v1alpha1

package
v4.5.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 15, 2023 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuditAnnotation

type AuditAnnotation struct {
	// key specifies the audit annotation key. The audit annotation keys of a ValidatingAdmissionPolicy must be unique. The key must be a qualified name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.
	//
	// The key is combined with the resource name of the ValidatingAdmissionPolicy to construct an audit annotation key: "{ValidatingAdmissionPolicy name}/{key}".
	//
	// If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy and the same audit annotation key, the annotation key will be identical. In this case, the first annotation written with the key will be included in the audit event and all subsequent annotations with the same key will be discarded.
	//
	// Required.
	Key string `pulumi:"key"`
	// valueExpression represents the expression which is evaluated by CEL to produce an audit annotation value. The expression must evaluate to either a string or null value. If the expression evaluates to a string, the audit annotation is included with the string value. If the expression evaluates to null or empty string the audit annotation will be omitted. The valueExpression may be no longer than 5kb in length. If the result of the valueExpression is more than 10kb in length, it will be truncated to 10kb.
	//
	// If multiple ValidatingAdmissionPolicyBinding resources match an API request, then the valueExpression will be evaluated for each binding. All unique values produced by the valueExpressions will be joined together in a comma-separated list.
	//
	// Required.
	ValueExpression string `pulumi:"valueExpression"`
}

AuditAnnotation describes how to produce an audit annotation for an API request.

type AuditAnnotationArgs

type AuditAnnotationArgs struct {
	// key specifies the audit annotation key. The audit annotation keys of a ValidatingAdmissionPolicy must be unique. The key must be a qualified name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.
	//
	// The key is combined with the resource name of the ValidatingAdmissionPolicy to construct an audit annotation key: "{ValidatingAdmissionPolicy name}/{key}".
	//
	// If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy and the same audit annotation key, the annotation key will be identical. In this case, the first annotation written with the key will be included in the audit event and all subsequent annotations with the same key will be discarded.
	//
	// Required.
	Key pulumi.StringInput `pulumi:"key"`
	// valueExpression represents the expression which is evaluated by CEL to produce an audit annotation value. The expression must evaluate to either a string or null value. If the expression evaluates to a string, the audit annotation is included with the string value. If the expression evaluates to null or empty string the audit annotation will be omitted. The valueExpression may be no longer than 5kb in length. If the result of the valueExpression is more than 10kb in length, it will be truncated to 10kb.
	//
	// If multiple ValidatingAdmissionPolicyBinding resources match an API request, then the valueExpression will be evaluated for each binding. All unique values produced by the valueExpressions will be joined together in a comma-separated list.
	//
	// Required.
	ValueExpression pulumi.StringInput `pulumi:"valueExpression"`
}

AuditAnnotation describes how to produce an audit annotation for an API request.

func (AuditAnnotationArgs) ElementType

func (AuditAnnotationArgs) ElementType() reflect.Type

func (AuditAnnotationArgs) ToAuditAnnotationOutput

func (i AuditAnnotationArgs) ToAuditAnnotationOutput() AuditAnnotationOutput

func (AuditAnnotationArgs) ToAuditAnnotationOutputWithContext

func (i AuditAnnotationArgs) ToAuditAnnotationOutputWithContext(ctx context.Context) AuditAnnotationOutput

func (AuditAnnotationArgs) ToOutput added in v4.2.0

type AuditAnnotationArray

type AuditAnnotationArray []AuditAnnotationInput

func (AuditAnnotationArray) ElementType

func (AuditAnnotationArray) ElementType() reflect.Type

func (AuditAnnotationArray) ToAuditAnnotationArrayOutput

func (i AuditAnnotationArray) ToAuditAnnotationArrayOutput() AuditAnnotationArrayOutput

func (AuditAnnotationArray) ToAuditAnnotationArrayOutputWithContext

func (i AuditAnnotationArray) ToAuditAnnotationArrayOutputWithContext(ctx context.Context) AuditAnnotationArrayOutput

func (AuditAnnotationArray) ToOutput added in v4.2.0

type AuditAnnotationArrayInput

type AuditAnnotationArrayInput interface {
	pulumi.Input

	ToAuditAnnotationArrayOutput() AuditAnnotationArrayOutput
	ToAuditAnnotationArrayOutputWithContext(context.Context) AuditAnnotationArrayOutput
}

AuditAnnotationArrayInput is an input type that accepts AuditAnnotationArray and AuditAnnotationArrayOutput values. You can construct a concrete instance of `AuditAnnotationArrayInput` via:

AuditAnnotationArray{ AuditAnnotationArgs{...} }

type AuditAnnotationArrayOutput

type AuditAnnotationArrayOutput struct{ *pulumi.OutputState }

func (AuditAnnotationArrayOutput) ElementType

func (AuditAnnotationArrayOutput) ElementType() reflect.Type

func (AuditAnnotationArrayOutput) Index

func (AuditAnnotationArrayOutput) ToAuditAnnotationArrayOutput

func (o AuditAnnotationArrayOutput) ToAuditAnnotationArrayOutput() AuditAnnotationArrayOutput

func (AuditAnnotationArrayOutput) ToAuditAnnotationArrayOutputWithContext

func (o AuditAnnotationArrayOutput) ToAuditAnnotationArrayOutputWithContext(ctx context.Context) AuditAnnotationArrayOutput

func (AuditAnnotationArrayOutput) ToOutput added in v4.2.0

type AuditAnnotationInput

type AuditAnnotationInput interface {
	pulumi.Input

	ToAuditAnnotationOutput() AuditAnnotationOutput
	ToAuditAnnotationOutputWithContext(context.Context) AuditAnnotationOutput
}

AuditAnnotationInput is an input type that accepts AuditAnnotationArgs and AuditAnnotationOutput values. You can construct a concrete instance of `AuditAnnotationInput` via:

AuditAnnotationArgs{...}

type AuditAnnotationOutput

type AuditAnnotationOutput struct{ *pulumi.OutputState }

AuditAnnotation describes how to produce an audit annotation for an API request.

func (AuditAnnotationOutput) ElementType

func (AuditAnnotationOutput) ElementType() reflect.Type

func (AuditAnnotationOutput) Key

key specifies the audit annotation key. The audit annotation keys of a ValidatingAdmissionPolicy must be unique. The key must be a qualified name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.

The key is combined with the resource name of the ValidatingAdmissionPolicy to construct an audit annotation key: "{ValidatingAdmissionPolicy name}/{key}".

If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy and the same audit annotation key, the annotation key will be identical. In this case, the first annotation written with the key will be included in the audit event and all subsequent annotations with the same key will be discarded.

Required.

func (AuditAnnotationOutput) ToAuditAnnotationOutput

func (o AuditAnnotationOutput) ToAuditAnnotationOutput() AuditAnnotationOutput

func (AuditAnnotationOutput) ToAuditAnnotationOutputWithContext

func (o AuditAnnotationOutput) ToAuditAnnotationOutputWithContext(ctx context.Context) AuditAnnotationOutput

func (AuditAnnotationOutput) ToOutput added in v4.2.0

func (AuditAnnotationOutput) ValueExpression

func (o AuditAnnotationOutput) ValueExpression() pulumi.StringOutput

valueExpression represents the expression which is evaluated by CEL to produce an audit annotation value. The expression must evaluate to either a string or null value. If the expression evaluates to a string, the audit annotation is included with the string value. If the expression evaluates to null or empty string the audit annotation will be omitted. The valueExpression may be no longer than 5kb in length. If the result of the valueExpression is more than 10kb in length, it will be truncated to 10kb.

If multiple ValidatingAdmissionPolicyBinding resources match an API request, then the valueExpression will be evaluated for each binding. All unique values produced by the valueExpressions will be joined together in a comma-separated list.

Required.

type AuditAnnotationPatch

type AuditAnnotationPatch struct {
	// key specifies the audit annotation key. The audit annotation keys of a ValidatingAdmissionPolicy must be unique. The key must be a qualified name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.
	//
	// The key is combined with the resource name of the ValidatingAdmissionPolicy to construct an audit annotation key: "{ValidatingAdmissionPolicy name}/{key}".
	//
	// If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy and the same audit annotation key, the annotation key will be identical. In this case, the first annotation written with the key will be included in the audit event and all subsequent annotations with the same key will be discarded.
	//
	// Required.
	Key *string `pulumi:"key"`
	// valueExpression represents the expression which is evaluated by CEL to produce an audit annotation value. The expression must evaluate to either a string or null value. If the expression evaluates to a string, the audit annotation is included with the string value. If the expression evaluates to null or empty string the audit annotation will be omitted. The valueExpression may be no longer than 5kb in length. If the result of the valueExpression is more than 10kb in length, it will be truncated to 10kb.
	//
	// If multiple ValidatingAdmissionPolicyBinding resources match an API request, then the valueExpression will be evaluated for each binding. All unique values produced by the valueExpressions will be joined together in a comma-separated list.
	//
	// Required.
	ValueExpression *string `pulumi:"valueExpression"`
}

AuditAnnotation describes how to produce an audit annotation for an API request.

type AuditAnnotationPatchArgs

type AuditAnnotationPatchArgs struct {
	// key specifies the audit annotation key. The audit annotation keys of a ValidatingAdmissionPolicy must be unique. The key must be a qualified name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.
	//
	// The key is combined with the resource name of the ValidatingAdmissionPolicy to construct an audit annotation key: "{ValidatingAdmissionPolicy name}/{key}".
	//
	// If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy and the same audit annotation key, the annotation key will be identical. In this case, the first annotation written with the key will be included in the audit event and all subsequent annotations with the same key will be discarded.
	//
	// Required.
	Key pulumi.StringPtrInput `pulumi:"key"`
	// valueExpression represents the expression which is evaluated by CEL to produce an audit annotation value. The expression must evaluate to either a string or null value. If the expression evaluates to a string, the audit annotation is included with the string value. If the expression evaluates to null or empty string the audit annotation will be omitted. The valueExpression may be no longer than 5kb in length. If the result of the valueExpression is more than 10kb in length, it will be truncated to 10kb.
	//
	// If multiple ValidatingAdmissionPolicyBinding resources match an API request, then the valueExpression will be evaluated for each binding. All unique values produced by the valueExpressions will be joined together in a comma-separated list.
	//
	// Required.
	ValueExpression pulumi.StringPtrInput `pulumi:"valueExpression"`
}

AuditAnnotation describes how to produce an audit annotation for an API request.

func (AuditAnnotationPatchArgs) ElementType

func (AuditAnnotationPatchArgs) ElementType() reflect.Type

func (AuditAnnotationPatchArgs) ToAuditAnnotationPatchOutput

func (i AuditAnnotationPatchArgs) ToAuditAnnotationPatchOutput() AuditAnnotationPatchOutput

func (AuditAnnotationPatchArgs) ToAuditAnnotationPatchOutputWithContext

func (i AuditAnnotationPatchArgs) ToAuditAnnotationPatchOutputWithContext(ctx context.Context) AuditAnnotationPatchOutput

func (AuditAnnotationPatchArgs) ToOutput added in v4.2.0

type AuditAnnotationPatchArray

type AuditAnnotationPatchArray []AuditAnnotationPatchInput

func (AuditAnnotationPatchArray) ElementType

func (AuditAnnotationPatchArray) ElementType() reflect.Type

func (AuditAnnotationPatchArray) ToAuditAnnotationPatchArrayOutput

func (i AuditAnnotationPatchArray) ToAuditAnnotationPatchArrayOutput() AuditAnnotationPatchArrayOutput

func (AuditAnnotationPatchArray) ToAuditAnnotationPatchArrayOutputWithContext

func (i AuditAnnotationPatchArray) ToAuditAnnotationPatchArrayOutputWithContext(ctx context.Context) AuditAnnotationPatchArrayOutput

func (AuditAnnotationPatchArray) ToOutput added in v4.2.0

type AuditAnnotationPatchArrayInput

type AuditAnnotationPatchArrayInput interface {
	pulumi.Input

	ToAuditAnnotationPatchArrayOutput() AuditAnnotationPatchArrayOutput
	ToAuditAnnotationPatchArrayOutputWithContext(context.Context) AuditAnnotationPatchArrayOutput
}

AuditAnnotationPatchArrayInput is an input type that accepts AuditAnnotationPatchArray and AuditAnnotationPatchArrayOutput values. You can construct a concrete instance of `AuditAnnotationPatchArrayInput` via:

AuditAnnotationPatchArray{ AuditAnnotationPatchArgs{...} }

type AuditAnnotationPatchArrayOutput

type AuditAnnotationPatchArrayOutput struct{ *pulumi.OutputState }

func (AuditAnnotationPatchArrayOutput) ElementType

func (AuditAnnotationPatchArrayOutput) Index

func (AuditAnnotationPatchArrayOutput) ToAuditAnnotationPatchArrayOutput

func (o AuditAnnotationPatchArrayOutput) ToAuditAnnotationPatchArrayOutput() AuditAnnotationPatchArrayOutput

func (AuditAnnotationPatchArrayOutput) ToAuditAnnotationPatchArrayOutputWithContext

func (o AuditAnnotationPatchArrayOutput) ToAuditAnnotationPatchArrayOutputWithContext(ctx context.Context) AuditAnnotationPatchArrayOutput

func (AuditAnnotationPatchArrayOutput) ToOutput added in v4.2.0

type AuditAnnotationPatchInput

type AuditAnnotationPatchInput interface {
	pulumi.Input

	ToAuditAnnotationPatchOutput() AuditAnnotationPatchOutput
	ToAuditAnnotationPatchOutputWithContext(context.Context) AuditAnnotationPatchOutput
}

AuditAnnotationPatchInput is an input type that accepts AuditAnnotationPatchArgs and AuditAnnotationPatchOutput values. You can construct a concrete instance of `AuditAnnotationPatchInput` via:

AuditAnnotationPatchArgs{...}

type AuditAnnotationPatchOutput

type AuditAnnotationPatchOutput struct{ *pulumi.OutputState }

AuditAnnotation describes how to produce an audit annotation for an API request.

func (AuditAnnotationPatchOutput) ElementType

func (AuditAnnotationPatchOutput) ElementType() reflect.Type

func (AuditAnnotationPatchOutput) Key

key specifies the audit annotation key. The audit annotation keys of a ValidatingAdmissionPolicy must be unique. The key must be a qualified name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.

The key is combined with the resource name of the ValidatingAdmissionPolicy to construct an audit annotation key: "{ValidatingAdmissionPolicy name}/{key}".

If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy and the same audit annotation key, the annotation key will be identical. In this case, the first annotation written with the key will be included in the audit event and all subsequent annotations with the same key will be discarded.

Required.

func (AuditAnnotationPatchOutput) ToAuditAnnotationPatchOutput

func (o AuditAnnotationPatchOutput) ToAuditAnnotationPatchOutput() AuditAnnotationPatchOutput

func (AuditAnnotationPatchOutput) ToAuditAnnotationPatchOutputWithContext

func (o AuditAnnotationPatchOutput) ToAuditAnnotationPatchOutputWithContext(ctx context.Context) AuditAnnotationPatchOutput

func (AuditAnnotationPatchOutput) ToOutput added in v4.2.0

func (AuditAnnotationPatchOutput) ValueExpression

valueExpression represents the expression which is evaluated by CEL to produce an audit annotation value. The expression must evaluate to either a string or null value. If the expression evaluates to a string, the audit annotation is included with the string value. If the expression evaluates to null or empty string the audit annotation will be omitted. The valueExpression may be no longer than 5kb in length. If the result of the valueExpression is more than 10kb in length, it will be truncated to 10kb.

If multiple ValidatingAdmissionPolicyBinding resources match an API request, then the valueExpression will be evaluated for each binding. All unique values produced by the valueExpressions will be joined together in a comma-separated list.

Required.

type ExpressionWarning

type ExpressionWarning struct {
	// The path to the field that refers the expression. For example, the reference to the expression of the first item of validations is "spec.validations[0].expression"
	FieldRef string `pulumi:"fieldRef"`
	// The content of type checking information in a human-readable form. Each line of the warning contains the type that the expression is checked against, followed by the type check error from the compiler.
	Warning string `pulumi:"warning"`
}

ExpressionWarning is a warning information that targets a specific expression.

type ExpressionWarningArgs

type ExpressionWarningArgs struct {
	// The path to the field that refers the expression. For example, the reference to the expression of the first item of validations is "spec.validations[0].expression"
	FieldRef pulumi.StringInput `pulumi:"fieldRef"`
	// The content of type checking information in a human-readable form. Each line of the warning contains the type that the expression is checked against, followed by the type check error from the compiler.
	Warning pulumi.StringInput `pulumi:"warning"`
}

ExpressionWarning is a warning information that targets a specific expression.

func (ExpressionWarningArgs) ElementType

func (ExpressionWarningArgs) ElementType() reflect.Type

func (ExpressionWarningArgs) ToExpressionWarningOutput

func (i ExpressionWarningArgs) ToExpressionWarningOutput() ExpressionWarningOutput

func (ExpressionWarningArgs) ToExpressionWarningOutputWithContext

func (i ExpressionWarningArgs) ToExpressionWarningOutputWithContext(ctx context.Context) ExpressionWarningOutput

func (ExpressionWarningArgs) ToOutput added in v4.2.0

type ExpressionWarningArray

type ExpressionWarningArray []ExpressionWarningInput

func (ExpressionWarningArray) ElementType

func (ExpressionWarningArray) ElementType() reflect.Type

func (ExpressionWarningArray) ToExpressionWarningArrayOutput

func (i ExpressionWarningArray) ToExpressionWarningArrayOutput() ExpressionWarningArrayOutput

func (ExpressionWarningArray) ToExpressionWarningArrayOutputWithContext

func (i ExpressionWarningArray) ToExpressionWarningArrayOutputWithContext(ctx context.Context) ExpressionWarningArrayOutput

func (ExpressionWarningArray) ToOutput added in v4.2.0

type ExpressionWarningArrayInput

type ExpressionWarningArrayInput interface {
	pulumi.Input

	ToExpressionWarningArrayOutput() ExpressionWarningArrayOutput
	ToExpressionWarningArrayOutputWithContext(context.Context) ExpressionWarningArrayOutput
}

ExpressionWarningArrayInput is an input type that accepts ExpressionWarningArray and ExpressionWarningArrayOutput values. You can construct a concrete instance of `ExpressionWarningArrayInput` via:

ExpressionWarningArray{ ExpressionWarningArgs{...} }

type ExpressionWarningArrayOutput

type ExpressionWarningArrayOutput struct{ *pulumi.OutputState }

func (ExpressionWarningArrayOutput) ElementType

func (ExpressionWarningArrayOutput) Index

func (ExpressionWarningArrayOutput) ToExpressionWarningArrayOutput

func (o ExpressionWarningArrayOutput) ToExpressionWarningArrayOutput() ExpressionWarningArrayOutput

func (ExpressionWarningArrayOutput) ToExpressionWarningArrayOutputWithContext

func (o ExpressionWarningArrayOutput) ToExpressionWarningArrayOutputWithContext(ctx context.Context) ExpressionWarningArrayOutput

func (ExpressionWarningArrayOutput) ToOutput added in v4.2.0

type ExpressionWarningInput

type ExpressionWarningInput interface {
	pulumi.Input

	ToExpressionWarningOutput() ExpressionWarningOutput
	ToExpressionWarningOutputWithContext(context.Context) ExpressionWarningOutput
}

ExpressionWarningInput is an input type that accepts ExpressionWarningArgs and ExpressionWarningOutput values. You can construct a concrete instance of `ExpressionWarningInput` via:

ExpressionWarningArgs{...}

type ExpressionWarningOutput

type ExpressionWarningOutput struct{ *pulumi.OutputState }

ExpressionWarning is a warning information that targets a specific expression.

func (ExpressionWarningOutput) ElementType

func (ExpressionWarningOutput) ElementType() reflect.Type

func (ExpressionWarningOutput) FieldRef

The path to the field that refers the expression. For example, the reference to the expression of the first item of validations is "spec.validations[0].expression"

func (ExpressionWarningOutput) ToExpressionWarningOutput

func (o ExpressionWarningOutput) ToExpressionWarningOutput() ExpressionWarningOutput

func (ExpressionWarningOutput) ToExpressionWarningOutputWithContext

func (o ExpressionWarningOutput) ToExpressionWarningOutputWithContext(ctx context.Context) ExpressionWarningOutput

func (ExpressionWarningOutput) ToOutput added in v4.2.0

func (ExpressionWarningOutput) Warning

The content of type checking information in a human-readable form. Each line of the warning contains the type that the expression is checked against, followed by the type check error from the compiler.

type ExpressionWarningPatch

type ExpressionWarningPatch struct {
	// The path to the field that refers the expression. For example, the reference to the expression of the first item of validations is "spec.validations[0].expression"
	FieldRef *string `pulumi:"fieldRef"`
	// The content of type checking information in a human-readable form. Each line of the warning contains the type that the expression is checked against, followed by the type check error from the compiler.
	Warning *string `pulumi:"warning"`
}

ExpressionWarning is a warning information that targets a specific expression.

type ExpressionWarningPatchArgs

type ExpressionWarningPatchArgs struct {
	// The path to the field that refers the expression. For example, the reference to the expression of the first item of validations is "spec.validations[0].expression"
	FieldRef pulumi.StringPtrInput `pulumi:"fieldRef"`
	// The content of type checking information in a human-readable form. Each line of the warning contains the type that the expression is checked against, followed by the type check error from the compiler.
	Warning pulumi.StringPtrInput `pulumi:"warning"`
}

ExpressionWarning is a warning information that targets a specific expression.

func (ExpressionWarningPatchArgs) ElementType

func (ExpressionWarningPatchArgs) ElementType() reflect.Type

func (ExpressionWarningPatchArgs) ToExpressionWarningPatchOutput

func (i ExpressionWarningPatchArgs) ToExpressionWarningPatchOutput() ExpressionWarningPatchOutput

func (ExpressionWarningPatchArgs) ToExpressionWarningPatchOutputWithContext

func (i ExpressionWarningPatchArgs) ToExpressionWarningPatchOutputWithContext(ctx context.Context) ExpressionWarningPatchOutput

func (ExpressionWarningPatchArgs) ToOutput added in v4.2.0

type ExpressionWarningPatchArray

type ExpressionWarningPatchArray []ExpressionWarningPatchInput

func (ExpressionWarningPatchArray) ElementType

func (ExpressionWarningPatchArray) ToExpressionWarningPatchArrayOutput

func (i ExpressionWarningPatchArray) ToExpressionWarningPatchArrayOutput() ExpressionWarningPatchArrayOutput

func (ExpressionWarningPatchArray) ToExpressionWarningPatchArrayOutputWithContext

func (i ExpressionWarningPatchArray) ToExpressionWarningPatchArrayOutputWithContext(ctx context.Context) ExpressionWarningPatchArrayOutput

func (ExpressionWarningPatchArray) ToOutput added in v4.2.0

type ExpressionWarningPatchArrayInput

type ExpressionWarningPatchArrayInput interface {
	pulumi.Input

	ToExpressionWarningPatchArrayOutput() ExpressionWarningPatchArrayOutput
	ToExpressionWarningPatchArrayOutputWithContext(context.Context) ExpressionWarningPatchArrayOutput
}

ExpressionWarningPatchArrayInput is an input type that accepts ExpressionWarningPatchArray and ExpressionWarningPatchArrayOutput values. You can construct a concrete instance of `ExpressionWarningPatchArrayInput` via:

ExpressionWarningPatchArray{ ExpressionWarningPatchArgs{...} }

type ExpressionWarningPatchArrayOutput

type ExpressionWarningPatchArrayOutput struct{ *pulumi.OutputState }

func (ExpressionWarningPatchArrayOutput) ElementType

func (ExpressionWarningPatchArrayOutput) Index

func (ExpressionWarningPatchArrayOutput) ToExpressionWarningPatchArrayOutput

func (o ExpressionWarningPatchArrayOutput) ToExpressionWarningPatchArrayOutput() ExpressionWarningPatchArrayOutput

func (ExpressionWarningPatchArrayOutput) ToExpressionWarningPatchArrayOutputWithContext

func (o ExpressionWarningPatchArrayOutput) ToExpressionWarningPatchArrayOutputWithContext(ctx context.Context) ExpressionWarningPatchArrayOutput

func (ExpressionWarningPatchArrayOutput) ToOutput added in v4.2.0

type ExpressionWarningPatchInput

type ExpressionWarningPatchInput interface {
	pulumi.Input

	ToExpressionWarningPatchOutput() ExpressionWarningPatchOutput
	ToExpressionWarningPatchOutputWithContext(context.Context) ExpressionWarningPatchOutput
}

