Expression is the expression that will be evaluated as the value of the variable. The CEL expression has access to the same identifiers as the CEL expressions in Validation.
	Expression pulumi.StringInput `pulumi:"expression"`
	// Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables. The variable can be accessed in other expressions through `variables` For example, if name is "foo", the variable will be available as `variables.foo`
	Name pulumi.StringInput `pulumi:"name"`
}

Variable is the definition of a variable that is used for composition. A variable is defined as a named expression.

func (VariableArgs) ElementType added in v4.11.0 

func (VariableArgs) ElementType() reflect.Type

func (VariableArgs) ToVariableOutput added in v4.11.0 

func (i VariableArgs) ToVariableOutput() VariableOutput

func (VariableArgs) ToVariableOutputWithContext added in v4.11.0 

func (i VariableArgs) ToVariableOutputWithContext(ctx context.Context) VariableOutput

type VariableArray added in v4.11.0 

type VariableArray []VariableInput

func (VariableArray) ElementType added in v4.11.0 

func (VariableArray) ElementType() reflect.Type

func (VariableArray) ToVariableArrayOutput added in v4.11.0 

func (i VariableArray) ToVariableArrayOutput() VariableArrayOutput

func (VariableArray) ToVariableArrayOutputWithContext added in v4.11.0 

func (i VariableArray) ToVariableArrayOutputWithContext(ctx context.Context) VariableArrayOutput

type VariableArrayInput added in v4.11.0 

type VariableArrayInput interface {
	pulumi.Input

	ToVariableArrayOutput() VariableArrayOutput
	ToVariableArrayOutputWithContext(context.Context) VariableArrayOutput
}

VariableArrayInput is an input type that accepts VariableArray and VariableArrayOutput values. You can construct a concrete instance of `VariableArrayInput` via: 

VariableArray{ VariableArgs{...} }

type VariableArrayOutput added in v4.11.0 

type VariableArrayOutput struct{ *pulumi.OutputState }

func (VariableArrayOutput) ElementType added in v4.11.0 

func (VariableArrayOutput) ElementType() reflect.Type

func (VariableArrayOutput) Index added in v4.11.0 

func (o VariableArrayOutput) Index(i pulumi.IntInput) VariableOutput

func (VariableArrayOutput) ToVariableArrayOutput added in v4.11.0 

func (o VariableArrayOutput) ToVariableArrayOutput() VariableArrayOutput

func (VariableArrayOutput) ToVariableArrayOutputWithContext added in v4.11.0 

func (o VariableArrayOutput) ToVariableArrayOutputWithContext(ctx context.Context) VariableArrayOutput

type VariableInput added in v4.11.0 

type VariableInput interface {
	pulumi.Input

	ToVariableOutput() VariableOutput
	ToVariableOutputWithContext(context.Context) VariableOutput
}

VariableInput is an input type that accepts VariableArgs and VariableOutput values. You can construct a concrete instance of `VariableInput` via: 

VariableArgs{...}

type VariableOutput added in v4.11.0 

type VariableOutput struct{ *pulumi.OutputState }

Variable is the definition of a variable that is used for composition. A variable is defined as a named expression.

func (VariableOutput) ElementType added in v4.11.0 

func (VariableOutput) ElementType() reflect.Type

func (VariableOutput) Expression added in v4.11.0 

func (o VariableOutput) Expression() pulumi.StringOutput

Expression is the expression that will be evaluated as the value of the variable. The CEL expression has access to the same identifiers as the CEL expressions in Validation.

func (VariableOutput) Name added in v4.11.0 

func (o VariableOutput) Name() pulumi.StringOutput

Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables. The variable can be accessed in other expressions through `variables` For example, if name is "foo", the variable will be available as `variables.foo`

func (VariableOutput) ToVariableOutput added in v4.11.0 

func (o VariableOutput) ToVariableOutput() VariableOutput

func (VariableOutput) ToVariableOutputWithContext added in v4.11.0 

func (o VariableOutput) ToVariableOutputWithContext(ctx context.Context) VariableOutput

type VariablePatch added in v4.11.0 

type VariablePatch struct {
	// Expression is the expression that will be evaluated as the value of the variable. The CEL expression has access to the same identifiers as the CEL expressions in Validation.
	Expression *string `pulumi:"expression"`
	// Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables. The variable can be accessed in other expressions through `variables` For example, if name is "foo", the variable will be available as `variables.foo`
	Name *string `pulumi:"name"`
}