ExpressionWarningPatchInput is an input type that accepts ExpressionWarningPatchArgs and ExpressionWarningPatchOutput values. You can construct a concrete instance of `ExpressionWarningPatchInput` via:

ExpressionWarningPatchArgs{...}

type ExpressionWarningPatchOutput

type ExpressionWarningPatchOutput struct{ *pulumi.OutputState }

ExpressionWarning is a warning information that targets a specific expression.

func (ExpressionWarningPatchOutput) ElementType

func (ExpressionWarningPatchOutput) FieldRef

The path to the field that refers the expression. For example, the reference to the expression of the first item of validations is "spec.validations[0].expression"

func (ExpressionWarningPatchOutput) ToExpressionWarningPatchOutput

func (o ExpressionWarningPatchOutput) ToExpressionWarningPatchOutput() ExpressionWarningPatchOutput

func (ExpressionWarningPatchOutput) ToExpressionWarningPatchOutputWithContext

func (o ExpressionWarningPatchOutput) ToExpressionWarningPatchOutputWithContext(ctx context.Context) ExpressionWarningPatchOutput

func (ExpressionWarningPatchOutput) ToOutput added in v4.2.0

func (ExpressionWarningPatchOutput) Warning

The content of type checking information in a human-readable form. Each line of the warning contains the type that the expression is checked against, followed by the type check error from the compiler.

type MatchCondition

type MatchCondition struct {
	// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
	//
	// 'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
	// 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
	//   request resource.
	// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
	//
	// Required.
	Expression string `pulumi:"expression"`
	// Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName',  or 'my.name',  or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
	//
	// Required.
	Name string `pulumi:"name"`
}

type MatchConditionArgs

type MatchConditionArgs struct {
	// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
	//
	// 'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
	// 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
	//   request resource.
	// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
	//
	// Required.
	Expression pulumi.StringInput `pulumi:"expression"`
	// Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName',  or 'my.name',  or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
	//
	// Required.
	Name pulumi.StringInput `pulumi:"name"`
}

func (MatchConditionArgs) ElementType

func (MatchConditionArgs) ElementType() reflect.Type

func (MatchConditionArgs) ToMatchConditionOutput

func (i MatchConditionArgs) ToMatchConditionOutput() MatchConditionOutput

func (MatchConditionArgs) ToMatchConditionOutputWithContext

func (i MatchConditionArgs) ToMatchConditionOutputWithContext(ctx context.Context) MatchConditionOutput

func (MatchConditionArgs) ToOutput added in v4.2.0

type MatchConditionArray

type MatchConditionArray []MatchConditionInput

func (MatchConditionArray) ElementType

func (MatchConditionArray) ElementType() reflect.Type

func (MatchConditionArray) ToMatchConditionArrayOutput

func (i MatchConditionArray) ToMatchConditionArrayOutput() MatchConditionArrayOutput

func (MatchConditionArray) ToMatchConditionArrayOutputWithContext

func (i MatchConditionArray) ToMatchConditionArrayOutputWithContext(ctx context.Context) MatchConditionArrayOutput

func (MatchConditionArray) ToOutput added in v4.2.0

type MatchConditionArrayInput

type MatchConditionArrayInput interface {
	pulumi.Input

	ToMatchConditionArrayOutput() MatchConditionArrayOutput
	ToMatchConditionArrayOutputWithContext(context.Context) MatchConditionArrayOutput
}

MatchConditionArrayInput is an input type that accepts MatchConditionArray and MatchConditionArrayOutput values. You can construct a concrete instance of `MatchConditionArrayInput` via:

MatchConditionArray{ MatchConditionArgs{...} }

type MatchConditionArrayOutput

type MatchConditionArrayOutput struct{ *pulumi.OutputState }

func (MatchConditionArrayOutput) ElementType

func (MatchConditionArrayOutput) ElementType() reflect.Type

func (MatchConditionArrayOutput) Index

func (MatchConditionArrayOutput) ToMatchConditionArrayOutput

func (o MatchConditionArrayOutput) ToMatchConditionArrayOutput() MatchConditionArrayOutput

func (MatchConditionArrayOutput) ToMatchConditionArrayOutputWithContext

func (o MatchConditionArrayOutput) ToMatchConditionArrayOutputWithContext(ctx context.Context) MatchConditionArrayOutput

func (MatchConditionArrayOutput) ToOutput added in v4.2.0

type MatchConditionInput

type MatchConditionInput interface {
	pulumi.Input

	ToMatchConditionOutput() MatchConditionOutput
	ToMatchConditionOutputWithContext(context.Context) MatchConditionOutput
}

MatchConditionInput is an input type that accepts MatchConditionArgs and MatchConditionOutput values. You can construct a concrete instance of `MatchConditionInput` via:

MatchConditionArgs{...}

type MatchConditionOutput

type MatchConditionOutput struct{ *pulumi.OutputState }

func (MatchConditionOutput) ElementType

func (MatchConditionOutput) ElementType() reflect.Type

func (MatchConditionOutput) Expression

func (o MatchConditionOutput) Expression() pulumi.StringOutput

Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:

'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.

See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz

'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the

request resource.

Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/

Required.

func (MatchConditionOutput) Name

Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')

Required.

func (MatchConditionOutput) ToMatchConditionOutput

func (o MatchConditionOutput) ToMatchConditionOutput() MatchConditionOutput

func (MatchConditionOutput) ToMatchConditionOutputWithContext

func (o MatchConditionOutput) ToMatchConditionOutputWithContext(ctx context.Context) MatchConditionOutput

func (MatchConditionOutput) ToOutput added in v4.2.0

type MatchConditionPatch

type MatchConditionPatch struct {
	// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
	//
	// 'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
	// 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
	//   request resource.
	// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
	//
	// Required.
	Expression *string `pulumi:"expression"`
	// Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName',  or 'my.name',  or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
	//
	// Required.
	Name *string `pulumi:"name"`
}

type MatchConditionPatchArgs

type MatchConditionPatchArgs struct {
	// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
	//
	// 'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
	// 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
	//   request resource.
	// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
	//
	// Required.
	Expression pulumi.StringPtrInput `pulumi:"expression"`
	// Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName',  or 'my.name',  or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
	//
	// Required.
	Name pulumi.StringPtrInput `pulumi:"name"`
}

func (MatchConditionPatchArgs) ElementType

func (MatchConditionPatchArgs) ElementType() reflect.Type

func (MatchConditionPatchArgs) ToMatchConditionPatchOutput

func (i MatchConditionPatchArgs) ToMatchConditionPatchOutput() MatchConditionPatchOutput

func (MatchConditionPatchArgs) ToMatchConditionPatchOutputWithContext

func (i MatchConditionPatchArgs) ToMatchConditionPatchOutputWithContext(ctx context.Context) MatchConditionPatchOutput

func (MatchConditionPatchArgs) ToOutput added in v4.2.0

type MatchConditionPatchArray

type MatchConditionPatchArray []MatchConditionPatchInput

func (MatchConditionPatchArray) ElementType

func (MatchConditionPatchArray) ElementType() reflect.Type

func (MatchConditionPatchArray) ToMatchConditionPatchArrayOutput

func (i MatchConditionPatchArray) ToMatchConditionPatchArrayOutput() MatchConditionPatchArrayOutput

func (MatchConditionPatchArray) ToMatchConditionPatchArrayOutputWithContext

func (i MatchConditionPatchArray) ToMatchConditionPatchArrayOutputWithContext(ctx context.Context) MatchConditionPatchArrayOutput

func (MatchConditionPatchArray) ToOutput added in v4.2.0

type MatchConditionPatchArrayInput

type MatchConditionPatchArrayInput interface {
	pulumi.Input

	ToMatchConditionPatchArrayOutput() MatchConditionPatchArrayOutput
	ToMatchConditionPatchArrayOutputWithContext(context.Context) MatchConditionPatchArrayOutput
}

MatchConditionPatchArrayInput is an input type that accepts MatchConditionPatchArray and MatchConditionPatchArrayOutput values. You can construct a concrete instance of `MatchConditionPatchArrayInput` via:

MatchConditionPatchArray{ MatchConditionPatchArgs{...} }

type MatchConditionPatchArrayOutput

type MatchConditionPatchArrayOutput struct{ *pulumi.OutputState }

func (MatchConditionPatchArrayOutput) ElementType

func (MatchConditionPatchArrayOutput) Index

func (MatchConditionPatchArrayOutput) ToMatchConditionPatchArrayOutput

func (o MatchConditionPatchArrayOutput) ToMatchConditionPatchArrayOutput() MatchConditionPatchArrayOutput

func (MatchConditionPatchArrayOutput) ToMatchConditionPatchArrayOutputWithContext

func (o MatchConditionPatchArrayOutput) ToMatchConditionPatchArrayOutputWithContext(ctx context.Context) MatchConditionPatchArrayOutput

func (MatchConditionPatchArrayOutput) ToOutput added in v4.2.0

type MatchConditionPatchInput

type MatchConditionPatchInput interface {
	pulumi.Input

	ToMatchConditionPatchOutput() MatchConditionPatchOutput
	ToMatchConditionPatchOutputWithContext(context.Context) MatchConditionPatchOutput
}

MatchConditionPatchInput is an input type that accepts MatchConditionPatchArgs and MatchConditionPatchOutput values. You can construct a concrete instance of `MatchConditionPatchInput` via:

MatchConditionPatchArgs{...}

type MatchConditionPatchOutput

type MatchConditionPatchOutput struct{ *pulumi.OutputState }

func (MatchConditionPatchOutput) ElementType

func (MatchConditionPatchOutput) ElementType() reflect.Type

func (MatchConditionPatchOutput) Expression

Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:

'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.

See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz

'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the

request resource.

Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/

Required.

func (MatchConditionPatchOutput) Name

Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')

Required.

func (MatchConditionPatchOutput) ToMatchConditionPatchOutput

func (o MatchConditionPatchOutput) ToMatchConditionPatchOutput() MatchConditionPatchOutput

func (MatchConditionPatchOutput) ToMatchConditionPatchOutputWithContext

func (o MatchConditionPatchOutput) ToMatchConditionPatchOutputWithContext(ctx context.Context) MatchConditionPatchOutput

func (MatchConditionPatchOutput) ToOutput added in v4.2.0

type MatchResources

type MatchResources struct {
	// ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
	ExcludeResourceRules []NamedRuleWithOperations `pulumi:"excludeResourceRules"`
	// matchPolicy defines how the "MatchResources" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.
	//
	// Defaults to "Equivalent"
	MatchPolicy *string `pulumi:"matchPolicy"`
	// NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the policy on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector *metav1.LabelSelector `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector *metav1.LabelSelector `pulumi:"objectSelector"`
	// ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.
	ResourceRules []NamedRuleWithOperations `pulumi:"resourceRules"`
}

MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)

type MatchResourcesArgs

type MatchResourcesArgs struct {
	// ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
	ExcludeResourceRules NamedRuleWithOperationsArrayInput `pulumi:"excludeResourceRules"`
	// matchPolicy defines how the "MatchResources" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.
	//
	// Defaults to "Equivalent"
	MatchPolicy pulumi.StringPtrInput `pulumi:"matchPolicy"`
	// NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the policy on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector metav1.LabelSelectorPtrInput `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector metav1.LabelSelectorPtrInput `pulumi:"objectSelector"`
	// ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.
	ResourceRules NamedRuleWithOperationsArrayInput `pulumi:"resourceRules"`
}

MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)

func (MatchResourcesArgs) ElementType

func (MatchResourcesArgs) ElementType() reflect.Type

func (MatchResourcesArgs) ToMatchResourcesOutput

func (i MatchResourcesArgs) ToMatchResourcesOutput() MatchResourcesOutput

func (MatchResourcesArgs) ToMatchResourcesOutputWithContext

func (i MatchResourcesArgs) ToMatchResourcesOutputWithContext(ctx context.Context) MatchResourcesOutput

func (MatchResourcesArgs) ToMatchResourcesPtrOutput

func (i MatchResourcesArgs) ToMatchResourcesPtrOutput() MatchResourcesPtrOutput

func (MatchResourcesArgs) ToMatchResourcesPtrOutputWithContext

func (i MatchResourcesArgs) ToMatchResourcesPtrOutputWithContext(ctx context.Context) MatchResourcesPtrOutput

func (MatchResourcesArgs) ToOutput added in v4.2.0

type MatchResourcesInput

type MatchResourcesInput interface {
	pulumi.Input

	ToMatchResourcesOutput() MatchResourcesOutput
	ToMatchResourcesOutputWithContext(context.Context) MatchResourcesOutput
}

MatchResourcesInput is an input type that accepts MatchResourcesArgs and MatchResourcesOutput values. You can construct a concrete instance of `MatchResourcesInput` via:

MatchResourcesArgs{...}

type MatchResourcesOutput

type MatchResourcesOutput struct{ *pulumi.OutputState }

MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)

func (MatchResourcesOutput) ElementType

func (MatchResourcesOutput) ElementType() reflect.Type

func (MatchResourcesOutput) ExcludeResourceRules

ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)

func (MatchResourcesOutput) MatchPolicy

matchPolicy defines how the "MatchResources" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.

- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.

Defaults to "Equivalent"

func (MatchResourcesOutput) NamespaceSelector

func (o MatchResourcesOutput) NamespaceSelector() metav1.LabelSelectorPtrOutput

NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy.

For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "runlevel",
      "operator": "NotIn",
      "values": [
        "0",
        "1"
      ]
    }
  ]
}

If instead you want to only run the policy on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "environment",
      "operator": "In",
      "values": [
        "prod",
        "staging"
      ]
    }
  ]
}

See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

func (MatchResourcesOutput) ObjectSelector

ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.

func (MatchResourcesOutput) ResourceRules

ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.

func (MatchResourcesOutput) ToMatchResourcesOutput

func (o MatchResourcesOutput) ToMatchResourcesOutput() MatchResourcesOutput

func (MatchResourcesOutput) ToMatchResourcesOutputWithContext

func (o MatchResourcesOutput) ToMatchResourcesOutputWithContext(ctx context.Context) MatchResourcesOutput

func (MatchResourcesOutput) ToMatchResourcesPtrOutput

func (o MatchResourcesOutput) ToMatchResourcesPtrOutput() MatchResourcesPtrOutput

func (MatchResourcesOutput) ToMatchResourcesPtrOutputWithContext

func (o MatchResourcesOutput) ToMatchResourcesPtrOutputWithContext(ctx context.Context) MatchResourcesPtrOutput

func (MatchResourcesOutput) ToOutput added in v4.2.0

type MatchResourcesPatch

type MatchResourcesPatch struct {
	// ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
	ExcludeResourceRules []NamedRuleWithOperationsPatch `pulumi:"excludeResourceRules"`
	// matchPolicy defines how the "MatchResources" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.
	//
	// Defaults to "Equivalent"
	MatchPolicy *string `pulumi:"matchPolicy"`
	// NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the policy on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector *metav1.LabelSelectorPatch `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector *metav1.LabelSelectorPatch `pulumi:"objectSelector"`
	// ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.
	ResourceRules []NamedRuleWithOperationsPatch `pulumi:"resourceRules"`
}

MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)

type MatchResourcesPatchArgs

type MatchResourcesPatchArgs struct {
	// ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
	ExcludeResourceRules NamedRuleWithOperationsPatchArrayInput `pulumi:"excludeResourceRules"`
	// matchPolicy defines how the "MatchResources" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.
	//
	// Defaults to "Equivalent"
	MatchPolicy pulumi.StringPtrInput `pulumi:"matchPolicy"`
	// NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the policy on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector metav1.LabelSelectorPatchPtrInput `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector metav1.LabelSelectorPatchPtrInput `pulumi:"objectSelector"`
	// ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.
	ResourceRules NamedRuleWithOperationsPatchArrayInput `pulumi:"resourceRules"`
}

MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)

func (MatchResourcesPatchArgs) ElementType

func (MatchResourcesPatchArgs) ElementType() reflect.Type

func (MatchResourcesPatchArgs) ToMatchResourcesPatchOutput

func (i MatchResourcesPatchArgs) ToMatchResourcesPatchOutput() MatchResourcesPatchOutput

func (MatchResourcesPatchArgs) ToMatchResourcesPatchOutputWithContext

func (i MatchResourcesPatchArgs) ToMatchResourcesPatchOutputWithContext(ctx context.Context) MatchResourcesPatchOutput

func (MatchResourcesPatchArgs) ToMatchResourcesPatchPtrOutput

func (i MatchResourcesPatchArgs) ToMatchResourcesPatchPtrOutput() MatchResourcesPatchPtrOutput

func (MatchResourcesPatchArgs) ToMatchResourcesPatchPtrOutputWithContext

func (i MatchResourcesPatchArgs) ToMatchResourcesPatchPtrOutputWithContext(ctx context.Context) MatchResourcesPatchPtrOutput

func (MatchResourcesPatchArgs) ToOutput added in v4.2.0

type MatchResourcesPatchInput

type MatchResourcesPatchInput interface {
	pulumi.Input

	ToMatchResourcesPatchOutput() MatchResourcesPatchOutput
	ToMatchResourcesPatchOutputWithContext(context.Context) MatchResourcesPatchOutput
}

MatchResourcesPatchInput is an input type that accepts MatchResourcesPatchArgs and MatchResourcesPatchOutput values. You can construct a concrete instance of `MatchResourcesPatchInput` via:

MatchResourcesPatchArgs{...}

type MatchResourcesPatchOutput

type MatchResourcesPatchOutput struct{ *pulumi.OutputState }

MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)

func (MatchResourcesPatchOutput) ElementType

func (MatchResourcesPatchOutput) ElementType() reflect.Type

func (MatchResourcesPatchOutput) ExcludeResourceRules

ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)

func (MatchResourcesPatchOutput) MatchPolicy

matchPolicy defines how the "MatchResources" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.

- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.

Defaults to "Equivalent"

func (MatchResourcesPatchOutput) NamespaceSelector

NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy.

For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "runlevel",
      "operator": "NotIn",
      "values": [
        "0",
        "1"
      ]
    }
  ]
}

If instead you want to only run the policy on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "environment",
      "operator": "In",
      "values": [
        "prod",
        "staging"
      ]
    }
  ]
}

See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

func (MatchResourcesPatchOutput) ObjectSelector

ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.

func (MatchResourcesPatchOutput) ResourceRules

ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.

func (MatchResourcesPatchOutput) ToMatchResourcesPatchOutput

func (o MatchResourcesPatchOutput) ToMatchResourcesPatchOutput() MatchResourcesPatchOutput

func (MatchResourcesPatchOutput) ToMatchResourcesPatchOutputWithContext

func (o MatchResourcesPatchOutput) ToMatchResourcesPatchOutputWithContext(ctx context.Context) MatchResourcesPatchOutput

func (MatchResourcesPatchOutput) ToMatchResourcesPatchPtrOutput

func (o MatchResourcesPatchOutput) ToMatchResourcesPatchPtrOutput() MatchResourcesPatchPtrOutput

func (MatchResourcesPatchOutput) ToMatchResourcesPatchPtrOutputWithContext

func (o MatchResourcesPatchOutput) ToMatchResourcesPatchPtrOutputWithContext(ctx context.Context) MatchResourcesPatchPtrOutput

func (MatchResourcesPatchOutput) ToOutput added in v4.2.0

type MatchResourcesPatchPtrInput

type MatchResourcesPatchPtrInput interface {
	pulumi.Input

	ToMatchResourcesPatchPtrOutput() MatchResourcesPatchPtrOutput
	ToMatchResourcesPatchPtrOutputWithContext(context.Context) MatchResourcesPatchPtrOutput
}

MatchResourcesPatchPtrInput is an input type that accepts MatchResourcesPatchArgs, MatchResourcesPatchPtr and MatchResourcesPatchPtrOutput values. You can construct a concrete instance of `MatchResourcesPatchPtrInput` via:

        MatchResourcesPatchArgs{...}

or:

        nil

type MatchResourcesPatchPtrOutput

type MatchResourcesPatchPtrOutput struct{ *pulumi.OutputState }

func (MatchResourcesPatchPtrOutput) Elem

func (MatchResourcesPatchPtrOutput) ElementType

func (MatchResourcesPatchPtrOutput) ExcludeResourceRules

ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)

func (MatchResourcesPatchPtrOutput) MatchPolicy

matchPolicy defines how the "MatchResources" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.

- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.

Defaults to "Equivalent"

func (MatchResourcesPatchPtrOutput) NamespaceSelector

NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy.

For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "runlevel",
      "operator": "NotIn",
      "values": [
        "0",
        "1"
      ]
    }
  ]
}

If instead you want to only run the policy on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "environment",
      "operator": "In",
      "values": [
        "prod",
        "staging"
      ]
    }
  ]
}

See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

func (MatchResourcesPatchPtrOutput) ObjectSelector

ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.

func (MatchResourcesPatchPtrOutput) ResourceRules

ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.

func (MatchResourcesPatchPtrOutput) ToMatchResourcesPatchPtrOutput

func (o MatchResourcesPatchPtrOutput) ToMatchResourcesPatchPtrOutput() MatchResourcesPatchPtrOutput

func (MatchResourcesPatchPtrOutput) ToMatchResourcesPatchPtrOutputWithContext

func (o MatchResourcesPatchPtrOutput) ToMatchResourcesPatchPtrOutputWithContext(ctx context.Context) MatchResourcesPatchPtrOutput

func (MatchResourcesPatchPtrOutput) ToOutput added in v4.2.0

type MatchResourcesPtrInput

type MatchResourcesPtrInput interface {
	pulumi.Input

	ToMatchResourcesPtrOutput() MatchResourcesPtrOutput
	ToMatchResourcesPtrOutputWithContext(context.Context) MatchResourcesPtrOutput
}

MatchResourcesPtrInput is an input type that accepts MatchResourcesArgs, MatchResourcesPtr and MatchResourcesPtrOutput values. You can construct a concrete instance of `MatchResourcesPtrInput` via:

        MatchResourcesArgs{...}

or:

        nil

type MatchResourcesPtrOutput

type MatchResourcesPtrOutput struct{ *pulumi.OutputState }

func (MatchResourcesPtrOutput) Elem

func (MatchResourcesPtrOutput) ElementType

func (MatchResourcesPtrOutput) ElementType() reflect.Type

func (MatchResourcesPtrOutput) ExcludeResourceRules

ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)

func (MatchResourcesPtrOutput) MatchPolicy

matchPolicy defines how the "MatchResources" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.

- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.

Defaults to "Equivalent"

func (MatchResourcesPtrOutput) NamespaceSelector

NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy.

For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "runlevel",
      "operator": "NotIn",
      "values": [
        "0",
        "1"
      ]
    }
  ]
}

If instead you want to only run the policy on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "environment",
      "operator": "In",
      "values": [
        "prod",
        "staging"
      ]
    }
  ]
}

See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

func (MatchResourcesPtrOutput) ObjectSelector

ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.

func (MatchResourcesPtrOutput) ResourceRules

ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.

func (MatchResourcesPtrOutput) ToMatchResourcesPtrOutput

func (o MatchResourcesPtrOutput) ToMatchResourcesPtrOutput() MatchResourcesPtrOutput

func (MatchResourcesPtrOutput) ToMatchResourcesPtrOutputWithContext

func (o MatchResourcesPtrOutput) ToMatchResourcesPtrOutputWithContext(ctx context.Context) MatchResourcesPtrOutput

func (MatchResourcesPtrOutput) ToOutput added in v4.2.0

type NamedRuleWithOperations

type NamedRuleWithOperations struct {
	// APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
	ApiGroups []string `pulumi:"apiGroups"`
	// APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.
	ApiVersions []string `pulumi:"apiVersions"`
	// Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.
	Operations []string `pulumi:"operations"`
	// ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.
	ResourceNames []string `pulumi:"resourceNames"`
	// Resources is a list of resources this rule applies to.
	//
	// For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.
	//
	// If wildcard is present, the validation rule will ensure resources do not overlap with each other.
	//
	// Depending on the enclosing object, subresources might not be allowed. Required.
	Resources []string `pulumi:"resources"`
	// scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
	Scope *string `pulumi:"scope"`
}

NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames.

type NamedRuleWithOperationsArgs

type NamedRuleWithOperationsArgs struct {
	// APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
	ApiGroups pulumi.StringArrayInput `pulumi:"apiGroups"`
	// APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.
	ApiVersions pulumi.StringArrayInput `pulumi:"apiVersions"`
	// Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.
	Operations pulumi.StringArrayInput `pulumi:"operations"`
	// ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.
	ResourceNames pulumi.StringArrayInput `pulumi:"resourceNames"`
	// Resources is a list of resources this rule applies to.
	//
	// For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.
	//
	// If wildcard is present, the validation rule will ensure resources do not overlap with each other.
	//
	// Depending on the enclosing object, subresources might not be allowed. Required.
	Resources pulumi.StringArrayInput `pulumi:"resources"`
	// scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
	Scope pulumi.StringPtrInput `pulumi:"scope"`
}

NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames.

func (NamedRuleWithOperationsArgs) ElementType

func (NamedRuleWithOperationsArgs) ToNamedRuleWithOperationsOutput

func (i NamedRuleWithOperationsArgs) ToNamedRuleWithOperationsOutput() NamedRuleWithOperationsOutput

func (NamedRuleWithOperationsArgs) ToNamedRuleWithOperationsOutputWithContext

func (i NamedRuleWithOperationsArgs) ToNamedRuleWithOperationsOutputWithContext(ctx context.Context) NamedRuleWithOperationsOutput

func (NamedRuleWithOperationsArgs) ToOutput added in v4.2.0

type NamedRuleWithOperationsArray

type NamedRuleWithOperationsArray []NamedRuleWithOperationsInput

func (NamedRuleWithOperationsArray) ElementType

func (NamedRuleWithOperationsArray) ToNamedRuleWithOperationsArrayOutput

func (i NamedRuleWithOperationsArray) ToNamedRuleWithOperationsArrayOutput() NamedRuleWithOperationsArrayOutput

func (NamedRuleWithOperationsArray) ToNamedRuleWithOperationsArrayOutputWithContext

func (i NamedRuleWithOperationsArray) ToNamedRuleWithOperationsArrayOutputWithContext(ctx context.Context) NamedRuleWithOperationsArrayOutput

func (NamedRuleWithOperationsArray) ToOutput added in v4.2.0

type NamedRuleWithOperationsArrayInput

type NamedRuleWithOperationsArrayInput interface {
	pulumi.Input

	ToNamedRuleWithOperationsArrayOutput() NamedRuleWithOperationsArrayOutput
	ToNamedRuleWithOperationsArrayOutputWithContext(context.Context) NamedRuleWithOperationsArrayOutput
}

NamedRuleWithOperationsArrayInput is an input type that accepts NamedRuleWithOperationsArray and NamedRuleWithOperationsArrayOutput values. You can construct a concrete instance of `NamedRuleWithOperationsArrayInput` via:

NamedRuleWithOperationsArray{ NamedRuleWithOperationsArgs{...} }

type NamedRuleWithOperationsArrayOutput

type NamedRuleWithOperationsArrayOutput struct{ *pulumi.OutputState }

func (NamedRuleWithOperationsArrayOutput) ElementType

func (NamedRuleWithOperationsArrayOutput) Index

func (NamedRuleWithOperationsArrayOutput) ToNamedRuleWithOperationsArrayOutput

func (o NamedRuleWithOperationsArrayOutput) ToNamedRuleWithOperationsArrayOutput() NamedRuleWithOperationsArrayOutput

func (NamedRuleWithOperationsArrayOutput) ToNamedRuleWithOperationsArrayOutputWithContext

func (o NamedRuleWithOperationsArrayOutput) ToNamedRuleWithOperationsArrayOutputWithContext(ctx context.Context) NamedRuleWithOperationsArrayOutput

func (NamedRuleWithOperationsArrayOutput) ToOutput added in v4.2.0

type NamedRuleWithOperationsInput

type NamedRuleWithOperationsInput interface {
	pulumi.Input

	ToNamedRuleWithOperationsOutput() NamedRuleWithOperationsOutput
	ToNamedRuleWithOperationsOutputWithContext(context.Context) NamedRuleWithOperationsOutput
}

NamedRuleWithOperationsInput is an input type that accepts NamedRuleWithOperationsArgs and NamedRuleWithOperationsOutput values. You can construct a concrete instance of `NamedRuleWithOperationsInput` via:

NamedRuleWithOperationsArgs{...}

type NamedRuleWithOperationsOutput

type NamedRuleWithOperationsOutput struct{ *pulumi.OutputState }

NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames.

func (NamedRuleWithOperationsOutput) ApiGroups

APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.

func (NamedRuleWithOperationsOutput) ApiVersions

APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.

func (NamedRuleWithOperationsOutput) ElementType

func (NamedRuleWithOperationsOutput) Operations

Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.

func (NamedRuleWithOperationsOutput) ResourceNames

ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.

func (NamedRuleWithOperationsOutput) Resources

Resources is a list of resources this rule applies to.

For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.

If wildcard is present, the validation rule will ensure resources do not overlap with each other.

Depending on the enclosing object, subresources might not be allowed. Required.

func (NamedRuleWithOperationsOutput) Scope

scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".

func (NamedRuleWithOperationsOutput) ToNamedRuleWithOperationsOutput

func (o NamedRuleWithOperationsOutput) ToNamedRuleWithOperationsOutput() NamedRuleWithOperationsOutput

func (NamedRuleWithOperationsOutput) ToNamedRuleWithOperationsOutputWithContext

func (o NamedRuleWithOperationsOutput) ToNamedRuleWithOperationsOutputWithContext(ctx context.Context) NamedRuleWithOperationsOutput

func (NamedRuleWithOperationsOutput) ToOutput added in v4.2.0

type NamedRuleWithOperationsPatch

type NamedRuleWithOperationsPatch struct {
	// APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
	ApiGroups []string `pulumi:"apiGroups"`
	// APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.
	ApiVersions []string `pulumi:"apiVersions"`
	// Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.
	Operations []string `pulumi:"operations"`
	// ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.
	ResourceNames []string `pulumi:"resourceNames"`
	// Resources is a list of resources this rule applies to.
	//
	// For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.
	//
	// If wildcard is present, the validation rule will ensure resources do not overlap with each other.
	//
	// Depending on the enclosing object, subresources might not be allowed. Required.
	Resources []string `pulumi:"resources"`
	// scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
	Scope *string `pulumi:"scope"`
}

NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames.

type NamedRuleWithOperationsPatchArgs

type NamedRuleWithOperationsPatchArgs struct {
	// APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
	ApiGroups pulumi.StringArrayInput `pulumi:"apiGroups"`
	// APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.
	ApiVersions pulumi.StringArrayInput `pulumi:"apiVersions"`
	// Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.
	Operations pulumi.StringArrayInput `pulumi:"operations"`
	// ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.
	ResourceNames pulumi.StringArrayInput `pulumi:"resourceNames"`
	// Resources is a list of resources this rule applies to.
	//
	// For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.
	//
	// If wildcard is present, the validation rule will ensure resources do not overlap with each other.
	//
	// Depending on the enclosing object, subresources might not be allowed. Required.
	Resources pulumi.StringArrayInput `pulumi:"resources"`
	// scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
	Scope pulumi.StringPtrInput `pulumi:"scope"`
}

NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames.

func (NamedRuleWithOperationsPatchArgs) ElementType

func (NamedRuleWithOperationsPatchArgs) ToNamedRuleWithOperationsPatchOutput

func (i NamedRuleWithOperationsPatchArgs) ToNamedRuleWithOperationsPatchOutput() NamedRuleWithOperationsPatchOutput

func (NamedRuleWithOperationsPatchArgs) ToNamedRuleWithOperationsPatchOutputWithContext

func (i NamedRuleWithOperationsPatchArgs) ToNamedRuleWithOperationsPatchOutputWithContext(ctx context.Context) NamedRuleWithOperationsPatchOutput

func (NamedRuleWithOperationsPatchArgs) ToOutput added in v4.2.0

type NamedRuleWithOperationsPatchArray

type NamedRuleWithOperationsPatchArray []NamedRuleWithOperationsPatchInput

func (NamedRuleWithOperationsPatchArray) ElementType

func (NamedRuleWithOperationsPatchArray) ToNamedRuleWithOperationsPatchArrayOutput

func (i NamedRuleWithOperationsPatchArray) ToNamedRuleWithOperationsPatchArrayOutput() NamedRuleWithOperationsPatchArrayOutput

func (NamedRuleWithOperationsPatchArray) ToNamedRuleWithOperationsPatchArrayOutputWithContext

func (i NamedRuleWithOperationsPatchArray) ToNamedRuleWithOperationsPatchArrayOutputWithContext(ctx context.Context) NamedRuleWithOperationsPatchArrayOutput

func (NamedRuleWithOperationsPatchArray) ToOutput added in v4.2.0

type NamedRuleWithOperationsPatchArrayInput

type NamedRuleWithOperationsPatchArrayInput interface {
	pulumi.Input

	ToNamedRuleWithOperationsPatchArrayOutput() NamedRuleWithOperationsPatchArrayOutput
	ToNamedRuleWithOperationsPatchArrayOutputWithContext(context.Context) NamedRuleWithOperationsPatchArrayOutput
}

NamedRuleWithOperationsPatchArrayInput is an input type that accepts NamedRuleWithOperationsPatchArray and NamedRuleWithOperationsPatchArrayOutput values. You can construct a concrete instance of `NamedRuleWithOperationsPatchArrayInput` via:

NamedRuleWithOperationsPatchArray{ NamedRuleWithOperationsPatchArgs{...} }

type NamedRuleWithOperationsPatchArrayOutput

type NamedRuleWithOperationsPatchArrayOutput struct{ *pulumi.OutputState }

func (NamedRuleWithOperationsPatchArrayOutput) ElementType

func (NamedRuleWithOperationsPatchArrayOutput) Index

func (NamedRuleWithOperationsPatchArrayOutput) ToNamedRuleWithOperationsPatchArrayOutput

func (o NamedRuleWithOperationsPatchArrayOutput) ToNamedRuleWithOperationsPatchArrayOutput() NamedRuleWithOperationsPatchArrayOutput

func (NamedRuleWithOperationsPatchArrayOutput) ToNamedRuleWithOperationsPatchArrayOutputWithContext

func (o NamedRuleWithOperationsPatchArrayOutput) ToNamedRuleWithOperationsPatchArrayOutputWithContext(ctx context.Context) NamedRuleWithOperationsPatchArrayOutput

func (NamedRuleWithOperationsPatchArrayOutput) ToOutput added in v4.2.0

type NamedRuleWithOperationsPatchInput

type NamedRuleWithOperationsPatchInput interface {
	pulumi.Input

	ToNamedRuleWithOperationsPatchOutput() NamedRuleWithOperationsPatchOutput
	ToNamedRuleWithOperationsPatchOutputWithContext(context.Context) NamedRuleWithOperationsPatchOutput
}

NamedRuleWithOperationsPatchInput is an input type that accepts NamedRuleWithOperationsPatchArgs and NamedRuleWithOperationsPatchOutput values. You can construct a concrete instance of `NamedRuleWithOperationsPatchInput` via:

NamedRuleWithOperationsPatchArgs{...}

type NamedRuleWithOperationsPatchOutput

type NamedRuleWithOperationsPatchOutput struct{ *pulumi.OutputState }

NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames.

func (NamedRuleWithOperationsPatchOutput) ApiGroups

APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.

func (NamedRuleWithOperationsPatchOutput) ApiVersions

APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.

func (NamedRuleWithOperationsPatchOutput) ElementType

func (NamedRuleWithOperationsPatchOutput) Operations

Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.

func (NamedRuleWithOperationsPatchOutput) ResourceNames

ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.

func (NamedRuleWithOperationsPatchOutput) Resources

Resources is a list of resources this rule applies to.

For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.

If wildcard is present, the validation rule will ensure resources do not overlap with each other.

Depending on the enclosing object, subresources might not be allowed. Required.

func (NamedRuleWithOperationsPatchOutput) Scope

scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".

func (NamedRuleWithOperationsPatchOutput) ToNamedRuleWithOperationsPatchOutput

func (o NamedRuleWithOperationsPatchOutput) ToNamedRuleWithOperationsPatchOutput() NamedRuleWithOperationsPatchOutput

func (NamedRuleWithOperationsPatchOutput) ToNamedRuleWithOperationsPatchOutputWithContext

func (o NamedRuleWithOperationsPatchOutput) ToNamedRuleWithOperationsPatchOutputWithContext(ctx context.Context) NamedRuleWithOperationsPatchOutput

func (NamedRuleWithOperationsPatchOutput) ToOutput added in v4.2.0

type ParamKind

type ParamKind struct {
	// APIVersion is the API group version the resources belong to. In format of "group/version". Required.
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is the API kind the resources belong to. Required.
	Kind *string `pulumi:"kind"`
}

ParamKind is a tuple of Group Kind and Version.

type ParamKindArgs

type ParamKindArgs struct {
	// APIVersion is the API group version the resources belong to. In format of "group/version". Required.
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is the API kind the resources belong to. Required.
	Kind pulumi.StringPtrInput `pulumi:"kind"`
}

ParamKind is a tuple of Group Kind and Version.

func (ParamKindArgs) ElementType

func (ParamKindArgs) ElementType() reflect.Type

func (ParamKindArgs) ToOutput added in v4.2.0

func (ParamKindArgs) ToParamKindOutput

func (i ParamKindArgs) ToParamKindOutput() ParamKindOutput

func (ParamKindArgs) ToParamKindOutputWithContext

func (i ParamKindArgs) ToParamKindOutputWithContext(ctx context.Context) ParamKindOutput

func (ParamKindArgs) ToParamKindPtrOutput

func (i ParamKindArgs) ToParamKindPtrOutput() ParamKindPtrOutput

func (ParamKindArgs) ToParamKindPtrOutputWithContext

func (i ParamKindArgs) ToParamKindPtrOutputWithContext(ctx context.Context) ParamKindPtrOutput

type ParamKindInput

type ParamKindInput interface {
	pulumi.Input

	ToParamKindOutput() ParamKindOutput
	ToParamKindOutputWithContext(context.Context) ParamKindOutput
}

ParamKindInput is an input type that accepts ParamKindArgs and ParamKindOutput values. You can construct a concrete instance of `ParamKindInput` via:

ParamKindArgs{...}

type ParamKindOutput

type ParamKindOutput struct{ *pulumi.OutputState }

ParamKind is a tuple of Group Kind and Version.

func (ParamKindOutput) ApiVersion

func (o ParamKindOutput) ApiVersion() pulumi.StringPtrOutput

APIVersion is the API group version the resources belong to. In format of "group/version". Required.

func (ParamKindOutput) ElementType

func (ParamKindOutput) ElementType() reflect.Type

func (ParamKindOutput) Kind

Kind is the API kind the resources belong to. Required.

func (ParamKindOutput) ToOutput added in v4.2.0

func (ParamKindOutput) ToParamKindOutput

func (o ParamKindOutput) ToParamKindOutput() ParamKindOutput

func (ParamKindOutput) ToParamKindOutputWithContext

func (o ParamKindOutput) ToParamKindOutputWithContext(ctx context.Context) ParamKindOutput

func (ParamKindOutput) ToParamKindPtrOutput

func (o ParamKindOutput) ToParamKindPtrOutput() ParamKindPtrOutput

func (ParamKindOutput) ToParamKindPtrOutputWithContext

func (o ParamKindOutput) ToParamKindPtrOutputWithContext(ctx context.Context) ParamKindPtrOutput

type ParamKindPatch

type ParamKindPatch struct {
	// APIVersion is the API group version the resources belong to. In format of "group/version". Required.
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is the API kind the resources belong to. Required.
	Kind *string `pulumi:"kind"`
}

ParamKind is a tuple of Group Kind and Version.

type ParamKindPatchArgs

type ParamKindPatchArgs struct {
	// APIVersion is the API group version the resources belong to. In format of "group/version". Required.
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is the API kind the resources belong to. Required.
	Kind pulumi.StringPtrInput `pulumi:"kind"`
}

ParamKind is a tuple of Group Kind and Version.

func (ParamKindPatchArgs) ElementType

func (ParamKindPatchArgs) ElementType() reflect.Type

func (ParamKindPatchArgs) ToOutput added in v4.2.0

func (ParamKindPatchArgs) ToParamKindPatchOutput

func (i ParamKindPatchArgs) ToParamKindPatchOutput() ParamKindPatchOutput

func (ParamKindPatchArgs) ToParamKindPatchOutputWithContext

func (i ParamKindPatchArgs) ToParamKindPatchOutputWithContext(ctx context.Context) ParamKindPatchOutput

func (ParamKindPatchArgs) ToParamKindPatchPtrOutput

func (i ParamKindPatchArgs) ToParamKindPatchPtrOutput() ParamKindPatchPtrOutput

func (ParamKindPatchArgs) ToParamKindPatchPtrOutputWithContext

func (i ParamKindPatchArgs) ToParamKindPatchPtrOutputWithContext(ctx context.Context) ParamKindPatchPtrOutput

type ParamKindPatchInput

type ParamKindPatchInput interface {
	pulumi.Input

	ToParamKindPatchOutput() ParamKindPatchOutput
	ToParamKindPatchOutputWithContext(context.Context) ParamKindPatchOutput
}

ParamKindPatchInput is an input type that accepts ParamKindPatchArgs and ParamKindPatchOutput values. You can construct a concrete instance of `ParamKindPatchInput` via:

ParamKindPatchArgs{...}

type ParamKindPatchOutput

type ParamKindPatchOutput struct{ *pulumi.OutputState }

ParamKind is a tuple of Group Kind and Version.

func (ParamKindPatchOutput) ApiVersion

APIVersion is the API group version the resources belong to. In format of "group/version". Required.

func (ParamKindPatchOutput) ElementType

func (ParamKindPatchOutput) ElementType() reflect.Type

func (ParamKindPatchOutput) Kind

Kind is the API kind the resources belong to. Required.

func (ParamKindPatchOutput) ToOutput added in v4.2.0

func (ParamKindPatchOutput) ToParamKindPatchOutput

func (o ParamKindPatchOutput) ToParamKindPatchOutput() ParamKindPatchOutput

func (ParamKindPatchOutput) ToParamKindPatchOutputWithContext

func (o ParamKindPatchOutput) ToParamKindPatchOutputWithContext(ctx context.Context) ParamKindPatchOutput

func (ParamKindPatchOutput) ToParamKindPatchPtrOutput

func (o ParamKindPatchOutput) ToParamKindPatchPtrOutput() ParamKindPatchPtrOutput

func (ParamKindPatchOutput) ToParamKindPatchPtrOutputWithContext

func (o ParamKindPatchOutput) ToParamKindPatchPtrOutputWithContext(ctx context.Context) ParamKindPatchPtrOutput

type ParamKindPatchPtrInput

type ParamKindPatchPtrInput interface {
	pulumi.Input

	ToParamKindPatchPtrOutput() ParamKindPatchPtrOutput
	ToParamKindPatchPtrOutputWithContext(context.Context) ParamKindPatchPtrOutput
}

ParamKindPatchPtrInput is an input type that accepts ParamKindPatchArgs, ParamKindPatchPtr and ParamKindPatchPtrOutput values. You can construct a concrete instance of `ParamKindPatchPtrInput` via:

        ParamKindPatchArgs{...}

or:

        nil

type ParamKindPatchPtrOutput

type ParamKindPatchPtrOutput struct{ *pulumi.OutputState }

func (ParamKindPatchPtrOutput) ApiVersion

APIVersion is the API group version the resources belong to. In format of "group/version". Required.

func (ParamKindPatchPtrOutput) Elem

func (ParamKindPatchPtrOutput) ElementType

func (ParamKindPatchPtrOutput) ElementType() reflect.Type

func (ParamKindPatchPtrOutput) Kind

Kind is the API kind the resources belong to. Required.

func (ParamKindPatchPtrOutput) ToOutput added in v4.2.0

func (ParamKindPatchPtrOutput) ToParamKindPatchPtrOutput

func (o ParamKindPatchPtrOutput) ToParamKindPatchPtrOutput() ParamKindPatchPtrOutput

func (ParamKindPatchPtrOutput) ToParamKindPatchPtrOutputWithContext

func (o ParamKindPatchPtrOutput) ToParamKindPatchPtrOutputWithContext(ctx context.Context) ParamKindPatchPtrOutput

type ParamKindPtrInput

type ParamKindPtrInput interface {
	pulumi.Input

	ToParamKindPtrOutput() ParamKindPtrOutput
	ToParamKindPtrOutputWithContext(context.Context) ParamKindPtrOutput
}

ParamKindPtrInput is an input type that accepts ParamKindArgs, ParamKindPtr and ParamKindPtrOutput values. You can construct a concrete instance of `ParamKindPtrInput` via:

        ParamKindArgs{...}

or:

        nil

func ParamKindPtr

func ParamKindPtr(v *ParamKindArgs) ParamKindPtrInput

type ParamKindPtrOutput

type ParamKindPtrOutput struct{ *pulumi.OutputState }

func (ParamKindPtrOutput) ApiVersion

func (o ParamKindPtrOutput) ApiVersion() pulumi.StringPtrOutput

APIVersion is the API group version the resources belong to. In format of "group/version". Required.

func (ParamKindPtrOutput) Elem

func (ParamKindPtrOutput) ElementType

func (ParamKindPtrOutput) ElementType() reflect.Type

func (ParamKindPtrOutput) Kind

Kind is the API kind the resources belong to. Required.

func (ParamKindPtrOutput) ToOutput added in v4.2.0

func (ParamKindPtrOutput) ToParamKindPtrOutput

func (o ParamKindPtrOutput) ToParamKindPtrOutput() ParamKindPtrOutput

func (ParamKindPtrOutput) ToParamKindPtrOutputWithContext

func (o ParamKindPtrOutput) ToParamKindPtrOutputWithContext(ctx context.Context) ParamKindPtrOutput

type ParamRef

type ParamRef struct {
	// `name` is the name of the resource being referenced.
	//
	// `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.
	Name *string `pulumi:"name"`
	// namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.
	//
	// A per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.
	//
	// - If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.
	//
	// - If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.
	Namespace *string `pulumi:"namespace"`
	// `parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.
	//
	// Allowed values are `Allow` or `Deny` Default to `Deny`
	ParameterNotFoundAction *string `pulumi:"parameterNotFoundAction"`
	// selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.
	//
	// If multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.
	//
	// One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.
	Selector *metav1.LabelSelector `pulumi:"selector"`
}

ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding.

type ParamRefArgs

type ParamRefArgs struct {
	// `name` is the name of the resource being referenced.
	//
	// `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.
	Name pulumi.StringPtrInput `pulumi:"name"`
	// namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.
	//
	// A per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.
	//
	// - If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.
	//
	// - If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.
	Namespace pulumi.StringPtrInput `pulumi:"namespace"`
	// `parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.
	//
	// Allowed values are `Allow` or `Deny` Default to `Deny`
	ParameterNotFoundAction pulumi.StringPtrInput `pulumi:"parameterNotFoundAction"`
	// selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.
	//
	// If multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.
	//
	// One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.
	Selector metav1.LabelSelectorPtrInput `pulumi:"selector"`
}

ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding.

func (ParamRefArgs) ElementType

func (ParamRefArgs) ElementType() reflect.Type

func (ParamRefArgs) ToOutput added in v4.2.0

func (ParamRefArgs) ToParamRefOutput

func (i ParamRefArgs) ToParamRefOutput() ParamRefOutput

func (ParamRefArgs) ToParamRefOutputWithContext

func (i ParamRefArgs) ToParamRefOutputWithContext(ctx context.Context) ParamRefOutput

func (ParamRefArgs) ToParamRefPtrOutput

func (i ParamRefArgs) ToParamRefPtrOutput() ParamRefPtrOutput

func (ParamRefArgs) ToParamRefPtrOutputWithContext

func (i ParamRefArgs) ToParamRefPtrOutputWithContext(ctx context.Context) ParamRefPtrOutput

type ParamRefInput

type ParamRefInput interface {
	pulumi.Input

	ToParamRefOutput() ParamRefOutput
	ToParamRefOutputWithContext(context.Context) ParamRefOutput
}

ParamRefInput is an input type that accepts ParamRefArgs and ParamRefOutput values. You can construct a concrete instance of `ParamRefInput` via:

ParamRefArgs{...}

type ParamRefOutput

type ParamRefOutput struct{ *pulumi.OutputState }

ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding.

func (ParamRefOutput) ElementType

func (ParamRefOutput) ElementType() reflect.Type

func (ParamRefOutput) Name

`name` is the name of the resource being referenced.

`name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.

func (ParamRefOutput) Namespace

func (o ParamRefOutput) Namespace() pulumi.StringPtrOutput

namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.