Variable is the definition of a variable that is used for composition. A variable is defined as a named expression.

type VariablePatchArgs added in v4.11.0 

type VariablePatchArgs struct {
	// Expression is the expression that will be evaluated as the value of the variable. The CEL expression has access to the same identifiers as the CEL expressions in Validation.
	Expression pulumi.StringPtrInput `pulumi:"expression"`
	// Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables. The variable can be accessed in other expressions through `variables` For example, if name is "foo", the variable will be available as `variables.foo`
	Name pulumi.StringPtrInput `pulumi:"name"`
}

Variable is the definition of a variable that is used for composition. A variable is defined as a named expression.

func (VariablePatchArgs) ElementType added in v4.11.0 

func (VariablePatchArgs) ElementType() reflect.Type

func (VariablePatchArgs) ToVariablePatchOutput added in v4.11.0 

func (i VariablePatchArgs) ToVariablePatchOutput() VariablePatchOutput

func (VariablePatchArgs) ToVariablePatchOutputWithContext added in v4.11.0 

func (i VariablePatchArgs) ToVariablePatchOutputWithContext(ctx context.Context) VariablePatchOutput

type VariablePatchArray added in v4.11.0 

type VariablePatchArray []VariablePatchInput

func (VariablePatchArray) ElementType added in v4.11.0 

func (VariablePatchArray) ElementType() reflect.Type

func (VariablePatchArray) ToVariablePatchArrayOutput added in v4.11.0 

func (i VariablePatchArray) ToVariablePatchArrayOutput() VariablePatchArrayOutput

func (VariablePatchArray) ToVariablePatchArrayOutputWithContext added in v4.11.0 

func (i VariablePatchArray) ToVariablePatchArrayOutputWithContext(ctx context.Context) VariablePatchArrayOutput

type VariablePatchArrayInput added in v4.11.0 

type VariablePatchArrayInput interface {
	pulumi.Input

	ToVariablePatchArrayOutput() VariablePatchArrayOutput
	ToVariablePatchArrayOutputWithContext(context.Context) VariablePatchArrayOutput
}

VariablePatchArrayInput is an input type that accepts VariablePatchArray and VariablePatchArrayOutput values. You can construct a concrete instance of `VariablePatchArrayInput` via: 

VariablePatchArray{ VariablePatchArgs{...} }

type VariablePatchArrayOutput added in v4.11.0 

type VariablePatchArrayOutput struct{ *pulumi.OutputState }

func (VariablePatchArrayOutput) ElementType added in v4.11.0 

func (VariablePatchArrayOutput) ElementType() reflect.Type

func (VariablePatchArrayOutput) Index added in v4.11.0 

func (o VariablePatchArrayOutput) Index(i pulumi.IntInput) VariablePatchOutput

func (VariablePatchArrayOutput) ToVariablePatchArrayOutput added in v4.11.0 

func (o VariablePatchArrayOutput) ToVariablePatchArrayOutput() VariablePatchArrayOutput

func (VariablePatchArrayOutput) ToVariablePatchArrayOutputWithContext added in v4.11.0 

func (o VariablePatchArrayOutput) ToVariablePatchArrayOutputWithContext(ctx context.Context) VariablePatchArrayOutput

type VariablePatchInput added in v4.11.0 

type VariablePatchInput interface {
	pulumi.Input

	ToVariablePatchOutput() VariablePatchOutput
	ToVariablePatchOutputWithContext(context.Context) VariablePatchOutput
}

VariablePatchInput is an input type that accepts VariablePatchArgs and VariablePatchOutput values. You can construct a concrete instance of `VariablePatchInput` via: 

VariablePatchArgs{...}

type VariablePatchOutput added in v4.11.0 

type VariablePatchOutput struct{ *pulumi.OutputState }

Variable is the definition of a variable that is used for composition. A variable is defined as a named expression.