A per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.

- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.

- If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.

func (ParamRefOutput) ParameterNotFoundAction added in v4.1.0

func (o ParamRefOutput) ParameterNotFoundAction() pulumi.StringPtrOutput

`parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.

Allowed values are `Allow` or `Deny` Default to `Deny`

func (ParamRefOutput) Selector added in v4.1.0

selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.

If multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.

One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.

func (ParamRefOutput) ToOutput added in v4.2.0

func (ParamRefOutput) ToParamRefOutput

func (o ParamRefOutput) ToParamRefOutput() ParamRefOutput

func (ParamRefOutput) ToParamRefOutputWithContext

func (o ParamRefOutput) ToParamRefOutputWithContext(ctx context.Context) ParamRefOutput

func (ParamRefOutput) ToParamRefPtrOutput

func (o ParamRefOutput) ToParamRefPtrOutput() ParamRefPtrOutput

func (ParamRefOutput) ToParamRefPtrOutputWithContext

func (o ParamRefOutput) ToParamRefPtrOutputWithContext(ctx context.Context) ParamRefPtrOutput

type ParamRefPatch

type ParamRefPatch struct {
	// `name` is the name of the resource being referenced.
	//
	// `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.
	Name *string `pulumi:"name"`
	// namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.
	//
	// A per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.
	//
	// - If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.
	//
	// - If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.
	Namespace *string `pulumi:"namespace"`
	// `parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.
	//
	// Allowed values are `Allow` or `Deny` Default to `Deny`
	ParameterNotFoundAction *string `pulumi:"parameterNotFoundAction"`
	// selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.
	//
	// If multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.
	//
	// One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.
	Selector *metav1.LabelSelectorPatch `pulumi:"selector"`
}

ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding.

type ParamRefPatchArgs

type ParamRefPatchArgs struct {
	// `name` is the name of the resource being referenced.
	//
	// `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.
	Name pulumi.StringPtrInput `pulumi:"name"`
	// namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.
	//
	// A per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.
	//
	// - If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.
	//
	// - If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.
	Namespace pulumi.StringPtrInput `pulumi:"namespace"`
	// `parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.
	//
	// Allowed values are `Allow` or `Deny` Default to `Deny`
	ParameterNotFoundAction pulumi.StringPtrInput `pulumi:"parameterNotFoundAction"`
	// selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.
	//
	// If multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.
	//
	// One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.
	Selector metav1.LabelSelectorPatchPtrInput `pulumi:"selector"`
}

ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding.

func (ParamRefPatchArgs) ElementType

func (ParamRefPatchArgs) ElementType() reflect.Type

func (ParamRefPatchArgs) ToOutput added in v4.2.0

func (ParamRefPatchArgs) ToParamRefPatchOutput

func (i ParamRefPatchArgs) ToParamRefPatchOutput() ParamRefPatchOutput

func (ParamRefPatchArgs) ToParamRefPatchOutputWithContext

func (i ParamRefPatchArgs) ToParamRefPatchOutputWithContext(ctx context.Context) ParamRefPatchOutput

func (ParamRefPatchArgs) ToParamRefPatchPtrOutput

func (i ParamRefPatchArgs) ToParamRefPatchPtrOutput() ParamRefPatchPtrOutput

func (ParamRefPatchArgs) ToParamRefPatchPtrOutputWithContext

func (i ParamRefPatchArgs) ToParamRefPatchPtrOutputWithContext(ctx context.Context) ParamRefPatchPtrOutput

type ParamRefPatchInput

type ParamRefPatchInput interface {
	pulumi.Input

	ToParamRefPatchOutput() ParamRefPatchOutput
	ToParamRefPatchOutputWithContext(context.Context) ParamRefPatchOutput
}

ParamRefPatchInput is an input type that accepts ParamRefPatchArgs and ParamRefPatchOutput values. You can construct a concrete instance of `ParamRefPatchInput` via:

ParamRefPatchArgs{...}

type ParamRefPatchOutput

type ParamRefPatchOutput struct{ *pulumi.OutputState }

ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding.

func (ParamRefPatchOutput) ElementType

func (ParamRefPatchOutput) ElementType() reflect.Type

func (ParamRefPatchOutput) Name

`name` is the name of the resource being referenced.

`name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.

func (ParamRefPatchOutput) Namespace

namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.

A per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.

- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.

- If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.

func (ParamRefPatchOutput) ParameterNotFoundAction added in v4.1.0

func (o ParamRefPatchOutput) ParameterNotFoundAction() pulumi.StringPtrOutput

`parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.

Allowed values are `Allow` or `Deny` Default to `Deny`

func (ParamRefPatchOutput) Selector added in v4.1.0

selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.

If multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.

One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.

func (ParamRefPatchOutput) ToOutput added in v4.2.0

func (ParamRefPatchOutput) ToParamRefPatchOutput

func (o ParamRefPatchOutput) ToParamRefPatchOutput() ParamRefPatchOutput

func (ParamRefPatchOutput) ToParamRefPatchOutputWithContext

func (o ParamRefPatchOutput) ToParamRefPatchOutputWithContext(ctx context.Context) ParamRefPatchOutput

func (ParamRefPatchOutput) ToParamRefPatchPtrOutput

func (o ParamRefPatchOutput) ToParamRefPatchPtrOutput() ParamRefPatchPtrOutput

func (ParamRefPatchOutput) ToParamRefPatchPtrOutputWithContext

func (o ParamRefPatchOutput) ToParamRefPatchPtrOutputWithContext(ctx context.Context) ParamRefPatchPtrOutput

type ParamRefPatchPtrInput

type ParamRefPatchPtrInput interface {
	pulumi.Input

	ToParamRefPatchPtrOutput() ParamRefPatchPtrOutput
	ToParamRefPatchPtrOutputWithContext(context.Context) ParamRefPatchPtrOutput
}

ParamRefPatchPtrInput is an input type that accepts ParamRefPatchArgs, ParamRefPatchPtr and ParamRefPatchPtrOutput values. You can construct a concrete instance of `ParamRefPatchPtrInput` via:

        ParamRefPatchArgs{...}

or:

        nil

type ParamRefPatchPtrOutput

type ParamRefPatchPtrOutput struct{ *pulumi.OutputState }

func (ParamRefPatchPtrOutput) Elem

func (ParamRefPatchPtrOutput) ElementType

func (ParamRefPatchPtrOutput) ElementType() reflect.Type

func (ParamRefPatchPtrOutput) Name

`name` is the name of the resource being referenced.

`name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.

func (ParamRefPatchPtrOutput) Namespace

namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.

A per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.

- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.

- If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.

func (ParamRefPatchPtrOutput) ParameterNotFoundAction added in v4.1.0

func (o ParamRefPatchPtrOutput) ParameterNotFoundAction() pulumi.StringPtrOutput

`parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.

Allowed values are `Allow` or `Deny` Default to `Deny`

func (ParamRefPatchPtrOutput) Selector added in v4.1.0

selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.

If multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.

One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.

func (ParamRefPatchPtrOutput) ToOutput added in v4.2.0

func (ParamRefPatchPtrOutput) ToParamRefPatchPtrOutput

func (o ParamRefPatchPtrOutput) ToParamRefPatchPtrOutput() ParamRefPatchPtrOutput

func (ParamRefPatchPtrOutput) ToParamRefPatchPtrOutputWithContext

func (o ParamRefPatchPtrOutput) ToParamRefPatchPtrOutputWithContext(ctx context.Context) ParamRefPatchPtrOutput

type ParamRefPtrInput

type ParamRefPtrInput interface {
	pulumi.Input

	ToParamRefPtrOutput() ParamRefPtrOutput
	ToParamRefPtrOutputWithContext(context.Context) ParamRefPtrOutput
}

ParamRefPtrInput is an input type that accepts ParamRefArgs, ParamRefPtr and ParamRefPtrOutput values. You can construct a concrete instance of `ParamRefPtrInput` via:

        ParamRefArgs{...}

or:

        nil

func ParamRefPtr

func ParamRefPtr(v *ParamRefArgs) ParamRefPtrInput

type ParamRefPtrOutput

type ParamRefPtrOutput struct{ *pulumi.OutputState }

func (ParamRefPtrOutput) Elem

func (ParamRefPtrOutput) ElementType

func (ParamRefPtrOutput) ElementType() reflect.Type

func (ParamRefPtrOutput) Name

`name` is the name of the resource being referenced.

`name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.

func (ParamRefPtrOutput) Namespace

namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.

A per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.

- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.

- If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.

func (ParamRefPtrOutput) ParameterNotFoundAction added in v4.1.0

func (o ParamRefPtrOutput) ParameterNotFoundAction() pulumi.StringPtrOutput

`parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.

Allowed values are `Allow` or `Deny` Default to `Deny`

func (ParamRefPtrOutput) Selector added in v4.1.0

selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.

If multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.

One of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.

func (ParamRefPtrOutput) ToOutput added in v4.2.0

func (ParamRefPtrOutput) ToParamRefPtrOutput

func (o ParamRefPtrOutput) ToParamRefPtrOutput() ParamRefPtrOutput

func (ParamRefPtrOutput) ToParamRefPtrOutputWithContext

func (o ParamRefPtrOutput) ToParamRefPtrOutputWithContext(ctx context.Context) ParamRefPtrOutput

type TypeChecking

type TypeChecking struct {
	// The type checking warnings for each expression.
	ExpressionWarnings []ExpressionWarning `pulumi:"expressionWarnings"`
}

TypeChecking contains results of type checking the expressions in the ValidatingAdmissionPolicy

type TypeCheckingArgs

type TypeCheckingArgs struct {
	// The type checking warnings for each expression.
	ExpressionWarnings ExpressionWarningArrayInput `pulumi:"expressionWarnings"`
}

TypeChecking contains results of type checking the expressions in the ValidatingAdmissionPolicy

func (TypeCheckingArgs) ElementType

func (TypeCheckingArgs) ElementType() reflect.Type

func (TypeCheckingArgs) ToOutput added in v4.2.0

func (TypeCheckingArgs) ToTypeCheckingOutput

func (i TypeCheckingArgs) ToTypeCheckingOutput() TypeCheckingOutput

func (TypeCheckingArgs) ToTypeCheckingOutputWithContext

func (i TypeCheckingArgs) ToTypeCheckingOutputWithContext(ctx context.Context) TypeCheckingOutput

func (TypeCheckingArgs) ToTypeCheckingPtrOutput

func (i TypeCheckingArgs) ToTypeCheckingPtrOutput() TypeCheckingPtrOutput

func (TypeCheckingArgs) ToTypeCheckingPtrOutputWithContext

func (i TypeCheckingArgs) ToTypeCheckingPtrOutputWithContext(ctx context.Context) TypeCheckingPtrOutput

type TypeCheckingInput

type TypeCheckingInput interface {
	pulumi.Input

	ToTypeCheckingOutput() TypeCheckingOutput
	ToTypeCheckingOutputWithContext(context.Context) TypeCheckingOutput
}

TypeCheckingInput is an input type that accepts TypeCheckingArgs and TypeCheckingOutput values. You can construct a concrete instance of `TypeCheckingInput` via:

TypeCheckingArgs{...}

type TypeCheckingOutput

type TypeCheckingOutput struct{ *pulumi.OutputState }

TypeChecking contains results of type checking the expressions in the ValidatingAdmissionPolicy

func (TypeCheckingOutput) ElementType

func (TypeCheckingOutput) ElementType() reflect.Type

func (TypeCheckingOutput) ExpressionWarnings

func (o TypeCheckingOutput) ExpressionWarnings() ExpressionWarningArrayOutput

The type checking warnings for each expression.

func (TypeCheckingOutput) ToOutput added in v4.2.0

func (TypeCheckingOutput) ToTypeCheckingOutput

func (o TypeCheckingOutput) ToTypeCheckingOutput() TypeCheckingOutput

func (TypeCheckingOutput) ToTypeCheckingOutputWithContext

func (o TypeCheckingOutput) ToTypeCheckingOutputWithContext(ctx context.Context) TypeCheckingOutput

func (TypeCheckingOutput) ToTypeCheckingPtrOutput

func (o TypeCheckingOutput) ToTypeCheckingPtrOutput() TypeCheckingPtrOutput

func (TypeCheckingOutput) ToTypeCheckingPtrOutputWithContext

func (o TypeCheckingOutput) ToTypeCheckingPtrOutputWithContext(ctx context.Context) TypeCheckingPtrOutput

type TypeCheckingPatch

type TypeCheckingPatch struct {
	// The type checking warnings for each expression.
	ExpressionWarnings []ExpressionWarningPatch `pulumi:"expressionWarnings"`
}

TypeChecking contains results of type checking the expressions in the ValidatingAdmissionPolicy

type TypeCheckingPatchArgs

type TypeCheckingPatchArgs struct {
	// The type checking warnings for each expression.
	ExpressionWarnings ExpressionWarningPatchArrayInput `pulumi:"expressionWarnings"`
}

TypeChecking contains results of type checking the expressions in the ValidatingAdmissionPolicy

func (TypeCheckingPatchArgs) ElementType

func (TypeCheckingPatchArgs) ElementType() reflect.Type

func (TypeCheckingPatchArgs) ToOutput added in v4.2.0

func (TypeCheckingPatchArgs) ToTypeCheckingPatchOutput

func (i TypeCheckingPatchArgs) ToTypeCheckingPatchOutput() TypeCheckingPatchOutput

func (TypeCheckingPatchArgs) ToTypeCheckingPatchOutputWithContext

func (i TypeCheckingPatchArgs) ToTypeCheckingPatchOutputWithContext(ctx context.Context) TypeCheckingPatchOutput

func (TypeCheckingPatchArgs) ToTypeCheckingPatchPtrOutput

func (i TypeCheckingPatchArgs) ToTypeCheckingPatchPtrOutput() TypeCheckingPatchPtrOutput

func (TypeCheckingPatchArgs) ToTypeCheckingPatchPtrOutputWithContext

func (i TypeCheckingPatchArgs) ToTypeCheckingPatchPtrOutputWithContext(ctx context.Context) TypeCheckingPatchPtrOutput

type TypeCheckingPatchInput

type TypeCheckingPatchInput interface {
	pulumi.Input

	ToTypeCheckingPatchOutput() TypeCheckingPatchOutput
	ToTypeCheckingPatchOutputWithContext(context.Context) TypeCheckingPatchOutput
}

TypeCheckingPatchInput is an input type that accepts TypeCheckingPatchArgs and TypeCheckingPatchOutput values. You can construct a concrete instance of `TypeCheckingPatchInput` via:

TypeCheckingPatchArgs{...}

type TypeCheckingPatchOutput

type TypeCheckingPatchOutput struct{ *pulumi.OutputState }

TypeChecking contains results of type checking the expressions in the ValidatingAdmissionPolicy

func (TypeCheckingPatchOutput) ElementType

func (TypeCheckingPatchOutput) ElementType() reflect.Type

func (TypeCheckingPatchOutput) ExpressionWarnings

The type checking warnings for each expression.

func (TypeCheckingPatchOutput) ToOutput added in v4.2.0

func (TypeCheckingPatchOutput) ToTypeCheckingPatchOutput

func (o TypeCheckingPatchOutput) ToTypeCheckingPatchOutput() TypeCheckingPatchOutput

func (TypeCheckingPatchOutput) ToTypeCheckingPatchOutputWithContext

func (o TypeCheckingPatchOutput) ToTypeCheckingPatchOutputWithContext(ctx context.Context) TypeCheckingPatchOutput

func (TypeCheckingPatchOutput) ToTypeCheckingPatchPtrOutput

func (o TypeCheckingPatchOutput) ToTypeCheckingPatchPtrOutput() TypeCheckingPatchPtrOutput

func (TypeCheckingPatchOutput) ToTypeCheckingPatchPtrOutputWithContext

func (o TypeCheckingPatchOutput) ToTypeCheckingPatchPtrOutputWithContext(ctx context.Context) TypeCheckingPatchPtrOutput

type TypeCheckingPatchPtrInput

type TypeCheckingPatchPtrInput interface {
	pulumi.Input

	ToTypeCheckingPatchPtrOutput() TypeCheckingPatchPtrOutput
	ToTypeCheckingPatchPtrOutputWithContext(context.Context) TypeCheckingPatchPtrOutput
}

TypeCheckingPatchPtrInput is an input type that accepts TypeCheckingPatchArgs, TypeCheckingPatchPtr and TypeCheckingPatchPtrOutput values. You can construct a concrete instance of `TypeCheckingPatchPtrInput` via:

        TypeCheckingPatchArgs{...}

or:

        nil

type TypeCheckingPatchPtrOutput

type TypeCheckingPatchPtrOutput struct{ *pulumi.OutputState }

func (TypeCheckingPatchPtrOutput) Elem

func (TypeCheckingPatchPtrOutput) ElementType

func (TypeCheckingPatchPtrOutput) ElementType() reflect.Type

func (TypeCheckingPatchPtrOutput) ExpressionWarnings

The type checking warnings for each expression.

func (TypeCheckingPatchPtrOutput) ToOutput added in v4.2.0

func (TypeCheckingPatchPtrOutput) ToTypeCheckingPatchPtrOutput

func (o TypeCheckingPatchPtrOutput) ToTypeCheckingPatchPtrOutput() TypeCheckingPatchPtrOutput

func (TypeCheckingPatchPtrOutput) ToTypeCheckingPatchPtrOutputWithContext

func (o TypeCheckingPatchPtrOutput) ToTypeCheckingPatchPtrOutputWithContext(ctx context.Context) TypeCheckingPatchPtrOutput

type TypeCheckingPtrInput

type TypeCheckingPtrInput interface {
	pulumi.Input

	ToTypeCheckingPtrOutput() TypeCheckingPtrOutput
	ToTypeCheckingPtrOutputWithContext(context.Context) TypeCheckingPtrOutput
}

TypeCheckingPtrInput is an input type that accepts TypeCheckingArgs, TypeCheckingPtr and TypeCheckingPtrOutput values. You can construct a concrete instance of `TypeCheckingPtrInput` via:

        TypeCheckingArgs{...}

or:

        nil

type TypeCheckingPtrOutput

type TypeCheckingPtrOutput struct{ *pulumi.OutputState }

func (TypeCheckingPtrOutput) Elem

func (TypeCheckingPtrOutput) ElementType

func (TypeCheckingPtrOutput) ElementType() reflect.Type

func (TypeCheckingPtrOutput) ExpressionWarnings

func (o TypeCheckingPtrOutput) ExpressionWarnings() ExpressionWarningArrayOutput

The type checking warnings for each expression.

func (TypeCheckingPtrOutput) ToOutput added in v4.2.0

func (TypeCheckingPtrOutput) ToTypeCheckingPtrOutput

func (o TypeCheckingPtrOutput) ToTypeCheckingPtrOutput() TypeCheckingPtrOutput

func (TypeCheckingPtrOutput) ToTypeCheckingPtrOutputWithContext

func (o TypeCheckingPtrOutput) ToTypeCheckingPtrOutputWithContext(ctx context.Context) TypeCheckingPtrOutput

type ValidatingAdmissionPolicy

type ValidatingAdmissionPolicy struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringOutput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringOutput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaOutput `pulumi:"metadata"`
	// Specification of the desired behavior of the ValidatingAdmissionPolicy.
	Spec ValidatingAdmissionPolicySpecOutput `pulumi:"spec"`
	// The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.
	Status ValidatingAdmissionPolicyStatusPtrOutput `pulumi:"status"`
}

ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.

func GetValidatingAdmissionPolicy

func GetValidatingAdmissionPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ValidatingAdmissionPolicyState, opts ...pulumi.ResourceOption) (*ValidatingAdmissionPolicy, error)

GetValidatingAdmissionPolicy gets an existing ValidatingAdmissionPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewValidatingAdmissionPolicy

func NewValidatingAdmissionPolicy(ctx *pulumi.Context,
	name string, args *ValidatingAdmissionPolicyArgs, opts ...pulumi.ResourceOption) (*ValidatingAdmissionPolicy, error)

NewValidatingAdmissionPolicy registers a new resource with the given unique name, arguments, and options.

func (*ValidatingAdmissionPolicy) ElementType

func (*ValidatingAdmissionPolicy) ElementType() reflect.Type

func (*ValidatingAdmissionPolicy) ToOutput added in v4.2.0

func (*ValidatingAdmissionPolicy) ToValidatingAdmissionPolicyOutput

func (i *ValidatingAdmissionPolicy) ToValidatingAdmissionPolicyOutput() ValidatingAdmissionPolicyOutput

func (*ValidatingAdmissionPolicy) ToValidatingAdmissionPolicyOutputWithContext

func (i *ValidatingAdmissionPolicy) ToValidatingAdmissionPolicyOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyOutput

type ValidatingAdmissionPolicyArgs

type ValidatingAdmissionPolicyArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPtrInput
	// Specification of the desired behavior of the ValidatingAdmissionPolicy.
	Spec ValidatingAdmissionPolicySpecPtrInput
}

The set of arguments for constructing a ValidatingAdmissionPolicy resource.

func (ValidatingAdmissionPolicyArgs) ElementType

type ValidatingAdmissionPolicyArray

type ValidatingAdmissionPolicyArray []ValidatingAdmissionPolicyInput

func (ValidatingAdmissionPolicyArray) ElementType

func (ValidatingAdmissionPolicyArray) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyArray) ToValidatingAdmissionPolicyArrayOutput

func (i ValidatingAdmissionPolicyArray) ToValidatingAdmissionPolicyArrayOutput() ValidatingAdmissionPolicyArrayOutput

func (ValidatingAdmissionPolicyArray) ToValidatingAdmissionPolicyArrayOutputWithContext

func (i ValidatingAdmissionPolicyArray) ToValidatingAdmissionPolicyArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyArrayOutput

type ValidatingAdmissionPolicyArrayInput

type ValidatingAdmissionPolicyArrayInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyArrayOutput() ValidatingAdmissionPolicyArrayOutput
	ToValidatingAdmissionPolicyArrayOutputWithContext(context.Context) ValidatingAdmissionPolicyArrayOutput
}

ValidatingAdmissionPolicyArrayInput is an input type that accepts ValidatingAdmissionPolicyArray and ValidatingAdmissionPolicyArrayOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyArrayInput` via:

ValidatingAdmissionPolicyArray{ ValidatingAdmissionPolicyArgs{...} }

type ValidatingAdmissionPolicyArrayOutput

type ValidatingAdmissionPolicyArrayOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyArrayOutput) ElementType

func (ValidatingAdmissionPolicyArrayOutput) Index

func (ValidatingAdmissionPolicyArrayOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyArrayOutput) ToValidatingAdmissionPolicyArrayOutput

func (o ValidatingAdmissionPolicyArrayOutput) ToValidatingAdmissionPolicyArrayOutput() ValidatingAdmissionPolicyArrayOutput

func (ValidatingAdmissionPolicyArrayOutput) ToValidatingAdmissionPolicyArrayOutputWithContext

func (o ValidatingAdmissionPolicyArrayOutput) ToValidatingAdmissionPolicyArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyArrayOutput

type ValidatingAdmissionPolicyBinding

type ValidatingAdmissionPolicyBinding struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringOutput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringOutput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaOutput `pulumi:"metadata"`
	// Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.
	Spec ValidatingAdmissionPolicyBindingSpecOutput `pulumi:"spec"`
}

ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.

For a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.

The CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.

func GetValidatingAdmissionPolicyBinding

func GetValidatingAdmissionPolicyBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ValidatingAdmissionPolicyBindingState, opts ...pulumi.ResourceOption) (*ValidatingAdmissionPolicyBinding, error)

GetValidatingAdmissionPolicyBinding gets an existing ValidatingAdmissionPolicyBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewValidatingAdmissionPolicyBinding

func NewValidatingAdmissionPolicyBinding(ctx *pulumi.Context,
	name string, args *ValidatingAdmissionPolicyBindingArgs, opts ...pulumi.ResourceOption) (*ValidatingAdmissionPolicyBinding, error)

NewValidatingAdmissionPolicyBinding registers a new resource with the given unique name, arguments, and options.

func (*ValidatingAdmissionPolicyBinding) ElementType

func (*ValidatingAdmissionPolicyBinding) ToOutput added in v4.2.0

func (*ValidatingAdmissionPolicyBinding) ToValidatingAdmissionPolicyBindingOutput

func (i *ValidatingAdmissionPolicyBinding) ToValidatingAdmissionPolicyBindingOutput() ValidatingAdmissionPolicyBindingOutput

func (*ValidatingAdmissionPolicyBinding) ToValidatingAdmissionPolicyBindingOutputWithContext

func (i *ValidatingAdmissionPolicyBinding) ToValidatingAdmissionPolicyBindingOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingOutput

type ValidatingAdmissionPolicyBindingArgs

type ValidatingAdmissionPolicyBindingArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPtrInput
	// Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.
	Spec ValidatingAdmissionPolicyBindingSpecPtrInput
}

The set of arguments for constructing a ValidatingAdmissionPolicyBinding resource.

func (ValidatingAdmissionPolicyBindingArgs) ElementType

type ValidatingAdmissionPolicyBindingArray

type ValidatingAdmissionPolicyBindingArray []ValidatingAdmissionPolicyBindingInput

func (ValidatingAdmissionPolicyBindingArray) ElementType

func (ValidatingAdmissionPolicyBindingArray) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingArray) ToValidatingAdmissionPolicyBindingArrayOutput

func (i ValidatingAdmissionPolicyBindingArray) ToValidatingAdmissionPolicyBindingArrayOutput() ValidatingAdmissionPolicyBindingArrayOutput

func (ValidatingAdmissionPolicyBindingArray) ToValidatingAdmissionPolicyBindingArrayOutputWithContext

func (i ValidatingAdmissionPolicyBindingArray) ToValidatingAdmissionPolicyBindingArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingArrayOutput

type ValidatingAdmissionPolicyBindingArrayInput

type ValidatingAdmissionPolicyBindingArrayInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingArrayOutput() ValidatingAdmissionPolicyBindingArrayOutput
	ToValidatingAdmissionPolicyBindingArrayOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingArrayOutput
}

ValidatingAdmissionPolicyBindingArrayInput is an input type that accepts ValidatingAdmissionPolicyBindingArray and ValidatingAdmissionPolicyBindingArrayOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingArrayInput` via:

ValidatingAdmissionPolicyBindingArray{ ValidatingAdmissionPolicyBindingArgs{...} }

type ValidatingAdmissionPolicyBindingArrayOutput

type ValidatingAdmissionPolicyBindingArrayOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyBindingArrayOutput) ElementType

func (ValidatingAdmissionPolicyBindingArrayOutput) Index

func (ValidatingAdmissionPolicyBindingArrayOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingArrayOutput) ToValidatingAdmissionPolicyBindingArrayOutput

func (o ValidatingAdmissionPolicyBindingArrayOutput) ToValidatingAdmissionPolicyBindingArrayOutput() ValidatingAdmissionPolicyBindingArrayOutput

func (ValidatingAdmissionPolicyBindingArrayOutput) ToValidatingAdmissionPolicyBindingArrayOutputWithContext

func (o ValidatingAdmissionPolicyBindingArrayOutput) ToValidatingAdmissionPolicyBindingArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingArrayOutput

type ValidatingAdmissionPolicyBindingInput

type ValidatingAdmissionPolicyBindingInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingOutput() ValidatingAdmissionPolicyBindingOutput
	ToValidatingAdmissionPolicyBindingOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingOutput
}

type ValidatingAdmissionPolicyBindingList

type ValidatingAdmissionPolicyBindingList struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringOutput `pulumi:"apiVersion"`
	// List of PolicyBinding.
	Items ValidatingAdmissionPolicyBindingTypeArrayOutput `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringOutput `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaOutput `pulumi:"metadata"`
}

ValidatingAdmissionPolicyBindingList is a list of ValidatingAdmissionPolicyBinding.

func GetValidatingAdmissionPolicyBindingList

func GetValidatingAdmissionPolicyBindingList(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ValidatingAdmissionPolicyBindingListState, opts ...pulumi.ResourceOption) (*ValidatingAdmissionPolicyBindingList, error)

GetValidatingAdmissionPolicyBindingList gets an existing ValidatingAdmissionPolicyBindingList resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewValidatingAdmissionPolicyBindingList

func NewValidatingAdmissionPolicyBindingList(ctx *pulumi.Context,
	name string, args *ValidatingAdmissionPolicyBindingListArgs, opts ...pulumi.ResourceOption) (*ValidatingAdmissionPolicyBindingList, error)

NewValidatingAdmissionPolicyBindingList registers a new resource with the given unique name, arguments, and options.

func (*ValidatingAdmissionPolicyBindingList) ElementType

func (*ValidatingAdmissionPolicyBindingList) ToOutput added in v4.2.0

func (*ValidatingAdmissionPolicyBindingList) ToValidatingAdmissionPolicyBindingListOutput

func (i *ValidatingAdmissionPolicyBindingList) ToValidatingAdmissionPolicyBindingListOutput() ValidatingAdmissionPolicyBindingListOutput

func (*ValidatingAdmissionPolicyBindingList) ToValidatingAdmissionPolicyBindingListOutputWithContext

func (i *ValidatingAdmissionPolicyBindingList) ToValidatingAdmissionPolicyBindingListOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingListOutput

type ValidatingAdmissionPolicyBindingListArgs

type ValidatingAdmissionPolicyBindingListArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// List of PolicyBinding.
	Items ValidatingAdmissionPolicyBindingTypeArrayInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaPtrInput
}

The set of arguments for constructing a ValidatingAdmissionPolicyBindingList resource.

func (ValidatingAdmissionPolicyBindingListArgs) ElementType

type ValidatingAdmissionPolicyBindingListArray

type ValidatingAdmissionPolicyBindingListArray []ValidatingAdmissionPolicyBindingListInput

func (ValidatingAdmissionPolicyBindingListArray) ElementType

func (ValidatingAdmissionPolicyBindingListArray) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingListArray) ToValidatingAdmissionPolicyBindingListArrayOutput

func (i ValidatingAdmissionPolicyBindingListArray) ToValidatingAdmissionPolicyBindingListArrayOutput() ValidatingAdmissionPolicyBindingListArrayOutput

func (ValidatingAdmissionPolicyBindingListArray) ToValidatingAdmissionPolicyBindingListArrayOutputWithContext

func (i ValidatingAdmissionPolicyBindingListArray) ToValidatingAdmissionPolicyBindingListArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingListArrayOutput

type ValidatingAdmissionPolicyBindingListArrayInput

type ValidatingAdmissionPolicyBindingListArrayInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingListArrayOutput() ValidatingAdmissionPolicyBindingListArrayOutput
	ToValidatingAdmissionPolicyBindingListArrayOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingListArrayOutput
}

ValidatingAdmissionPolicyBindingListArrayInput is an input type that accepts ValidatingAdmissionPolicyBindingListArray and ValidatingAdmissionPolicyBindingListArrayOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingListArrayInput` via:

ValidatingAdmissionPolicyBindingListArray{ ValidatingAdmissionPolicyBindingListArgs{...} }

type ValidatingAdmissionPolicyBindingListArrayOutput

type ValidatingAdmissionPolicyBindingListArrayOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyBindingListArrayOutput) ElementType

func (ValidatingAdmissionPolicyBindingListArrayOutput) Index

func (ValidatingAdmissionPolicyBindingListArrayOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingListArrayOutput) ToValidatingAdmissionPolicyBindingListArrayOutput

func (o ValidatingAdmissionPolicyBindingListArrayOutput) ToValidatingAdmissionPolicyBindingListArrayOutput() ValidatingAdmissionPolicyBindingListArrayOutput

func (ValidatingAdmissionPolicyBindingListArrayOutput) ToValidatingAdmissionPolicyBindingListArrayOutputWithContext

func (o ValidatingAdmissionPolicyBindingListArrayOutput) ToValidatingAdmissionPolicyBindingListArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingListArrayOutput

type ValidatingAdmissionPolicyBindingListInput

type ValidatingAdmissionPolicyBindingListInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingListOutput() ValidatingAdmissionPolicyBindingListOutput
	ToValidatingAdmissionPolicyBindingListOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingListOutput
}

type ValidatingAdmissionPolicyBindingListMap

type ValidatingAdmissionPolicyBindingListMap map[string]ValidatingAdmissionPolicyBindingListInput

func (ValidatingAdmissionPolicyBindingListMap) ElementType

func (ValidatingAdmissionPolicyBindingListMap) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingListMap) ToValidatingAdmissionPolicyBindingListMapOutput

func (i ValidatingAdmissionPolicyBindingListMap) ToValidatingAdmissionPolicyBindingListMapOutput() ValidatingAdmissionPolicyBindingListMapOutput

func (ValidatingAdmissionPolicyBindingListMap) ToValidatingAdmissionPolicyBindingListMapOutputWithContext

func (i ValidatingAdmissionPolicyBindingListMap) ToValidatingAdmissionPolicyBindingListMapOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingListMapOutput

type ValidatingAdmissionPolicyBindingListMapInput

type ValidatingAdmissionPolicyBindingListMapInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingListMapOutput() ValidatingAdmissionPolicyBindingListMapOutput
	ToValidatingAdmissionPolicyBindingListMapOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingListMapOutput
}

ValidatingAdmissionPolicyBindingListMapInput is an input type that accepts ValidatingAdmissionPolicyBindingListMap and ValidatingAdmissionPolicyBindingListMapOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingListMapInput` via:

ValidatingAdmissionPolicyBindingListMap{ "key": ValidatingAdmissionPolicyBindingListArgs{...} }

type ValidatingAdmissionPolicyBindingListMapOutput

type ValidatingAdmissionPolicyBindingListMapOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyBindingListMapOutput) ElementType

func (ValidatingAdmissionPolicyBindingListMapOutput) MapIndex

func (ValidatingAdmissionPolicyBindingListMapOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingListMapOutput) ToValidatingAdmissionPolicyBindingListMapOutput

func (o ValidatingAdmissionPolicyBindingListMapOutput) ToValidatingAdmissionPolicyBindingListMapOutput() ValidatingAdmissionPolicyBindingListMapOutput

func (ValidatingAdmissionPolicyBindingListMapOutput) ToValidatingAdmissionPolicyBindingListMapOutputWithContext

func (o ValidatingAdmissionPolicyBindingListMapOutput) ToValidatingAdmissionPolicyBindingListMapOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingListMapOutput

type ValidatingAdmissionPolicyBindingListOutput

type ValidatingAdmissionPolicyBindingListOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyBindingListOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingAdmissionPolicyBindingListOutput) ElementType

func (ValidatingAdmissionPolicyBindingListOutput) Items

List of PolicyBinding.

func (ValidatingAdmissionPolicyBindingListOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyBindingListOutput) Metadata

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyBindingListOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingListOutput) ToValidatingAdmissionPolicyBindingListOutput

func (o ValidatingAdmissionPolicyBindingListOutput) ToValidatingAdmissionPolicyBindingListOutput() ValidatingAdmissionPolicyBindingListOutput

func (ValidatingAdmissionPolicyBindingListOutput) ToValidatingAdmissionPolicyBindingListOutputWithContext

func (o ValidatingAdmissionPolicyBindingListOutput) ToValidatingAdmissionPolicyBindingListOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingListOutput

type ValidatingAdmissionPolicyBindingListState

type ValidatingAdmissionPolicyBindingListState struct {
}

func (ValidatingAdmissionPolicyBindingListState) ElementType

type ValidatingAdmissionPolicyBindingListType

type ValidatingAdmissionPolicyBindingListType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// List of PolicyBinding.
	Items []ValidatingAdmissionPolicyBindingType `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata *metav1.ListMeta `pulumi:"metadata"`
}

ValidatingAdmissionPolicyBindingList is a list of ValidatingAdmissionPolicyBinding.

type ValidatingAdmissionPolicyBindingListTypeArgs

type ValidatingAdmissionPolicyBindingListTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// List of PolicyBinding.
	Items ValidatingAdmissionPolicyBindingTypeArrayInput `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaPtrInput `pulumi:"metadata"`
}

ValidatingAdmissionPolicyBindingList is a list of ValidatingAdmissionPolicyBinding.

func (ValidatingAdmissionPolicyBindingListTypeArgs) ElementType

func (ValidatingAdmissionPolicyBindingListTypeArgs) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingListTypeArgs) ToValidatingAdmissionPolicyBindingListTypeOutput

func (i ValidatingAdmissionPolicyBindingListTypeArgs) ToValidatingAdmissionPolicyBindingListTypeOutput() ValidatingAdmissionPolicyBindingListTypeOutput

func (ValidatingAdmissionPolicyBindingListTypeArgs) ToValidatingAdmissionPolicyBindingListTypeOutputWithContext

func (i ValidatingAdmissionPolicyBindingListTypeArgs) ToValidatingAdmissionPolicyBindingListTypeOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingListTypeOutput

type ValidatingAdmissionPolicyBindingListTypeInput

type ValidatingAdmissionPolicyBindingListTypeInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingListTypeOutput() ValidatingAdmissionPolicyBindingListTypeOutput
	ToValidatingAdmissionPolicyBindingListTypeOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingListTypeOutput
}

ValidatingAdmissionPolicyBindingListTypeInput is an input type that accepts ValidatingAdmissionPolicyBindingListTypeArgs and ValidatingAdmissionPolicyBindingListTypeOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingListTypeInput` via:

ValidatingAdmissionPolicyBindingListTypeArgs{...}

type ValidatingAdmissionPolicyBindingListTypeOutput

type ValidatingAdmissionPolicyBindingListTypeOutput struct{ *pulumi.OutputState }

ValidatingAdmissionPolicyBindingList is a list of ValidatingAdmissionPolicyBinding.

func (ValidatingAdmissionPolicyBindingListTypeOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingAdmissionPolicyBindingListTypeOutput) ElementType

func (ValidatingAdmissionPolicyBindingListTypeOutput) Items

List of PolicyBinding.

func (ValidatingAdmissionPolicyBindingListTypeOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyBindingListTypeOutput) Metadata

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyBindingListTypeOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingListTypeOutput) ToValidatingAdmissionPolicyBindingListTypeOutput

func (o ValidatingAdmissionPolicyBindingListTypeOutput) ToValidatingAdmissionPolicyBindingListTypeOutput() ValidatingAdmissionPolicyBindingListTypeOutput

func (ValidatingAdmissionPolicyBindingListTypeOutput) ToValidatingAdmissionPolicyBindingListTypeOutputWithContext

func (o ValidatingAdmissionPolicyBindingListTypeOutput) ToValidatingAdmissionPolicyBindingListTypeOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingListTypeOutput

type ValidatingAdmissionPolicyBindingMap

type ValidatingAdmissionPolicyBindingMap map[string]ValidatingAdmissionPolicyBindingInput

func (ValidatingAdmissionPolicyBindingMap) ElementType

func (ValidatingAdmissionPolicyBindingMap) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingMap) ToValidatingAdmissionPolicyBindingMapOutput

func (i ValidatingAdmissionPolicyBindingMap) ToValidatingAdmissionPolicyBindingMapOutput() ValidatingAdmissionPolicyBindingMapOutput

func (ValidatingAdmissionPolicyBindingMap) ToValidatingAdmissionPolicyBindingMapOutputWithContext

func (i ValidatingAdmissionPolicyBindingMap) ToValidatingAdmissionPolicyBindingMapOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingMapOutput

type ValidatingAdmissionPolicyBindingMapInput

type ValidatingAdmissionPolicyBindingMapInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingMapOutput() ValidatingAdmissionPolicyBindingMapOutput
	ToValidatingAdmissionPolicyBindingMapOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingMapOutput
}

ValidatingAdmissionPolicyBindingMapInput is an input type that accepts ValidatingAdmissionPolicyBindingMap and ValidatingAdmissionPolicyBindingMapOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingMapInput` via:

ValidatingAdmissionPolicyBindingMap{ "key": ValidatingAdmissionPolicyBindingArgs{...} }

type ValidatingAdmissionPolicyBindingMapOutput

type ValidatingAdmissionPolicyBindingMapOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyBindingMapOutput) ElementType

func (ValidatingAdmissionPolicyBindingMapOutput) MapIndex

func (ValidatingAdmissionPolicyBindingMapOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingMapOutput) ToValidatingAdmissionPolicyBindingMapOutput

func (o ValidatingAdmissionPolicyBindingMapOutput) ToValidatingAdmissionPolicyBindingMapOutput() ValidatingAdmissionPolicyBindingMapOutput

func (ValidatingAdmissionPolicyBindingMapOutput) ToValidatingAdmissionPolicyBindingMapOutputWithContext

func (o ValidatingAdmissionPolicyBindingMapOutput) ToValidatingAdmissionPolicyBindingMapOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingMapOutput

type ValidatingAdmissionPolicyBindingOutput

type ValidatingAdmissionPolicyBindingOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyBindingOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingAdmissionPolicyBindingOutput) ElementType

func (ValidatingAdmissionPolicyBindingOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyBindingOutput) Metadata

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (ValidatingAdmissionPolicyBindingOutput) Spec

Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.

func (ValidatingAdmissionPolicyBindingOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingOutput) ToValidatingAdmissionPolicyBindingOutput

func (o ValidatingAdmissionPolicyBindingOutput) ToValidatingAdmissionPolicyBindingOutput() ValidatingAdmissionPolicyBindingOutput

func (ValidatingAdmissionPolicyBindingOutput) ToValidatingAdmissionPolicyBindingOutputWithContext

func (o ValidatingAdmissionPolicyBindingOutput) ToValidatingAdmissionPolicyBindingOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingOutput

type ValidatingAdmissionPolicyBindingPatch

type ValidatingAdmissionPolicyBindingPatch struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrOutput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrOutput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrOutput `pulumi:"metadata"`
	// Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.
	Spec ValidatingAdmissionPolicyBindingSpecPatchPtrOutput `pulumi:"spec"`
}

Patch resources are used to modify existing Kubernetes resources by using Server-Side Apply updates. The name of the resource must be specified, but all other properties are optional. More than one patch may be applied to the same resource, and a random FieldManager name will be used for each Patch resource. Conflicts will result in an error by default, but can be forced using the "pulumi.com/patchForce" annotation. See the [Server-Side Apply Docs](https://www.pulumi.com/registry/packages/kubernetes/how-to-guides/managing-resources-with-server-side-apply/) for additional information about using Server-Side Apply to manage Kubernetes resources with Pulumi. ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.

For a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.

The CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.

func GetValidatingAdmissionPolicyBindingPatch

func GetValidatingAdmissionPolicyBindingPatch(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ValidatingAdmissionPolicyBindingPatchState, opts ...pulumi.ResourceOption) (*ValidatingAdmissionPolicyBindingPatch, error)

GetValidatingAdmissionPolicyBindingPatch gets an existing ValidatingAdmissionPolicyBindingPatch resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewValidatingAdmissionPolicyBindingPatch

func NewValidatingAdmissionPolicyBindingPatch(ctx *pulumi.Context,
	name string, args *ValidatingAdmissionPolicyBindingPatchArgs, opts ...pulumi.ResourceOption) (*ValidatingAdmissionPolicyBindingPatch, error)

NewValidatingAdmissionPolicyBindingPatch registers a new resource with the given unique name, arguments, and options.

func (*ValidatingAdmissionPolicyBindingPatch) ElementType

func (*ValidatingAdmissionPolicyBindingPatch) ToOutput added in v4.2.0

func (*ValidatingAdmissionPolicyBindingPatch) ToValidatingAdmissionPolicyBindingPatchOutput

func (i *ValidatingAdmissionPolicyBindingPatch) ToValidatingAdmissionPolicyBindingPatchOutput() ValidatingAdmissionPolicyBindingPatchOutput

func (*ValidatingAdmissionPolicyBindingPatch) ToValidatingAdmissionPolicyBindingPatchOutputWithContext

func (i *ValidatingAdmissionPolicyBindingPatch) ToValidatingAdmissionPolicyBindingPatchOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingPatchOutput

type ValidatingAdmissionPolicyBindingPatchArgs

type ValidatingAdmissionPolicyBindingPatchArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrInput
	// Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.
	Spec ValidatingAdmissionPolicyBindingSpecPatchPtrInput
}

The set of arguments for constructing a ValidatingAdmissionPolicyBindingPatch resource.

func (ValidatingAdmissionPolicyBindingPatchArgs) ElementType

type ValidatingAdmissionPolicyBindingPatchArray

type ValidatingAdmissionPolicyBindingPatchArray []ValidatingAdmissionPolicyBindingPatchInput

func (ValidatingAdmissionPolicyBindingPatchArray) ElementType

func (ValidatingAdmissionPolicyBindingPatchArray) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingPatchArray) ToValidatingAdmissionPolicyBindingPatchArrayOutput

func (i ValidatingAdmissionPolicyBindingPatchArray) ToValidatingAdmissionPolicyBindingPatchArrayOutput() ValidatingAdmissionPolicyBindingPatchArrayOutput

func (ValidatingAdmissionPolicyBindingPatchArray) ToValidatingAdmissionPolicyBindingPatchArrayOutputWithContext

func (i ValidatingAdmissionPolicyBindingPatchArray) ToValidatingAdmissionPolicyBindingPatchArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingPatchArrayOutput

type ValidatingAdmissionPolicyBindingPatchArrayInput

type ValidatingAdmissionPolicyBindingPatchArrayInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingPatchArrayOutput() ValidatingAdmissionPolicyBindingPatchArrayOutput
	ToValidatingAdmissionPolicyBindingPatchArrayOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingPatchArrayOutput
}

ValidatingAdmissionPolicyBindingPatchArrayInput is an input type that accepts ValidatingAdmissionPolicyBindingPatchArray and ValidatingAdmissionPolicyBindingPatchArrayOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingPatchArrayInput` via:

ValidatingAdmissionPolicyBindingPatchArray{ ValidatingAdmissionPolicyBindingPatchArgs{...} }

type ValidatingAdmissionPolicyBindingPatchArrayOutput

type ValidatingAdmissionPolicyBindingPatchArrayOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyBindingPatchArrayOutput) ElementType

func (ValidatingAdmissionPolicyBindingPatchArrayOutput) Index

func (ValidatingAdmissionPolicyBindingPatchArrayOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingPatchArrayOutput) ToValidatingAdmissionPolicyBindingPatchArrayOutput

func (o ValidatingAdmissionPolicyBindingPatchArrayOutput) ToValidatingAdmissionPolicyBindingPatchArrayOutput() ValidatingAdmissionPolicyBindingPatchArrayOutput

func (ValidatingAdmissionPolicyBindingPatchArrayOutput) ToValidatingAdmissionPolicyBindingPatchArrayOutputWithContext

func (o ValidatingAdmissionPolicyBindingPatchArrayOutput) ToValidatingAdmissionPolicyBindingPatchArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingPatchArrayOutput

type ValidatingAdmissionPolicyBindingPatchInput

type ValidatingAdmissionPolicyBindingPatchInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingPatchOutput() ValidatingAdmissionPolicyBindingPatchOutput
	ToValidatingAdmissionPolicyBindingPatchOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingPatchOutput
}

type ValidatingAdmissionPolicyBindingPatchMap

type ValidatingAdmissionPolicyBindingPatchMap map[string]ValidatingAdmissionPolicyBindingPatchInput

func (ValidatingAdmissionPolicyBindingPatchMap) ElementType

func (ValidatingAdmissionPolicyBindingPatchMap) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingPatchMap) ToValidatingAdmissionPolicyBindingPatchMapOutput

func (i ValidatingAdmissionPolicyBindingPatchMap) ToValidatingAdmissionPolicyBindingPatchMapOutput() ValidatingAdmissionPolicyBindingPatchMapOutput

func (ValidatingAdmissionPolicyBindingPatchMap) ToValidatingAdmissionPolicyBindingPatchMapOutputWithContext

func (i ValidatingAdmissionPolicyBindingPatchMap) ToValidatingAdmissionPolicyBindingPatchMapOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingPatchMapOutput

type ValidatingAdmissionPolicyBindingPatchMapInput

type ValidatingAdmissionPolicyBindingPatchMapInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingPatchMapOutput() ValidatingAdmissionPolicyBindingPatchMapOutput
	ToValidatingAdmissionPolicyBindingPatchMapOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingPatchMapOutput
}

ValidatingAdmissionPolicyBindingPatchMapInput is an input type that accepts ValidatingAdmissionPolicyBindingPatchMap and ValidatingAdmissionPolicyBindingPatchMapOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingPatchMapInput` via:

ValidatingAdmissionPolicyBindingPatchMap{ "key": ValidatingAdmissionPolicyBindingPatchArgs{...} }

type ValidatingAdmissionPolicyBindingPatchMapOutput

type ValidatingAdmissionPolicyBindingPatchMapOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyBindingPatchMapOutput) ElementType

func (ValidatingAdmissionPolicyBindingPatchMapOutput) MapIndex

func (ValidatingAdmissionPolicyBindingPatchMapOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingPatchMapOutput) ToValidatingAdmissionPolicyBindingPatchMapOutput

func (o ValidatingAdmissionPolicyBindingPatchMapOutput) ToValidatingAdmissionPolicyBindingPatchMapOutput() ValidatingAdmissionPolicyBindingPatchMapOutput

func (ValidatingAdmissionPolicyBindingPatchMapOutput) ToValidatingAdmissionPolicyBindingPatchMapOutputWithContext

func (o ValidatingAdmissionPolicyBindingPatchMapOutput) ToValidatingAdmissionPolicyBindingPatchMapOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingPatchMapOutput

type ValidatingAdmissionPolicyBindingPatchOutput

type ValidatingAdmissionPolicyBindingPatchOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyBindingPatchOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingAdmissionPolicyBindingPatchOutput) ElementType

func (ValidatingAdmissionPolicyBindingPatchOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyBindingPatchOutput) Spec

Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.

func (ValidatingAdmissionPolicyBindingPatchOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingPatchOutput) ToValidatingAdmissionPolicyBindingPatchOutput

func (o ValidatingAdmissionPolicyBindingPatchOutput) ToValidatingAdmissionPolicyBindingPatchOutput() ValidatingAdmissionPolicyBindingPatchOutput

func (ValidatingAdmissionPolicyBindingPatchOutput) ToValidatingAdmissionPolicyBindingPatchOutputWithContext

func (o ValidatingAdmissionPolicyBindingPatchOutput) ToValidatingAdmissionPolicyBindingPatchOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingPatchOutput

type ValidatingAdmissionPolicyBindingPatchState

type ValidatingAdmissionPolicyBindingPatchState struct {
}

func (ValidatingAdmissionPolicyBindingPatchState) ElementType

type ValidatingAdmissionPolicyBindingPatchType

type ValidatingAdmissionPolicyBindingPatchType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata *metav1.ObjectMetaPatch `pulumi:"metadata"`
	// Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.
	Spec *ValidatingAdmissionPolicyBindingSpecPatch `pulumi:"spec"`
}

ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.