func (VariablePatchOutput) ElementType added in v4.11.0 

func (VariablePatchOutput) ElementType() reflect.Type

func (VariablePatchOutput) Expression added in v4.11.0 

func (o VariablePatchOutput) Expression() pulumi.StringPtrOutput

Expression is the expression that will be evaluated as the value of the variable. The CEL expression has access to the same identifiers as the CEL expressions in Validation.

func (VariablePatchOutput) Name added in v4.11.0 

func (o VariablePatchOutput) Name() pulumi.StringPtrOutput

Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables. The variable can be accessed in other expressions through `variables` For example, if name is "foo", the variable will be available as `variables.foo`

func (VariablePatchOutput) ToVariablePatchOutput added in v4.11.0 

func (o VariablePatchOutput) ToVariablePatchOutput() VariablePatchOutput

func (VariablePatchOutput) ToVariablePatchOutputWithContext added in v4.11.0 

func (o VariablePatchOutput) ToVariablePatchOutputWithContext(ctx context.Context) VariablePatchOutput

type WebhookClientConfig 

type WebhookClientConfig struct {
	// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.
	CaBundle *string `pulumi:"caBundle"`
	// `service` is a reference to the service for this webhook. Either `service` or `url` must be specified.
	//
	// If the webhook is running within the cluster, then you should use `service`.
	Service *ServiceReference `pulumi:"service"`
	// `url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.
	//
	// The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.
	//
	// Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.
	//
	// The scheme must be "https"; the URL must begin with "https://".
	//
	// A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.
	//
	// Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.
	Url *string `pulumi:"url"`
}

WebhookClientConfig contains the information to make a TLS connection with the webhook

type WebhookClientConfigArgs 

type WebhookClientConfigArgs struct {
	// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.
	CaBundle pulumi.StringPtrInput `pulumi:"caBundle"`
	// `service` is a reference to the service for this webhook. Either `service` or `url` must be specified.
	//
	// If the webhook is running within the cluster, then you should use `service`.
	Service ServiceReferencePtrInput `pulumi:"service"`
	// `url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.
	//
	// The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.
	//
	// Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.
	//
	// The scheme must be "https"; the URL must begin with "https://".
	//
	// A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.
	//
	// Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.
	Url pulumi.StringPtrInput `pulumi:"url"`
}

WebhookClientConfig contains the information to make a TLS connection with the webhook

func (WebhookClientConfigArgs) ElementType 

func (WebhookClientConfigArgs) ElementType() reflect.Type

func (WebhookClientConfigArgs) ToWebhookClientConfigOutput 

func (i WebhookClientConfigArgs) ToWebhookClientConfigOutput() WebhookClientConfigOutput

func (WebhookClientConfigArgs) ToWebhookClientConfigOutputWithContext 

func (i WebhookClientConfigArgs) ToWebhookClientConfigOutputWithContext(ctx context.Context) WebhookClientConfigOutput

type WebhookClientConfigInput 

type WebhookClientConfigInput interface {
	pulumi.Input

	ToWebhookClientConfigOutput() WebhookClientConfigOutput
	ToWebhookClientConfigOutputWithContext(context.Context) WebhookClientConfigOutput
}

WebhookClientConfigInput is an input type that accepts WebhookClientConfigArgs and WebhookClientConfigOutput values. You can construct a concrete instance of `WebhookClientConfigInput` via: 

WebhookClientConfigArgs{...}

type WebhookClientConfigOutput 

type WebhookClientConfigOutput struct{ *pulumi.OutputState }

WebhookClientConfig contains the information to make a TLS connection with the webhook

func (WebhookClientConfigOutput) CaBundle 

func (o WebhookClientConfigOutput) CaBundle() pulumi.StringPtrOutput

`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.

func (WebhookClientConfigOutput) ElementType 

func (WebhookClientConfigOutput) ElementType() reflect.Type

func (WebhookClientConfigOutput) Service 

func (o WebhookClientConfigOutput) Service() ServiceReferencePtrOutput

`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.

If the webhook is running within the cluster, then you should use `service`.

func (WebhookClientConfigOutput) ToWebhookClientConfigOutput 

func (o WebhookClientConfigOutput) ToWebhookClientConfigOutput() WebhookClientConfigOutput

func (WebhookClientConfigOutput) ToWebhookClientConfigOutputWithContext 

func (o WebhookClientConfigOutput) ToWebhookClientConfigOutputWithContext(ctx context.Context) WebhookClientConfigOutput

func (WebhookClientConfigOutput) Url 

func (o WebhookClientConfigOutput) Url() pulumi.StringPtrOutput

`url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.

The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.

Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.

The scheme must be "https"; the URL must begin with "https://".

A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.

Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.

type WebhookClientConfigPatch 

type WebhookClientConfigPatch struct {
	// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.
	CaBundle *string `pulumi:"caBundle"`
	// `service` is a reference to the service for this webhook. Either `service` or `url` must be specified.
	//
	// If the webhook is running within the cluster, then you should use `service`.
	Service *ServiceReferencePatch `pulumi:"service"`
	// `url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.
	//
	// The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.
	//
	// Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.
	//
	// The scheme must be "https"; the URL must begin with "https://".
	//
	// A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.
	//
	// Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.
	Url *string `pulumi:"url"`
}

WebhookClientConfig contains the information to make a TLS connection with the webhook

type WebhookClientConfigPatchArgs 

type WebhookClientConfigPatchArgs struct {
	// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.
	CaBundle pulumi.StringPtrInput `pulumi:"caBundle"`
	// `service` is a reference to the service for this webhook. Either `service` or `url` must be specified.
	//
	// If the webhook is running within the cluster, then you should use `service`.
	Service ServiceReferencePatchPtrInput `pulumi:"service"`
	// `url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.
	//
	// The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.
	//
	// Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.
	//
	// The scheme must be "https"; the URL must begin with "https://".
	//
	// A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.
	//
	// Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.
	Url pulumi.StringPtrInput `pulumi:"url"`
}

WebhookClientConfig contains the information to make a TLS connection with the webhook

func (WebhookClientConfigPatchArgs) ElementType 

func (WebhookClientConfigPatchArgs) ElementType() reflect.Type

func (WebhookClientConfigPatchArgs) ToWebhookClientConfigPatchOutput 

func (i WebhookClientConfigPatchArgs) ToWebhookClientConfigPatchOutput() WebhookClientConfigPatchOutput

func (WebhookClientConfigPatchArgs) ToWebhookClientConfigPatchOutputWithContext 

func (i WebhookClientConfigPatchArgs) ToWebhookClientConfigPatchOutputWithContext(ctx context.Context) WebhookClientConfigPatchOutput

func (WebhookClientConfigPatchArgs) ToWebhookClientConfigPatchPtrOutput 

func (i WebhookClientConfigPatchArgs) ToWebhookClientConfigPatchPtrOutput() WebhookClientConfigPatchPtrOutput

func (WebhookClientConfigPatchArgs) ToWebhookClientConfigPatchPtrOutputWithContext 

func (i WebhookClientConfigPatchArgs) ToWebhookClientConfigPatchPtrOutputWithContext(ctx context.Context) WebhookClientConfigPatchPtrOutput

type WebhookClientConfigPatchInput 

type WebhookClientConfigPatchInput interface {
	pulumi.Input

	ToWebhookClientConfigPatchOutput() WebhookClientConfigPatchOutput
	ToWebhookClientConfigPatchOutputWithContext(context.Context) WebhookClientConfigPatchOutput
}

WebhookClientConfigPatchInput is an input type that accepts WebhookClientConfigPatchArgs and WebhookClientConfigPatchOutput values. You can construct a concrete instance of `WebhookClientConfigPatchInput` via: 

WebhookClientConfigPatchArgs{...}

type WebhookClientConfigPatchOutput 

type WebhookClientConfigPatchOutput struct{ *pulumi.OutputState }

WebhookClientConfig contains the information to make a TLS connection with the webhook

func (WebhookClientConfigPatchOutput) CaBundle 

func (o WebhookClientConfigPatchOutput) CaBundle() pulumi.StringPtrOutput

`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.

func (WebhookClientConfigPatchOutput) ElementType 

func (WebhookClientConfigPatchOutput) ElementType() reflect.Type

func (WebhookClientConfigPatchOutput) Service 

func (o WebhookClientConfigPatchOutput) Service() ServiceReferencePatchPtrOutput

`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.

If the webhook is running within the cluster, then you should use `service`.

func (WebhookClientConfigPatchOutput) ToWebhookClientConfigPatchOutput 

func (o WebhookClientConfigPatchOutput) ToWebhookClientConfigPatchOutput() WebhookClientConfigPatchOutput

func (WebhookClientConfigPatchOutput) ToWebhookClientConfigPatchOutputWithContext 

func (o WebhookClientConfigPatchOutput) ToWebhookClientConfigPatchOutputWithContext(ctx context.Context) WebhookClientConfigPatchOutput

func (WebhookClientConfigPatchOutput) ToWebhookClientConfigPatchPtrOutput 

func (o WebhookClientConfigPatchOutput) ToWebhookClientConfigPatchPtrOutput() WebhookClientConfigPatchPtrOutput

func (WebhookClientConfigPatchOutput) ToWebhookClientConfigPatchPtrOutputWithContext 

func (o WebhookClientConfigPatchOutput) ToWebhookClientConfigPatchPtrOutputWithContext(ctx context.Context) WebhookClientConfigPatchPtrOutput

func (WebhookClientConfigPatchOutput) Url 

func (o WebhookClientConfigPatchOutput) Url() pulumi.StringPtrOutput

`url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.

The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.

Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.

The scheme must be "https"; the URL must begin with "https://".

A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.

Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.

type WebhookClientConfigPatchPtrInput 

type WebhookClientConfigPatchPtrInput interface {
	pulumi.Input

	ToWebhookClientConfigPatchPtrOutput() WebhookClientConfigPatchPtrOutput
	ToWebhookClientConfigPatchPtrOutputWithContext(context.Context) WebhookClientConfigPatchPtrOutput
}

WebhookClientConfigPatchPtrInput is an input type that accepts WebhookClientConfigPatchArgs, WebhookClientConfigPatchPtr and WebhookClientConfigPatchPtrOutput values. You can construct a concrete instance of `WebhookClientConfigPatchPtrInput` via: 

        WebhookClientConfigPatchArgs{...}

or:

        nil

func WebhookClientConfigPatchPtr 

func WebhookClientConfigPatchPtr(v *WebhookClientConfigPatchArgs) WebhookClientConfigPatchPtrInput

type WebhookClientConfigPatchPtrOutput 

type WebhookClientConfigPatchPtrOutput struct{ *pulumi.OutputState }

func (WebhookClientConfigPatchPtrOutput) CaBundle 

func (o WebhookClientConfigPatchPtrOutput) CaBundle() pulumi.StringPtrOutput

`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.

func (WebhookClientConfigPatchPtrOutput) Elem 

func (o WebhookClientConfigPatchPtrOutput) Elem() WebhookClientConfigPatchOutput

func (WebhookClientConfigPatchPtrOutput) ElementType 

func (WebhookClientConfigPatchPtrOutput) ElementType() reflect.Type

func (WebhookClientConfigPatchPtrOutput) Service 

func (o WebhookClientConfigPatchPtrOutput) Service() ServiceReferencePatchPtrOutput

`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.

If the webhook is running within the cluster, then you should use `service`.

func (WebhookClientConfigPatchPtrOutput) ToWebhookClientConfigPatchPtrOutput 

func (o WebhookClientConfigPatchPtrOutput) ToWebhookClientConfigPatchPtrOutput() WebhookClientConfigPatchPtrOutput

func (WebhookClientConfigPatchPtrOutput) ToWebhookClientConfigPatchPtrOutputWithContext 

func (o WebhookClientConfigPatchPtrOutput) ToWebhookClientConfigPatchPtrOutputWithContext(ctx context.Context) WebhookClientConfigPatchPtrOutput

func (WebhookClientConfigPatchPtrOutput) Url 

func (o WebhookClientConfigPatchPtrOutput) Url() pulumi.StringPtrOutput

`url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.

The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.

Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.

The scheme must be "https"; the URL must begin with "https://".

A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.

Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.