For a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.

The CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.

type ValidatingAdmissionPolicyBindingPatchTypeArgs

type ValidatingAdmissionPolicyBindingPatchTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrInput `pulumi:"metadata"`
	// Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.
	Spec ValidatingAdmissionPolicyBindingSpecPatchPtrInput `pulumi:"spec"`
}

ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.

For a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.

The CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.

func (ValidatingAdmissionPolicyBindingPatchTypeArgs) ElementType

func (ValidatingAdmissionPolicyBindingPatchTypeArgs) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingPatchTypeArgs) ToValidatingAdmissionPolicyBindingPatchTypeOutput

func (i ValidatingAdmissionPolicyBindingPatchTypeArgs) ToValidatingAdmissionPolicyBindingPatchTypeOutput() ValidatingAdmissionPolicyBindingPatchTypeOutput

func (ValidatingAdmissionPolicyBindingPatchTypeArgs) ToValidatingAdmissionPolicyBindingPatchTypeOutputWithContext

func (i ValidatingAdmissionPolicyBindingPatchTypeArgs) ToValidatingAdmissionPolicyBindingPatchTypeOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingPatchTypeOutput

type ValidatingAdmissionPolicyBindingPatchTypeInput

type ValidatingAdmissionPolicyBindingPatchTypeInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingPatchTypeOutput() ValidatingAdmissionPolicyBindingPatchTypeOutput
	ToValidatingAdmissionPolicyBindingPatchTypeOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingPatchTypeOutput
}

ValidatingAdmissionPolicyBindingPatchTypeInput is an input type that accepts ValidatingAdmissionPolicyBindingPatchTypeArgs and ValidatingAdmissionPolicyBindingPatchTypeOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingPatchTypeInput` via:

ValidatingAdmissionPolicyBindingPatchTypeArgs{...}

type ValidatingAdmissionPolicyBindingPatchTypeOutput

type ValidatingAdmissionPolicyBindingPatchTypeOutput struct{ *pulumi.OutputState }

ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.

For a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.

The CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.

func (ValidatingAdmissionPolicyBindingPatchTypeOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingAdmissionPolicyBindingPatchTypeOutput) ElementType

func (ValidatingAdmissionPolicyBindingPatchTypeOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyBindingPatchTypeOutput) Metadata

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (ValidatingAdmissionPolicyBindingPatchTypeOutput) Spec

Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.

func (ValidatingAdmissionPolicyBindingPatchTypeOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingPatchTypeOutput) ToValidatingAdmissionPolicyBindingPatchTypeOutput

func (o ValidatingAdmissionPolicyBindingPatchTypeOutput) ToValidatingAdmissionPolicyBindingPatchTypeOutput() ValidatingAdmissionPolicyBindingPatchTypeOutput

func (ValidatingAdmissionPolicyBindingPatchTypeOutput) ToValidatingAdmissionPolicyBindingPatchTypeOutputWithContext

func (o ValidatingAdmissionPolicyBindingPatchTypeOutput) ToValidatingAdmissionPolicyBindingPatchTypeOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingPatchTypeOutput

type ValidatingAdmissionPolicyBindingSpec

type ValidatingAdmissionPolicyBindingSpec struct {
	// MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.
	MatchResources *MatchResources `pulumi:"matchResources"`
	// paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.
	ParamRef *ParamRef `pulumi:"paramRef"`
	// PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.
	PolicyName *string `pulumi:"policyName"`
	// validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.
	//
	// Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.
	//
	// validationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.
	//
	// The supported actions values are:
	//
	// "Deny" specifies that a validation failure results in a denied request.
	//
	// "Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.
	//
	// "Audit" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{"message": "Invalid value", {"policy": "policy.example.com", {"binding": "policybinding.example.com", {"expressionIndex": "1", {"validationActions": ["Audit"]}]"`
	//
	// Clients should expect to handle additional values by ignoring any values not recognized.
	//
	// "Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.
	//
	// Required.
	ValidationActions []string `pulumi:"validationActions"`
}

ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.

type ValidatingAdmissionPolicyBindingSpecArgs

type ValidatingAdmissionPolicyBindingSpecArgs struct {
	// MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.
	MatchResources MatchResourcesPtrInput `pulumi:"matchResources"`
	// paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.
	ParamRef ParamRefPtrInput `pulumi:"paramRef"`
	// PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.
	PolicyName pulumi.StringPtrInput `pulumi:"policyName"`
	// validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.
	//
	// Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.
	//
	// validationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.
	//
	// The supported actions values are:
	//
	// "Deny" specifies that a validation failure results in a denied request.
	//
	// "Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.
	//
	// "Audit" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{"message": "Invalid value", {"policy": "policy.example.com", {"binding": "policybinding.example.com", {"expressionIndex": "1", {"validationActions": ["Audit"]}]"`
	//
	// Clients should expect to handle additional values by ignoring any values not recognized.
	//
	// "Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.
	//
	// Required.
	ValidationActions pulumi.StringArrayInput `pulumi:"validationActions"`
}

ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.

func (ValidatingAdmissionPolicyBindingSpecArgs) ElementType

func (ValidatingAdmissionPolicyBindingSpecArgs) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingSpecArgs) ToValidatingAdmissionPolicyBindingSpecOutput

func (i ValidatingAdmissionPolicyBindingSpecArgs) ToValidatingAdmissionPolicyBindingSpecOutput() ValidatingAdmissionPolicyBindingSpecOutput

func (ValidatingAdmissionPolicyBindingSpecArgs) ToValidatingAdmissionPolicyBindingSpecOutputWithContext

func (i ValidatingAdmissionPolicyBindingSpecArgs) ToValidatingAdmissionPolicyBindingSpecOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingSpecOutput

func (ValidatingAdmissionPolicyBindingSpecArgs) ToValidatingAdmissionPolicyBindingSpecPtrOutput

func (i ValidatingAdmissionPolicyBindingSpecArgs) ToValidatingAdmissionPolicyBindingSpecPtrOutput() ValidatingAdmissionPolicyBindingSpecPtrOutput

func (ValidatingAdmissionPolicyBindingSpecArgs) ToValidatingAdmissionPolicyBindingSpecPtrOutputWithContext

func (i ValidatingAdmissionPolicyBindingSpecArgs) ToValidatingAdmissionPolicyBindingSpecPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingSpecPtrOutput

type ValidatingAdmissionPolicyBindingSpecInput

type ValidatingAdmissionPolicyBindingSpecInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingSpecOutput() ValidatingAdmissionPolicyBindingSpecOutput
	ToValidatingAdmissionPolicyBindingSpecOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingSpecOutput
}

ValidatingAdmissionPolicyBindingSpecInput is an input type that accepts ValidatingAdmissionPolicyBindingSpecArgs and ValidatingAdmissionPolicyBindingSpecOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingSpecInput` via:

ValidatingAdmissionPolicyBindingSpecArgs{...}

type ValidatingAdmissionPolicyBindingSpecOutput

type ValidatingAdmissionPolicyBindingSpecOutput struct{ *pulumi.OutputState }

ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.

func (ValidatingAdmissionPolicyBindingSpecOutput) ElementType

func (ValidatingAdmissionPolicyBindingSpecOutput) MatchResources

MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.

func (ValidatingAdmissionPolicyBindingSpecOutput) ParamRef

paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.

func (ValidatingAdmissionPolicyBindingSpecOutput) PolicyName

PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.

func (ValidatingAdmissionPolicyBindingSpecOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingSpecOutput) ToValidatingAdmissionPolicyBindingSpecOutput

func (o ValidatingAdmissionPolicyBindingSpecOutput) ToValidatingAdmissionPolicyBindingSpecOutput() ValidatingAdmissionPolicyBindingSpecOutput

func (ValidatingAdmissionPolicyBindingSpecOutput) ToValidatingAdmissionPolicyBindingSpecOutputWithContext

func (o ValidatingAdmissionPolicyBindingSpecOutput) ToValidatingAdmissionPolicyBindingSpecOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingSpecOutput

func (ValidatingAdmissionPolicyBindingSpecOutput) ToValidatingAdmissionPolicyBindingSpecPtrOutput

func (o ValidatingAdmissionPolicyBindingSpecOutput) ToValidatingAdmissionPolicyBindingSpecPtrOutput() ValidatingAdmissionPolicyBindingSpecPtrOutput

func (ValidatingAdmissionPolicyBindingSpecOutput) ToValidatingAdmissionPolicyBindingSpecPtrOutputWithContext

func (o ValidatingAdmissionPolicyBindingSpecOutput) ToValidatingAdmissionPolicyBindingSpecPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingSpecPtrOutput

func (ValidatingAdmissionPolicyBindingSpecOutput) ValidationActions

validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.

Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.

validationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.

The supported actions values are:

"Deny" specifies that a validation failure results in a denied request.

"Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.

"Audit" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{"message": "Invalid value", {"policy": "policy.example.com", {"binding": "policybinding.example.com", {"expressionIndex": "1", {"validationActions": ["Audit"]}]"`

Clients should expect to handle additional values by ignoring any values not recognized.

"Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.

Required.

type ValidatingAdmissionPolicyBindingSpecPatch

type ValidatingAdmissionPolicyBindingSpecPatch struct {
	// MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.
	MatchResources *MatchResourcesPatch `pulumi:"matchResources"`
	// paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.
	ParamRef *ParamRefPatch `pulumi:"paramRef"`
	// PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.
	PolicyName *string `pulumi:"policyName"`
	// validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.
	//
	// Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.
	//
	// validationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.
	//
	// The supported actions values are:
	//
	// "Deny" specifies that a validation failure results in a denied request.
	//
	// "Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.
	//
	// "Audit" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{"message": "Invalid value", {"policy": "policy.example.com", {"binding": "policybinding.example.com", {"expressionIndex": "1", {"validationActions": ["Audit"]}]"`
	//
	// Clients should expect to handle additional values by ignoring any values not recognized.
	//
	// "Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.
	//
	// Required.
	ValidationActions []string `pulumi:"validationActions"`
}

ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.

type ValidatingAdmissionPolicyBindingSpecPatchArgs

type ValidatingAdmissionPolicyBindingSpecPatchArgs struct {
	// MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.
	MatchResources MatchResourcesPatchPtrInput `pulumi:"matchResources"`
	// paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.
	ParamRef ParamRefPatchPtrInput `pulumi:"paramRef"`
	// PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.
	PolicyName pulumi.StringPtrInput `pulumi:"policyName"`
	// validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.
	//
	// Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.
	//
	// validationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.
	//
	// The supported actions values are:
	//
	// "Deny" specifies that a validation failure results in a denied request.
	//
	// "Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.
	//
	// "Audit" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{"message": "Invalid value", {"policy": "policy.example.com", {"binding": "policybinding.example.com", {"expressionIndex": "1", {"validationActions": ["Audit"]}]"`
	//
	// Clients should expect to handle additional values by ignoring any values not recognized.
	//
	// "Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.
	//
	// Required.
	ValidationActions pulumi.StringArrayInput `pulumi:"validationActions"`
}

ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.

func (ValidatingAdmissionPolicyBindingSpecPatchArgs) ElementType

func (ValidatingAdmissionPolicyBindingSpecPatchArgs) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingSpecPatchArgs) ToValidatingAdmissionPolicyBindingSpecPatchOutput

func (i ValidatingAdmissionPolicyBindingSpecPatchArgs) ToValidatingAdmissionPolicyBindingSpecPatchOutput() ValidatingAdmissionPolicyBindingSpecPatchOutput

func (ValidatingAdmissionPolicyBindingSpecPatchArgs) ToValidatingAdmissionPolicyBindingSpecPatchOutputWithContext

func (i ValidatingAdmissionPolicyBindingSpecPatchArgs) ToValidatingAdmissionPolicyBindingSpecPatchOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingSpecPatchOutput

func (ValidatingAdmissionPolicyBindingSpecPatchArgs) ToValidatingAdmissionPolicyBindingSpecPatchPtrOutput

func (i ValidatingAdmissionPolicyBindingSpecPatchArgs) ToValidatingAdmissionPolicyBindingSpecPatchPtrOutput() ValidatingAdmissionPolicyBindingSpecPatchPtrOutput

func (ValidatingAdmissionPolicyBindingSpecPatchArgs) ToValidatingAdmissionPolicyBindingSpecPatchPtrOutputWithContext

func (i ValidatingAdmissionPolicyBindingSpecPatchArgs) ToValidatingAdmissionPolicyBindingSpecPatchPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingSpecPatchPtrOutput

type ValidatingAdmissionPolicyBindingSpecPatchInput

type ValidatingAdmissionPolicyBindingSpecPatchInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingSpecPatchOutput() ValidatingAdmissionPolicyBindingSpecPatchOutput
	ToValidatingAdmissionPolicyBindingSpecPatchOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingSpecPatchOutput
}

ValidatingAdmissionPolicyBindingSpecPatchInput is an input type that accepts ValidatingAdmissionPolicyBindingSpecPatchArgs and ValidatingAdmissionPolicyBindingSpecPatchOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingSpecPatchInput` via:

ValidatingAdmissionPolicyBindingSpecPatchArgs{...}

type ValidatingAdmissionPolicyBindingSpecPatchOutput

type ValidatingAdmissionPolicyBindingSpecPatchOutput struct{ *pulumi.OutputState }

ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.

func (ValidatingAdmissionPolicyBindingSpecPatchOutput) ElementType

func (ValidatingAdmissionPolicyBindingSpecPatchOutput) MatchResources

MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.

func (ValidatingAdmissionPolicyBindingSpecPatchOutput) ParamRef

paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.

func (ValidatingAdmissionPolicyBindingSpecPatchOutput) PolicyName

PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.

func (ValidatingAdmissionPolicyBindingSpecPatchOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingSpecPatchOutput) ToValidatingAdmissionPolicyBindingSpecPatchOutput

func (o ValidatingAdmissionPolicyBindingSpecPatchOutput) ToValidatingAdmissionPolicyBindingSpecPatchOutput() ValidatingAdmissionPolicyBindingSpecPatchOutput

func (ValidatingAdmissionPolicyBindingSpecPatchOutput) ToValidatingAdmissionPolicyBindingSpecPatchOutputWithContext

func (o ValidatingAdmissionPolicyBindingSpecPatchOutput) ToValidatingAdmissionPolicyBindingSpecPatchOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingSpecPatchOutput

func (ValidatingAdmissionPolicyBindingSpecPatchOutput) ToValidatingAdmissionPolicyBindingSpecPatchPtrOutput

func (o ValidatingAdmissionPolicyBindingSpecPatchOutput) ToValidatingAdmissionPolicyBindingSpecPatchPtrOutput() ValidatingAdmissionPolicyBindingSpecPatchPtrOutput

func (ValidatingAdmissionPolicyBindingSpecPatchOutput) ToValidatingAdmissionPolicyBindingSpecPatchPtrOutputWithContext

func (o ValidatingAdmissionPolicyBindingSpecPatchOutput) ToValidatingAdmissionPolicyBindingSpecPatchPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingSpecPatchPtrOutput

func (ValidatingAdmissionPolicyBindingSpecPatchOutput) ValidationActions

validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.

Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.

validationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.

The supported actions values are:

"Deny" specifies that a validation failure results in a denied request.

"Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.

"Audit" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{"message": "Invalid value", {"policy": "policy.example.com", {"binding": "policybinding.example.com", {"expressionIndex": "1", {"validationActions": ["Audit"]}]"`

Clients should expect to handle additional values by ignoring any values not recognized.

"Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.

Required.

type ValidatingAdmissionPolicyBindingSpecPatchPtrInput

type ValidatingAdmissionPolicyBindingSpecPatchPtrInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingSpecPatchPtrOutput() ValidatingAdmissionPolicyBindingSpecPatchPtrOutput
	ToValidatingAdmissionPolicyBindingSpecPatchPtrOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingSpecPatchPtrOutput
}

ValidatingAdmissionPolicyBindingSpecPatchPtrInput is an input type that accepts ValidatingAdmissionPolicyBindingSpecPatchArgs, ValidatingAdmissionPolicyBindingSpecPatchPtr and ValidatingAdmissionPolicyBindingSpecPatchPtrOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingSpecPatchPtrInput` via:

        ValidatingAdmissionPolicyBindingSpecPatchArgs{...}

or:

        nil

type ValidatingAdmissionPolicyBindingSpecPatchPtrOutput

type ValidatingAdmissionPolicyBindingSpecPatchPtrOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) Elem

func (ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) ElementType

func (ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) MatchResources

MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.

func (ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) ParamRef

paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.

func (ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) PolicyName

PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.

func (ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) ToValidatingAdmissionPolicyBindingSpecPatchPtrOutput

func (o ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) ToValidatingAdmissionPolicyBindingSpecPatchPtrOutput() ValidatingAdmissionPolicyBindingSpecPatchPtrOutput

func (ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) ToValidatingAdmissionPolicyBindingSpecPatchPtrOutputWithContext

func (o ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) ToValidatingAdmissionPolicyBindingSpecPatchPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingSpecPatchPtrOutput

func (ValidatingAdmissionPolicyBindingSpecPatchPtrOutput) ValidationActions

validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.

Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.

validationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.

The supported actions values are:

"Deny" specifies that a validation failure results in a denied request.

"Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.

"Audit" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{"message": "Invalid value", {"policy": "policy.example.com", {"binding": "policybinding.example.com", {"expressionIndex": "1", {"validationActions": ["Audit"]}]"`

Clients should expect to handle additional values by ignoring any values not recognized.

"Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.

Required.

type ValidatingAdmissionPolicyBindingSpecPtrInput

type ValidatingAdmissionPolicyBindingSpecPtrInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingSpecPtrOutput() ValidatingAdmissionPolicyBindingSpecPtrOutput
	ToValidatingAdmissionPolicyBindingSpecPtrOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingSpecPtrOutput
}

ValidatingAdmissionPolicyBindingSpecPtrInput is an input type that accepts ValidatingAdmissionPolicyBindingSpecArgs, ValidatingAdmissionPolicyBindingSpecPtr and ValidatingAdmissionPolicyBindingSpecPtrOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingSpecPtrInput` via:

        ValidatingAdmissionPolicyBindingSpecArgs{...}

or:

        nil

type ValidatingAdmissionPolicyBindingSpecPtrOutput

type ValidatingAdmissionPolicyBindingSpecPtrOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyBindingSpecPtrOutput) Elem

func (ValidatingAdmissionPolicyBindingSpecPtrOutput) ElementType

func (ValidatingAdmissionPolicyBindingSpecPtrOutput) MatchResources

MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.

func (ValidatingAdmissionPolicyBindingSpecPtrOutput) ParamRef

paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.

func (ValidatingAdmissionPolicyBindingSpecPtrOutput) PolicyName

PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.

func (ValidatingAdmissionPolicyBindingSpecPtrOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingSpecPtrOutput) ToValidatingAdmissionPolicyBindingSpecPtrOutput

func (o ValidatingAdmissionPolicyBindingSpecPtrOutput) ToValidatingAdmissionPolicyBindingSpecPtrOutput() ValidatingAdmissionPolicyBindingSpecPtrOutput

func (ValidatingAdmissionPolicyBindingSpecPtrOutput) ToValidatingAdmissionPolicyBindingSpecPtrOutputWithContext

func (o ValidatingAdmissionPolicyBindingSpecPtrOutput) ToValidatingAdmissionPolicyBindingSpecPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingSpecPtrOutput

func (ValidatingAdmissionPolicyBindingSpecPtrOutput) ValidationActions

validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.

Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.

validationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.

The supported actions values are:

"Deny" specifies that a validation failure results in a denied request.

"Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.

"Audit" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{"message": "Invalid value", {"policy": "policy.example.com", {"binding": "policybinding.example.com", {"expressionIndex": "1", {"validationActions": ["Audit"]}]"`

Clients should expect to handle additional values by ignoring any values not recognized.

"Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.

Required.

type ValidatingAdmissionPolicyBindingState

type ValidatingAdmissionPolicyBindingState struct {
}

func (ValidatingAdmissionPolicyBindingState) ElementType

type ValidatingAdmissionPolicyBindingType

type ValidatingAdmissionPolicyBindingType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata *metav1.ObjectMeta `pulumi:"metadata"`
	// Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.
	Spec *ValidatingAdmissionPolicyBindingSpec `pulumi:"spec"`
}

ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.

For a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.

The CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.

type ValidatingAdmissionPolicyBindingTypeArgs

type ValidatingAdmissionPolicyBindingTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPtrInput `pulumi:"metadata"`
	// Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.
	Spec ValidatingAdmissionPolicyBindingSpecPtrInput `pulumi:"spec"`
}

ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.

For a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.

The CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.

func (ValidatingAdmissionPolicyBindingTypeArgs) ElementType

func (ValidatingAdmissionPolicyBindingTypeArgs) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingTypeArgs) ToValidatingAdmissionPolicyBindingTypeOutput

func (i ValidatingAdmissionPolicyBindingTypeArgs) ToValidatingAdmissionPolicyBindingTypeOutput() ValidatingAdmissionPolicyBindingTypeOutput

func (ValidatingAdmissionPolicyBindingTypeArgs) ToValidatingAdmissionPolicyBindingTypeOutputWithContext

func (i ValidatingAdmissionPolicyBindingTypeArgs) ToValidatingAdmissionPolicyBindingTypeOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingTypeOutput

type ValidatingAdmissionPolicyBindingTypeArray

type ValidatingAdmissionPolicyBindingTypeArray []ValidatingAdmissionPolicyBindingTypeInput

func (ValidatingAdmissionPolicyBindingTypeArray) ElementType

func (ValidatingAdmissionPolicyBindingTypeArray) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingTypeArray) ToValidatingAdmissionPolicyBindingTypeArrayOutput

func (i ValidatingAdmissionPolicyBindingTypeArray) ToValidatingAdmissionPolicyBindingTypeArrayOutput() ValidatingAdmissionPolicyBindingTypeArrayOutput

func (ValidatingAdmissionPolicyBindingTypeArray) ToValidatingAdmissionPolicyBindingTypeArrayOutputWithContext

func (i ValidatingAdmissionPolicyBindingTypeArray) ToValidatingAdmissionPolicyBindingTypeArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingTypeArrayOutput

type ValidatingAdmissionPolicyBindingTypeArrayInput

type ValidatingAdmissionPolicyBindingTypeArrayInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingTypeArrayOutput() ValidatingAdmissionPolicyBindingTypeArrayOutput
	ToValidatingAdmissionPolicyBindingTypeArrayOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingTypeArrayOutput
}

ValidatingAdmissionPolicyBindingTypeArrayInput is an input type that accepts ValidatingAdmissionPolicyBindingTypeArray and ValidatingAdmissionPolicyBindingTypeArrayOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingTypeArrayInput` via:

ValidatingAdmissionPolicyBindingTypeArray{ ValidatingAdmissionPolicyBindingTypeArgs{...} }

type ValidatingAdmissionPolicyBindingTypeArrayOutput

type ValidatingAdmissionPolicyBindingTypeArrayOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyBindingTypeArrayOutput) ElementType

func (ValidatingAdmissionPolicyBindingTypeArrayOutput) Index

func (ValidatingAdmissionPolicyBindingTypeArrayOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingTypeArrayOutput) ToValidatingAdmissionPolicyBindingTypeArrayOutput

func (o ValidatingAdmissionPolicyBindingTypeArrayOutput) ToValidatingAdmissionPolicyBindingTypeArrayOutput() ValidatingAdmissionPolicyBindingTypeArrayOutput

func (ValidatingAdmissionPolicyBindingTypeArrayOutput) ToValidatingAdmissionPolicyBindingTypeArrayOutputWithContext

func (o ValidatingAdmissionPolicyBindingTypeArrayOutput) ToValidatingAdmissionPolicyBindingTypeArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingTypeArrayOutput

type ValidatingAdmissionPolicyBindingTypeInput

type ValidatingAdmissionPolicyBindingTypeInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyBindingTypeOutput() ValidatingAdmissionPolicyBindingTypeOutput
	ToValidatingAdmissionPolicyBindingTypeOutputWithContext(context.Context) ValidatingAdmissionPolicyBindingTypeOutput
}

ValidatingAdmissionPolicyBindingTypeInput is an input type that accepts ValidatingAdmissionPolicyBindingTypeArgs and ValidatingAdmissionPolicyBindingTypeOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyBindingTypeInput` via:

ValidatingAdmissionPolicyBindingTypeArgs{...}

type ValidatingAdmissionPolicyBindingTypeOutput

type ValidatingAdmissionPolicyBindingTypeOutput struct{ *pulumi.OutputState }

ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.

For a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.

The CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.

func (ValidatingAdmissionPolicyBindingTypeOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingAdmissionPolicyBindingTypeOutput) ElementType

func (ValidatingAdmissionPolicyBindingTypeOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyBindingTypeOutput) Metadata

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (ValidatingAdmissionPolicyBindingTypeOutput) Spec

Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.

func (ValidatingAdmissionPolicyBindingTypeOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyBindingTypeOutput) ToValidatingAdmissionPolicyBindingTypeOutput

func (o ValidatingAdmissionPolicyBindingTypeOutput) ToValidatingAdmissionPolicyBindingTypeOutput() ValidatingAdmissionPolicyBindingTypeOutput

func (ValidatingAdmissionPolicyBindingTypeOutput) ToValidatingAdmissionPolicyBindingTypeOutputWithContext

func (o ValidatingAdmissionPolicyBindingTypeOutput) ToValidatingAdmissionPolicyBindingTypeOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyBindingTypeOutput

type ValidatingAdmissionPolicyInput

type ValidatingAdmissionPolicyInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyOutput() ValidatingAdmissionPolicyOutput
	ToValidatingAdmissionPolicyOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyOutput
}

type ValidatingAdmissionPolicyList

type ValidatingAdmissionPolicyList struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringOutput `pulumi:"apiVersion"`
	// List of ValidatingAdmissionPolicy.
	Items ValidatingAdmissionPolicyTypeArrayOutput `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringOutput `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaOutput `pulumi:"metadata"`
}

ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy.

func GetValidatingAdmissionPolicyList

func GetValidatingAdmissionPolicyList(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ValidatingAdmissionPolicyListState, opts ...pulumi.ResourceOption) (*ValidatingAdmissionPolicyList, error)

GetValidatingAdmissionPolicyList gets an existing ValidatingAdmissionPolicyList resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewValidatingAdmissionPolicyList

func NewValidatingAdmissionPolicyList(ctx *pulumi.Context,
	name string, args *ValidatingAdmissionPolicyListArgs, opts ...pulumi.ResourceOption) (*ValidatingAdmissionPolicyList, error)

NewValidatingAdmissionPolicyList registers a new resource with the given unique name, arguments, and options.

func (*ValidatingAdmissionPolicyList) ElementType

func (*ValidatingAdmissionPolicyList) ToOutput added in v4.2.0

func (*ValidatingAdmissionPolicyList) ToValidatingAdmissionPolicyListOutput

func (i *ValidatingAdmissionPolicyList) ToValidatingAdmissionPolicyListOutput() ValidatingAdmissionPolicyListOutput

func (*ValidatingAdmissionPolicyList) ToValidatingAdmissionPolicyListOutputWithContext

func (i *ValidatingAdmissionPolicyList) ToValidatingAdmissionPolicyListOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyListOutput

type ValidatingAdmissionPolicyListArgs

type ValidatingAdmissionPolicyListArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// List of ValidatingAdmissionPolicy.
	Items ValidatingAdmissionPolicyTypeArrayInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaPtrInput
}

The set of arguments for constructing a ValidatingAdmissionPolicyList resource.

func (ValidatingAdmissionPolicyListArgs) ElementType

type ValidatingAdmissionPolicyListArray

type ValidatingAdmissionPolicyListArray []ValidatingAdmissionPolicyListInput

func (ValidatingAdmissionPolicyListArray) ElementType

func (ValidatingAdmissionPolicyListArray) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyListArray) ToValidatingAdmissionPolicyListArrayOutput

func (i ValidatingAdmissionPolicyListArray) ToValidatingAdmissionPolicyListArrayOutput() ValidatingAdmissionPolicyListArrayOutput

func (ValidatingAdmissionPolicyListArray) ToValidatingAdmissionPolicyListArrayOutputWithContext

func (i ValidatingAdmissionPolicyListArray) ToValidatingAdmissionPolicyListArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyListArrayOutput

type ValidatingAdmissionPolicyListArrayInput

type ValidatingAdmissionPolicyListArrayInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyListArrayOutput() ValidatingAdmissionPolicyListArrayOutput
	ToValidatingAdmissionPolicyListArrayOutputWithContext(context.Context) ValidatingAdmissionPolicyListArrayOutput
}

ValidatingAdmissionPolicyListArrayInput is an input type that accepts ValidatingAdmissionPolicyListArray and ValidatingAdmissionPolicyListArrayOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyListArrayInput` via:

ValidatingAdmissionPolicyListArray{ ValidatingAdmissionPolicyListArgs{...} }

type ValidatingAdmissionPolicyListArrayOutput

type ValidatingAdmissionPolicyListArrayOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyListArrayOutput) ElementType

func (ValidatingAdmissionPolicyListArrayOutput) Index

func (ValidatingAdmissionPolicyListArrayOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyListArrayOutput) ToValidatingAdmissionPolicyListArrayOutput

func (o ValidatingAdmissionPolicyListArrayOutput) ToValidatingAdmissionPolicyListArrayOutput() ValidatingAdmissionPolicyListArrayOutput

func (ValidatingAdmissionPolicyListArrayOutput) ToValidatingAdmissionPolicyListArrayOutputWithContext

func (o ValidatingAdmissionPolicyListArrayOutput) ToValidatingAdmissionPolicyListArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyListArrayOutput

type ValidatingAdmissionPolicyListInput

type ValidatingAdmissionPolicyListInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyListOutput() ValidatingAdmissionPolicyListOutput
	ToValidatingAdmissionPolicyListOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyListOutput
}

type ValidatingAdmissionPolicyListMap

type ValidatingAdmissionPolicyListMap map[string]ValidatingAdmissionPolicyListInput

func (ValidatingAdmissionPolicyListMap) ElementType

func (ValidatingAdmissionPolicyListMap) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyListMap) ToValidatingAdmissionPolicyListMapOutput

func (i ValidatingAdmissionPolicyListMap) ToValidatingAdmissionPolicyListMapOutput() ValidatingAdmissionPolicyListMapOutput

func (ValidatingAdmissionPolicyListMap) ToValidatingAdmissionPolicyListMapOutputWithContext

func (i ValidatingAdmissionPolicyListMap) ToValidatingAdmissionPolicyListMapOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyListMapOutput

type ValidatingAdmissionPolicyListMapInput

type ValidatingAdmissionPolicyListMapInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyListMapOutput() ValidatingAdmissionPolicyListMapOutput
	ToValidatingAdmissionPolicyListMapOutputWithContext(context.Context) ValidatingAdmissionPolicyListMapOutput
}

ValidatingAdmissionPolicyListMapInput is an input type that accepts ValidatingAdmissionPolicyListMap and ValidatingAdmissionPolicyListMapOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyListMapInput` via:

ValidatingAdmissionPolicyListMap{ "key": ValidatingAdmissionPolicyListArgs{...} }

type ValidatingAdmissionPolicyListMapOutput

type ValidatingAdmissionPolicyListMapOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyListMapOutput) ElementType

func (ValidatingAdmissionPolicyListMapOutput) MapIndex

func (ValidatingAdmissionPolicyListMapOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyListMapOutput) ToValidatingAdmissionPolicyListMapOutput

func (o ValidatingAdmissionPolicyListMapOutput) ToValidatingAdmissionPolicyListMapOutput() ValidatingAdmissionPolicyListMapOutput

func (ValidatingAdmissionPolicyListMapOutput) ToValidatingAdmissionPolicyListMapOutputWithContext

func (o ValidatingAdmissionPolicyListMapOutput) ToValidatingAdmissionPolicyListMapOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyListMapOutput

type ValidatingAdmissionPolicyListOutput

type ValidatingAdmissionPolicyListOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyListOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingAdmissionPolicyListOutput) ElementType

func (ValidatingAdmissionPolicyListOutput) Items

List of ValidatingAdmissionPolicy.

func (ValidatingAdmissionPolicyListOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyListOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyListOutput) ToValidatingAdmissionPolicyListOutput

func (o ValidatingAdmissionPolicyListOutput) ToValidatingAdmissionPolicyListOutput() ValidatingAdmissionPolicyListOutput

func (ValidatingAdmissionPolicyListOutput) ToValidatingAdmissionPolicyListOutputWithContext

func (o ValidatingAdmissionPolicyListOutput) ToValidatingAdmissionPolicyListOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyListOutput

type ValidatingAdmissionPolicyListState

type ValidatingAdmissionPolicyListState struct {
}

func (ValidatingAdmissionPolicyListState) ElementType

type ValidatingAdmissionPolicyListType

type ValidatingAdmissionPolicyListType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// List of ValidatingAdmissionPolicy.
	Items []ValidatingAdmissionPolicyType `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata *metav1.ListMeta `pulumi:"metadata"`
}

ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy.

type ValidatingAdmissionPolicyListTypeArgs

type ValidatingAdmissionPolicyListTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// List of ValidatingAdmissionPolicy.
	Items ValidatingAdmissionPolicyTypeArrayInput `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaPtrInput `pulumi:"metadata"`
}

ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy.

func (ValidatingAdmissionPolicyListTypeArgs) ElementType

func (ValidatingAdmissionPolicyListTypeArgs) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyListTypeArgs) ToValidatingAdmissionPolicyListTypeOutput

func (i ValidatingAdmissionPolicyListTypeArgs) ToValidatingAdmissionPolicyListTypeOutput() ValidatingAdmissionPolicyListTypeOutput

func (ValidatingAdmissionPolicyListTypeArgs) ToValidatingAdmissionPolicyListTypeOutputWithContext

func (i ValidatingAdmissionPolicyListTypeArgs) ToValidatingAdmissionPolicyListTypeOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyListTypeOutput

type ValidatingAdmissionPolicyListTypeInput

type ValidatingAdmissionPolicyListTypeInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyListTypeOutput() ValidatingAdmissionPolicyListTypeOutput
	ToValidatingAdmissionPolicyListTypeOutputWithContext(context.Context) ValidatingAdmissionPolicyListTypeOutput
}

ValidatingAdmissionPolicyListTypeInput is an input type that accepts ValidatingAdmissionPolicyListTypeArgs and ValidatingAdmissionPolicyListTypeOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyListTypeInput` via:

ValidatingAdmissionPolicyListTypeArgs{...}

type ValidatingAdmissionPolicyListTypeOutput

type ValidatingAdmissionPolicyListTypeOutput struct{ *pulumi.OutputState }

ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy.

func (ValidatingAdmissionPolicyListTypeOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingAdmissionPolicyListTypeOutput) ElementType

func (ValidatingAdmissionPolicyListTypeOutput) Items

List of ValidatingAdmissionPolicy.

func (ValidatingAdmissionPolicyListTypeOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyListTypeOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyListTypeOutput) ToValidatingAdmissionPolicyListTypeOutput

func (o ValidatingAdmissionPolicyListTypeOutput) ToValidatingAdmissionPolicyListTypeOutput() ValidatingAdmissionPolicyListTypeOutput

func (ValidatingAdmissionPolicyListTypeOutput) ToValidatingAdmissionPolicyListTypeOutputWithContext

func (o ValidatingAdmissionPolicyListTypeOutput) ToValidatingAdmissionPolicyListTypeOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyListTypeOutput

type ValidatingAdmissionPolicyMap

type ValidatingAdmissionPolicyMap map[string]ValidatingAdmissionPolicyInput

func (ValidatingAdmissionPolicyMap) ElementType

func (ValidatingAdmissionPolicyMap) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyMap) ToValidatingAdmissionPolicyMapOutput

func (i ValidatingAdmissionPolicyMap) ToValidatingAdmissionPolicyMapOutput() ValidatingAdmissionPolicyMapOutput

func (ValidatingAdmissionPolicyMap) ToValidatingAdmissionPolicyMapOutputWithContext

func (i ValidatingAdmissionPolicyMap) ToValidatingAdmissionPolicyMapOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyMapOutput

type ValidatingAdmissionPolicyMapInput

type ValidatingAdmissionPolicyMapInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyMapOutput() ValidatingAdmissionPolicyMapOutput
	ToValidatingAdmissionPolicyMapOutputWithContext(context.Context) ValidatingAdmissionPolicyMapOutput
}

ValidatingAdmissionPolicyMapInput is an input type that accepts ValidatingAdmissionPolicyMap and ValidatingAdmissionPolicyMapOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyMapInput` via:

ValidatingAdmissionPolicyMap{ "key": ValidatingAdmissionPolicyArgs{...} }

type ValidatingAdmissionPolicyMapOutput

type ValidatingAdmissionPolicyMapOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyMapOutput) ElementType

func (ValidatingAdmissionPolicyMapOutput) MapIndex

func (ValidatingAdmissionPolicyMapOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyMapOutput) ToValidatingAdmissionPolicyMapOutput

func (o ValidatingAdmissionPolicyMapOutput) ToValidatingAdmissionPolicyMapOutput() ValidatingAdmissionPolicyMapOutput

func (ValidatingAdmissionPolicyMapOutput) ToValidatingAdmissionPolicyMapOutputWithContext

func (o ValidatingAdmissionPolicyMapOutput) ToValidatingAdmissionPolicyMapOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyMapOutput

type ValidatingAdmissionPolicyOutput

type ValidatingAdmissionPolicyOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingAdmissionPolicyOutput) ElementType

func (ValidatingAdmissionPolicyOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyOutput) Metadata

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (ValidatingAdmissionPolicyOutput) Spec

Specification of the desired behavior of the ValidatingAdmissionPolicy.

func (ValidatingAdmissionPolicyOutput) Status

The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.

func (ValidatingAdmissionPolicyOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyOutput) ToValidatingAdmissionPolicyOutput

func (o ValidatingAdmissionPolicyOutput) ToValidatingAdmissionPolicyOutput() ValidatingAdmissionPolicyOutput

func (ValidatingAdmissionPolicyOutput) ToValidatingAdmissionPolicyOutputWithContext

func (o ValidatingAdmissionPolicyOutput) ToValidatingAdmissionPolicyOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyOutput

type ValidatingAdmissionPolicyPatch

type ValidatingAdmissionPolicyPatch struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrOutput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrOutput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrOutput `pulumi:"metadata"`
	// Specification of the desired behavior of the ValidatingAdmissionPolicy.
	Spec ValidatingAdmissionPolicySpecPatchPtrOutput `pulumi:"spec"`
	// The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.
	Status ValidatingAdmissionPolicyStatusPatchPtrOutput `pulumi:"status"`
}

Patch resources are used to modify existing Kubernetes resources by using Server-Side Apply updates. The name of the resource must be specified, but all other properties are optional. More than one patch may be applied to the same resource, and a random FieldManager name will be used for each Patch resource. Conflicts will result in an error by default, but can be forced using the "pulumi.com/patchForce" annotation. See the [Server-Side Apply Docs](https://www.pulumi.com/registry/packages/kubernetes/how-to-guides/managing-resources-with-server-side-apply/) for additional information about using Server-Side Apply to manage Kubernetes resources with Pulumi. ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.

func GetValidatingAdmissionPolicyPatch

func GetValidatingAdmissionPolicyPatch(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ValidatingAdmissionPolicyPatchState, opts ...pulumi.ResourceOption) (*ValidatingAdmissionPolicyPatch, error)

GetValidatingAdmissionPolicyPatch gets an existing ValidatingAdmissionPolicyPatch resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewValidatingAdmissionPolicyPatch

func NewValidatingAdmissionPolicyPatch(ctx *pulumi.Context,
	name string, args *ValidatingAdmissionPolicyPatchArgs, opts ...pulumi.ResourceOption) (*ValidatingAdmissionPolicyPatch, error)

NewValidatingAdmissionPolicyPatch registers a new resource with the given unique name, arguments, and options.

func (*ValidatingAdmissionPolicyPatch) ElementType

func (*ValidatingAdmissionPolicyPatch) ToOutput added in v4.2.0

func (*ValidatingAdmissionPolicyPatch) ToValidatingAdmissionPolicyPatchOutput

func (i *ValidatingAdmissionPolicyPatch) ToValidatingAdmissionPolicyPatchOutput() ValidatingAdmissionPolicyPatchOutput

func (*ValidatingAdmissionPolicyPatch) ToValidatingAdmissionPolicyPatchOutputWithContext

func (i *ValidatingAdmissionPolicyPatch) ToValidatingAdmissionPolicyPatchOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyPatchOutput

type ValidatingAdmissionPolicyPatchArgs

type ValidatingAdmissionPolicyPatchArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrInput
	// Specification of the desired behavior of the ValidatingAdmissionPolicy.
	Spec ValidatingAdmissionPolicySpecPatchPtrInput
}

The set of arguments for constructing a ValidatingAdmissionPolicyPatch resource.

func (ValidatingAdmissionPolicyPatchArgs) ElementType

type ValidatingAdmissionPolicyPatchArray

type ValidatingAdmissionPolicyPatchArray []ValidatingAdmissionPolicyPatchInput

func (ValidatingAdmissionPolicyPatchArray) ElementType

func (ValidatingAdmissionPolicyPatchArray) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyPatchArray) ToValidatingAdmissionPolicyPatchArrayOutput

func (i ValidatingAdmissionPolicyPatchArray) ToValidatingAdmissionPolicyPatchArrayOutput() ValidatingAdmissionPolicyPatchArrayOutput

func (ValidatingAdmissionPolicyPatchArray) ToValidatingAdmissionPolicyPatchArrayOutputWithContext

func (i ValidatingAdmissionPolicyPatchArray) ToValidatingAdmissionPolicyPatchArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyPatchArrayOutput

type ValidatingAdmissionPolicyPatchArrayInput

type ValidatingAdmissionPolicyPatchArrayInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyPatchArrayOutput() ValidatingAdmissionPolicyPatchArrayOutput
	ToValidatingAdmissionPolicyPatchArrayOutputWithContext(context.Context) ValidatingAdmissionPolicyPatchArrayOutput
}

ValidatingAdmissionPolicyPatchArrayInput is an input type that accepts ValidatingAdmissionPolicyPatchArray and ValidatingAdmissionPolicyPatchArrayOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyPatchArrayInput` via:

ValidatingAdmissionPolicyPatchArray{ ValidatingAdmissionPolicyPatchArgs{...} }

type ValidatingAdmissionPolicyPatchArrayOutput

type ValidatingAdmissionPolicyPatchArrayOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyPatchArrayOutput) ElementType

func (ValidatingAdmissionPolicyPatchArrayOutput) Index

func (ValidatingAdmissionPolicyPatchArrayOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyPatchArrayOutput) ToValidatingAdmissionPolicyPatchArrayOutput

func (o ValidatingAdmissionPolicyPatchArrayOutput) ToValidatingAdmissionPolicyPatchArrayOutput() ValidatingAdmissionPolicyPatchArrayOutput

func (ValidatingAdmissionPolicyPatchArrayOutput) ToValidatingAdmissionPolicyPatchArrayOutputWithContext

func (o ValidatingAdmissionPolicyPatchArrayOutput) ToValidatingAdmissionPolicyPatchArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyPatchArrayOutput

type ValidatingAdmissionPolicyPatchInput

type ValidatingAdmissionPolicyPatchInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyPatchOutput() ValidatingAdmissionPolicyPatchOutput
	ToValidatingAdmissionPolicyPatchOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyPatchOutput
}

type ValidatingAdmissionPolicyPatchMap

type ValidatingAdmissionPolicyPatchMap map[string]ValidatingAdmissionPolicyPatchInput

func (ValidatingAdmissionPolicyPatchMap) ElementType

func (ValidatingAdmissionPolicyPatchMap) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyPatchMap) ToValidatingAdmissionPolicyPatchMapOutput

func (i ValidatingAdmissionPolicyPatchMap) ToValidatingAdmissionPolicyPatchMapOutput() ValidatingAdmissionPolicyPatchMapOutput

func (ValidatingAdmissionPolicyPatchMap) ToValidatingAdmissionPolicyPatchMapOutputWithContext

func (i ValidatingAdmissionPolicyPatchMap) ToValidatingAdmissionPolicyPatchMapOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyPatchMapOutput

type ValidatingAdmissionPolicyPatchMapInput

type ValidatingAdmissionPolicyPatchMapInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyPatchMapOutput() ValidatingAdmissionPolicyPatchMapOutput
	ToValidatingAdmissionPolicyPatchMapOutputWithContext(context.Context) ValidatingAdmissionPolicyPatchMapOutput
}

ValidatingAdmissionPolicyPatchMapInput is an input type that accepts ValidatingAdmissionPolicyPatchMap and ValidatingAdmissionPolicyPatchMapOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyPatchMapInput` via:

ValidatingAdmissionPolicyPatchMap{ "key": ValidatingAdmissionPolicyPatchArgs{...} }

type ValidatingAdmissionPolicyPatchMapOutput

type ValidatingAdmissionPolicyPatchMapOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyPatchMapOutput) ElementType

func (ValidatingAdmissionPolicyPatchMapOutput) MapIndex

func (ValidatingAdmissionPolicyPatchMapOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyPatchMapOutput) ToValidatingAdmissionPolicyPatchMapOutput

func (o ValidatingAdmissionPolicyPatchMapOutput) ToValidatingAdmissionPolicyPatchMapOutput() ValidatingAdmissionPolicyPatchMapOutput

func (ValidatingAdmissionPolicyPatchMapOutput) ToValidatingAdmissionPolicyPatchMapOutputWithContext

func (o ValidatingAdmissionPolicyPatchMapOutput) ToValidatingAdmissionPolicyPatchMapOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyPatchMapOutput

type ValidatingAdmissionPolicyPatchOutput

type ValidatingAdmissionPolicyPatchOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyPatchOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingAdmissionPolicyPatchOutput) ElementType

func (ValidatingAdmissionPolicyPatchOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyPatchOutput) Spec

Specification of the desired behavior of the ValidatingAdmissionPolicy.

func (ValidatingAdmissionPolicyPatchOutput) Status

The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.

func (ValidatingAdmissionPolicyPatchOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyPatchOutput) ToValidatingAdmissionPolicyPatchOutput

func (o ValidatingAdmissionPolicyPatchOutput) ToValidatingAdmissionPolicyPatchOutput() ValidatingAdmissionPolicyPatchOutput

func (ValidatingAdmissionPolicyPatchOutput) ToValidatingAdmissionPolicyPatchOutputWithContext

func (o ValidatingAdmissionPolicyPatchOutput) ToValidatingAdmissionPolicyPatchOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyPatchOutput

type ValidatingAdmissionPolicyPatchState

type ValidatingAdmissionPolicyPatchState struct {
}

func (ValidatingAdmissionPolicyPatchState) ElementType

type ValidatingAdmissionPolicyPatchType

type ValidatingAdmissionPolicyPatchType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata *metav1.ObjectMetaPatch `pulumi:"metadata"`
	// Specification of the desired behavior of the ValidatingAdmissionPolicy.
	Spec *ValidatingAdmissionPolicySpecPatch `pulumi:"spec"`
	// The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.
	Status *ValidatingAdmissionPolicyStatusPatch `pulumi:"status"`
}

ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.

type ValidatingAdmissionPolicyPatchTypeArgs

type ValidatingAdmissionPolicyPatchTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrInput `pulumi:"metadata"`
	// Specification of the desired behavior of the ValidatingAdmissionPolicy.
	Spec ValidatingAdmissionPolicySpecPatchPtrInput `pulumi:"spec"`
	// The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.
	Status ValidatingAdmissionPolicyStatusPatchPtrInput `pulumi:"status"`
}

ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.

func (ValidatingAdmissionPolicyPatchTypeArgs) ElementType

func (ValidatingAdmissionPolicyPatchTypeArgs) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyPatchTypeArgs) ToValidatingAdmissionPolicyPatchTypeOutput

func (i ValidatingAdmissionPolicyPatchTypeArgs) ToValidatingAdmissionPolicyPatchTypeOutput() ValidatingAdmissionPolicyPatchTypeOutput

func (ValidatingAdmissionPolicyPatchTypeArgs) ToValidatingAdmissionPolicyPatchTypeOutputWithContext

func (i ValidatingAdmissionPolicyPatchTypeArgs) ToValidatingAdmissionPolicyPatchTypeOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyPatchTypeOutput

type ValidatingAdmissionPolicyPatchTypeInput

type ValidatingAdmissionPolicyPatchTypeInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyPatchTypeOutput() ValidatingAdmissionPolicyPatchTypeOutput
	ToValidatingAdmissionPolicyPatchTypeOutputWithContext(context.Context) ValidatingAdmissionPolicyPatchTypeOutput
}

ValidatingAdmissionPolicyPatchTypeInput is an input type that accepts ValidatingAdmissionPolicyPatchTypeArgs and ValidatingAdmissionPolicyPatchTypeOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyPatchTypeInput` via:

ValidatingAdmissionPolicyPatchTypeArgs{...}

type ValidatingAdmissionPolicyPatchTypeOutput

type ValidatingAdmissionPolicyPatchTypeOutput struct{ *pulumi.OutputState }

ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.

func (ValidatingAdmissionPolicyPatchTypeOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingAdmissionPolicyPatchTypeOutput) ElementType

func (ValidatingAdmissionPolicyPatchTypeOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyPatchTypeOutput) Spec

Specification of the desired behavior of the ValidatingAdmissionPolicy.

func (ValidatingAdmissionPolicyPatchTypeOutput) Status

The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.

func (ValidatingAdmissionPolicyPatchTypeOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyPatchTypeOutput) ToValidatingAdmissionPolicyPatchTypeOutput

func (o ValidatingAdmissionPolicyPatchTypeOutput) ToValidatingAdmissionPolicyPatchTypeOutput() ValidatingAdmissionPolicyPatchTypeOutput

func (ValidatingAdmissionPolicyPatchTypeOutput) ToValidatingAdmissionPolicyPatchTypeOutputWithContext

func (o ValidatingAdmissionPolicyPatchTypeOutput) ToValidatingAdmissionPolicyPatchTypeOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyPatchTypeOutput

type ValidatingAdmissionPolicySpec

type ValidatingAdmissionPolicySpec struct {
	// auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required.
	AuditAnnotations []AuditAnnotation `pulumi:"auditAnnotations"`
	// failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.
	//
	// A policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource.
	//
	// failurePolicy does not define how validations that evaluate to false are handled.
	//
	// When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.
	//
	// Allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy *string `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// If a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the policy is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the policy is skipped
	MatchConditions []MatchCondition `pulumi:"matchConditions"`
	// MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request if it matches _all_ Constraints. However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Required.
	MatchConstraints *MatchResources `pulumi:"matchConstraints"`
	// ParamKind specifies the kind of resources used to parameterize this policy. If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.
	ParamKind *ParamKind `pulumi:"paramKind"`
	// Validations contain CEL expressions which is used to apply the validation. Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is required.
	Validations []Validation `pulumi:"validations"`
	// Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.
	//
	// The expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.
	Variables []Variable `pulumi:"variables"`
}

ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.

type ValidatingAdmissionPolicySpecArgs

type ValidatingAdmissionPolicySpecArgs struct {
	// auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required.
	AuditAnnotations AuditAnnotationArrayInput `pulumi:"auditAnnotations"`
	// failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.
	//
	// A policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource.
	//
	// failurePolicy does not define how validations that evaluate to false are handled.
	//
	// When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.
	//
	// Allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy pulumi.StringPtrInput `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// If a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the policy is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the policy is skipped
	MatchConditions MatchConditionArrayInput `pulumi:"matchConditions"`
	// MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request if it matches _all_ Constraints. However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Required.
	MatchConstraints MatchResourcesPtrInput `pulumi:"matchConstraints"`
	// ParamKind specifies the kind of resources used to parameterize this policy. If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.
	ParamKind ParamKindPtrInput `pulumi:"paramKind"`
	// Validations contain CEL expressions which is used to apply the validation. Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is required.
	Validations ValidationArrayInput `pulumi:"validations"`
	// Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.
	//
	// The expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.
	Variables VariableArrayInput `pulumi:"variables"`
}

ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.

func (ValidatingAdmissionPolicySpecArgs) ElementType

func (ValidatingAdmissionPolicySpecArgs) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicySpecArgs) ToValidatingAdmissionPolicySpecOutput

func (i ValidatingAdmissionPolicySpecArgs) ToValidatingAdmissionPolicySpecOutput() ValidatingAdmissionPolicySpecOutput

func (ValidatingAdmissionPolicySpecArgs) ToValidatingAdmissionPolicySpecOutputWithContext

func (i ValidatingAdmissionPolicySpecArgs) ToValidatingAdmissionPolicySpecOutputWithContext(ctx context.Context) ValidatingAdmissionPolicySpecOutput

func (ValidatingAdmissionPolicySpecArgs) ToValidatingAdmissionPolicySpecPtrOutput

func (i ValidatingAdmissionPolicySpecArgs) ToValidatingAdmissionPolicySpecPtrOutput() ValidatingAdmissionPolicySpecPtrOutput

func (ValidatingAdmissionPolicySpecArgs) ToValidatingAdmissionPolicySpecPtrOutputWithContext

func (i ValidatingAdmissionPolicySpecArgs) ToValidatingAdmissionPolicySpecPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicySpecPtrOutput

type ValidatingAdmissionPolicySpecInput

type ValidatingAdmissionPolicySpecInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicySpecOutput() ValidatingAdmissionPolicySpecOutput
	ToValidatingAdmissionPolicySpecOutputWithContext(context.Context) ValidatingAdmissionPolicySpecOutput
}

ValidatingAdmissionPolicySpecInput is an input type that accepts ValidatingAdmissionPolicySpecArgs and ValidatingAdmissionPolicySpecOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicySpecInput` via:

ValidatingAdmissionPolicySpecArgs{...}

type ValidatingAdmissionPolicySpecOutput

type ValidatingAdmissionPolicySpecOutput struct{ *pulumi.OutputState }

ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.

func (ValidatingAdmissionPolicySpecOutput) AuditAnnotations

auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required.

func (ValidatingAdmissionPolicySpecOutput) ElementType

func (ValidatingAdmissionPolicySpecOutput) FailurePolicy

failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.

A policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource.

failurePolicy does not define how validations that evaluate to false are handled.

When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.

Allowed values are Ignore or Fail. Defaults to Fail.

func (ValidatingAdmissionPolicySpecOutput) MatchConditions

MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.

If a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.

The exact matching logic is (in order):

  1. If ANY matchCondition evaluates to FALSE, the policy is skipped.
  2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.
  3. If any matchCondition evaluates to an error (but none are FALSE): - If failurePolicy=Fail, reject the request - If failurePolicy=Ignore, the policy is skipped

func (ValidatingAdmissionPolicySpecOutput) MatchConstraints

MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request if it matches _all_ Constraints. However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Required.

func (ValidatingAdmissionPolicySpecOutput) ParamKind

ParamKind specifies the kind of resources used to parameterize this policy. If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.

func (ValidatingAdmissionPolicySpecOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicySpecOutput) ToValidatingAdmissionPolicySpecOutput

func (o ValidatingAdmissionPolicySpecOutput) ToValidatingAdmissionPolicySpecOutput() ValidatingAdmissionPolicySpecOutput

func (ValidatingAdmissionPolicySpecOutput) ToValidatingAdmissionPolicySpecOutputWithContext

func (o ValidatingAdmissionPolicySpecOutput) ToValidatingAdmissionPolicySpecOutputWithContext(ctx context.Context) ValidatingAdmissionPolicySpecOutput

func (ValidatingAdmissionPolicySpecOutput) ToValidatingAdmissionPolicySpecPtrOutput

func (o ValidatingAdmissionPolicySpecOutput) ToValidatingAdmissionPolicySpecPtrOutput() ValidatingAdmissionPolicySpecPtrOutput

func (ValidatingAdmissionPolicySpecOutput) ToValidatingAdmissionPolicySpecPtrOutputWithContext

func (o ValidatingAdmissionPolicySpecOutput) ToValidatingAdmissionPolicySpecPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicySpecPtrOutput

func (ValidatingAdmissionPolicySpecOutput) Validations

Validations contain CEL expressions which is used to apply the validation. Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is required.

func (ValidatingAdmissionPolicySpecOutput) Variables added in v4.1.0

Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.

The expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.

type ValidatingAdmissionPolicySpecPatch

type ValidatingAdmissionPolicySpecPatch struct {
	// auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required.
	AuditAnnotations []AuditAnnotationPatch `pulumi:"auditAnnotations"`
	// failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.
	//
	// A policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource.
	//
	// failurePolicy does not define how validations that evaluate to false are handled.
	//
	// When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.
	//
	// Allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy *string `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// If a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the policy is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the policy is skipped
	MatchConditions []MatchConditionPatch `pulumi:"matchConditions"`
	// MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request if it matches _all_ Constraints. However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Required.
	MatchConstraints *MatchResourcesPatch `pulumi:"matchConstraints"`
	// ParamKind specifies the kind of resources used to parameterize this policy. If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.
	ParamKind *ParamKindPatch `pulumi:"paramKind"`
	// Validations contain CEL expressions which is used to apply the validation. Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is required.
	Validations []ValidationPatch `pulumi:"validations"`
	// Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.
	//
	// The expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.
	Variables []VariablePatch `pulumi:"variables"`
}

ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.

type ValidatingAdmissionPolicySpecPatchArgs

type ValidatingAdmissionPolicySpecPatchArgs struct {
	// auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required.
	AuditAnnotations AuditAnnotationPatchArrayInput `pulumi:"auditAnnotations"`
	// failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.
	//
	// A policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource.
	//
	// failurePolicy does not define how validations that evaluate to false are handled.
	//
	// When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.
	//
	// Allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy pulumi.StringPtrInput `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// If a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the policy is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the policy is skipped
	MatchConditions MatchConditionPatchArrayInput `pulumi:"matchConditions"`
	// MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request if it matches _all_ Constraints. However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Required.
	MatchConstraints MatchResourcesPatchPtrInput `pulumi:"matchConstraints"`
	// ParamKind specifies the kind of resources used to parameterize this policy. If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.
	ParamKind ParamKindPatchPtrInput `pulumi:"paramKind"`
	// Validations contain CEL expressions which is used to apply the validation. Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is required.
	Validations ValidationPatchArrayInput `pulumi:"validations"`
	// Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.
	//
	// The expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.
	Variables VariablePatchArrayInput `pulumi:"variables"`
}

ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.

func (ValidatingAdmissionPolicySpecPatchArgs) ElementType

func (ValidatingAdmissionPolicySpecPatchArgs) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicySpecPatchArgs) ToValidatingAdmissionPolicySpecPatchOutput

func (i ValidatingAdmissionPolicySpecPatchArgs) ToValidatingAdmissionPolicySpecPatchOutput() ValidatingAdmissionPolicySpecPatchOutput

func (ValidatingAdmissionPolicySpecPatchArgs) ToValidatingAdmissionPolicySpecPatchOutputWithContext

func (i ValidatingAdmissionPolicySpecPatchArgs) ToValidatingAdmissionPolicySpecPatchOutputWithContext(ctx context.Context) ValidatingAdmissionPolicySpecPatchOutput

func (ValidatingAdmissionPolicySpecPatchArgs) ToValidatingAdmissionPolicySpecPatchPtrOutput

func (i ValidatingAdmissionPolicySpecPatchArgs) ToValidatingAdmissionPolicySpecPatchPtrOutput() ValidatingAdmissionPolicySpecPatchPtrOutput

func (ValidatingAdmissionPolicySpecPatchArgs) ToValidatingAdmissionPolicySpecPatchPtrOutputWithContext

func (i ValidatingAdmissionPolicySpecPatchArgs) ToValidatingAdmissionPolicySpecPatchPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicySpecPatchPtrOutput

type ValidatingAdmissionPolicySpecPatchInput

type ValidatingAdmissionPolicySpecPatchInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicySpecPatchOutput() ValidatingAdmissionPolicySpecPatchOutput
	ToValidatingAdmissionPolicySpecPatchOutputWithContext(context.Context) ValidatingAdmissionPolicySpecPatchOutput
}

ValidatingAdmissionPolicySpecPatchInput is an input type that accepts ValidatingAdmissionPolicySpecPatchArgs and ValidatingAdmissionPolicySpecPatchOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicySpecPatchInput` via:

ValidatingAdmissionPolicySpecPatchArgs{...}

type ValidatingAdmissionPolicySpecPatchOutput

type ValidatingAdmissionPolicySpecPatchOutput struct{ *pulumi.OutputState }

ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.

func (ValidatingAdmissionPolicySpecPatchOutput) AuditAnnotations

auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required.

func (ValidatingAdmissionPolicySpecPatchOutput) ElementType

func (ValidatingAdmissionPolicySpecPatchOutput) FailurePolicy

failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.

A policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource.

failurePolicy does not define how validations that evaluate to false are handled.

When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.

Allowed values are Ignore or Fail. Defaults to Fail.

func (ValidatingAdmissionPolicySpecPatchOutput) MatchConditions

MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.

If a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.

The exact matching logic is (in order):

  1. If ANY matchCondition evaluates to FALSE, the policy is skipped.
  2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.
  3. If any matchCondition evaluates to an error (but none are FALSE): - If failurePolicy=Fail, reject the request - If failurePolicy=Ignore, the policy is skipped

func (ValidatingAdmissionPolicySpecPatchOutput) MatchConstraints

MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request if it matches _all_ Constraints. However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Required.

func (ValidatingAdmissionPolicySpecPatchOutput) ParamKind

ParamKind specifies the kind of resources used to parameterize this policy. If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.

func (ValidatingAdmissionPolicySpecPatchOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicySpecPatchOutput) ToValidatingAdmissionPolicySpecPatchOutput

func (o ValidatingAdmissionPolicySpecPatchOutput) ToValidatingAdmissionPolicySpecPatchOutput() ValidatingAdmissionPolicySpecPatchOutput

func (ValidatingAdmissionPolicySpecPatchOutput) ToValidatingAdmissionPolicySpecPatchOutputWithContext

func (o ValidatingAdmissionPolicySpecPatchOutput) ToValidatingAdmissionPolicySpecPatchOutputWithContext(ctx context.Context) ValidatingAdmissionPolicySpecPatchOutput

func (ValidatingAdmissionPolicySpecPatchOutput) ToValidatingAdmissionPolicySpecPatchPtrOutput

func (o ValidatingAdmissionPolicySpecPatchOutput) ToValidatingAdmissionPolicySpecPatchPtrOutput() ValidatingAdmissionPolicySpecPatchPtrOutput

func (ValidatingAdmissionPolicySpecPatchOutput) ToValidatingAdmissionPolicySpecPatchPtrOutputWithContext

func (o ValidatingAdmissionPolicySpecPatchOutput) ToValidatingAdmissionPolicySpecPatchPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicySpecPatchPtrOutput

func (ValidatingAdmissionPolicySpecPatchOutput) Validations

Validations contain CEL expressions which is used to apply the validation. Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is required.

func (ValidatingAdmissionPolicySpecPatchOutput) Variables added in v4.1.0

Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.

The expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.

type ValidatingAdmissionPolicySpecPatchPtrInput

type ValidatingAdmissionPolicySpecPatchPtrInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicySpecPatchPtrOutput() ValidatingAdmissionPolicySpecPatchPtrOutput
	ToValidatingAdmissionPolicySpecPatchPtrOutputWithContext(context.Context) ValidatingAdmissionPolicySpecPatchPtrOutput
}

ValidatingAdmissionPolicySpecPatchPtrInput is an input type that accepts ValidatingAdmissionPolicySpecPatchArgs, ValidatingAdmissionPolicySpecPatchPtr and ValidatingAdmissionPolicySpecPatchPtrOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicySpecPatchPtrInput` via:

        ValidatingAdmissionPolicySpecPatchArgs{...}

or:

        nil

type ValidatingAdmissionPolicySpecPatchPtrOutput

type ValidatingAdmissionPolicySpecPatchPtrOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicySpecPatchPtrOutput) AuditAnnotations

auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required.

func (ValidatingAdmissionPolicySpecPatchPtrOutput) Elem

func (ValidatingAdmissionPolicySpecPatchPtrOutput) ElementType

func (ValidatingAdmissionPolicySpecPatchPtrOutput) FailurePolicy

failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.

A policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource.

failurePolicy does not define how validations that evaluate to false are handled.

When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.

Allowed values are Ignore or Fail. Defaults to Fail.

func (ValidatingAdmissionPolicySpecPatchPtrOutput) MatchConditions

MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.

If a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.

The exact matching logic is (in order):

  1. If ANY matchCondition evaluates to FALSE, the policy is skipped.
  2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.
  3. If any matchCondition evaluates to an error (but none are FALSE): - If failurePolicy=Fail, reject the request - If failurePolicy=Ignore, the policy is skipped

func (ValidatingAdmissionPolicySpecPatchPtrOutput) MatchConstraints

MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request if it matches _all_ Constraints. However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Required.

func (ValidatingAdmissionPolicySpecPatchPtrOutput) ParamKind

ParamKind specifies the kind of resources used to parameterize this policy. If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.

func (ValidatingAdmissionPolicySpecPatchPtrOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicySpecPatchPtrOutput) ToValidatingAdmissionPolicySpecPatchPtrOutput

func (o ValidatingAdmissionPolicySpecPatchPtrOutput) ToValidatingAdmissionPolicySpecPatchPtrOutput() ValidatingAdmissionPolicySpecPatchPtrOutput

func (ValidatingAdmissionPolicySpecPatchPtrOutput) ToValidatingAdmissionPolicySpecPatchPtrOutputWithContext

func (o ValidatingAdmissionPolicySpecPatchPtrOutput) ToValidatingAdmissionPolicySpecPatchPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicySpecPatchPtrOutput

func (ValidatingAdmissionPolicySpecPatchPtrOutput) Validations

Validations contain CEL expressions which is used to apply the validation. Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is required.

func (ValidatingAdmissionPolicySpecPatchPtrOutput) Variables added in v4.1.0

Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.

The expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.

type ValidatingAdmissionPolicySpecPtrInput

type ValidatingAdmissionPolicySpecPtrInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicySpecPtrOutput() ValidatingAdmissionPolicySpecPtrOutput
	ToValidatingAdmissionPolicySpecPtrOutputWithContext(context.Context) ValidatingAdmissionPolicySpecPtrOutput
}

ValidatingAdmissionPolicySpecPtrInput is an input type that accepts ValidatingAdmissionPolicySpecArgs, ValidatingAdmissionPolicySpecPtr and ValidatingAdmissionPolicySpecPtrOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicySpecPtrInput` via:

        ValidatingAdmissionPolicySpecArgs{...}

or:

        nil

type ValidatingAdmissionPolicySpecPtrOutput

type ValidatingAdmissionPolicySpecPtrOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicySpecPtrOutput) AuditAnnotations

auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required.

func (ValidatingAdmissionPolicySpecPtrOutput) Elem

func (ValidatingAdmissionPolicySpecPtrOutput) ElementType

func (ValidatingAdmissionPolicySpecPtrOutput) FailurePolicy

failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.

A policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource.

failurePolicy does not define how validations that evaluate to false are handled.

When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.

Allowed values are Ignore or Fail. Defaults to Fail.

func (ValidatingAdmissionPolicySpecPtrOutput) MatchConditions

MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.

If a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.

The exact matching logic is (in order):

  1. If ANY matchCondition evaluates to FALSE, the policy is skipped.
  2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.
  3. If any matchCondition evaluates to an error (but none are FALSE): - If failurePolicy=Fail, reject the request - If failurePolicy=Ignore, the policy is skipped

func (ValidatingAdmissionPolicySpecPtrOutput) MatchConstraints

MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request if it matches _all_ Constraints. However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Required.

func (ValidatingAdmissionPolicySpecPtrOutput) ParamKind

ParamKind specifies the kind of resources used to parameterize this policy. If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.

func (ValidatingAdmissionPolicySpecPtrOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicySpecPtrOutput) ToValidatingAdmissionPolicySpecPtrOutput

func (o ValidatingAdmissionPolicySpecPtrOutput) ToValidatingAdmissionPolicySpecPtrOutput() ValidatingAdmissionPolicySpecPtrOutput

func (ValidatingAdmissionPolicySpecPtrOutput) ToValidatingAdmissionPolicySpecPtrOutputWithContext

func (o ValidatingAdmissionPolicySpecPtrOutput) ToValidatingAdmissionPolicySpecPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicySpecPtrOutput

func (ValidatingAdmissionPolicySpecPtrOutput) Validations

Validations contain CEL expressions which is used to apply the validation. Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is required.

func (ValidatingAdmissionPolicySpecPtrOutput) Variables added in v4.1.0

Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.

The expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.

type ValidatingAdmissionPolicyState

type ValidatingAdmissionPolicyState struct {
}

func (ValidatingAdmissionPolicyState) ElementType

type ValidatingAdmissionPolicyStatus

type ValidatingAdmissionPolicyStatus struct {
	// The conditions represent the latest available observations of a policy's current state.
	Conditions []metav1.Condition `pulumi:"conditions"`
	// The generation observed by the controller.
	ObservedGeneration *int `pulumi:"observedGeneration"`
	// The results of type checking for each expression. Presence of this field indicates the completion of the type checking.
	TypeChecking *TypeChecking `pulumi:"typeChecking"`
}

ValidatingAdmissionPolicyStatus represents the status of a ValidatingAdmissionPolicy.

type ValidatingAdmissionPolicyStatusArgs

type ValidatingAdmissionPolicyStatusArgs struct {
	// The conditions represent the latest available observations of a policy's current state.
	Conditions metav1.ConditionArrayInput `pulumi:"conditions"`
	// The generation observed by the controller.
	ObservedGeneration pulumi.IntPtrInput `pulumi:"observedGeneration"`
	// The results of type checking for each expression. Presence of this field indicates the completion of the type checking.
	TypeChecking TypeCheckingPtrInput `pulumi:"typeChecking"`
}

ValidatingAdmissionPolicyStatus represents the status of a ValidatingAdmissionPolicy.

func (ValidatingAdmissionPolicyStatusArgs) ElementType

func (ValidatingAdmissionPolicyStatusArgs) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyStatusArgs) ToValidatingAdmissionPolicyStatusOutput

func (i ValidatingAdmissionPolicyStatusArgs) ToValidatingAdmissionPolicyStatusOutput() ValidatingAdmissionPolicyStatusOutput

func (ValidatingAdmissionPolicyStatusArgs) ToValidatingAdmissionPolicyStatusOutputWithContext

func (i ValidatingAdmissionPolicyStatusArgs) ToValidatingAdmissionPolicyStatusOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyStatusOutput

func (ValidatingAdmissionPolicyStatusArgs) ToValidatingAdmissionPolicyStatusPtrOutput

func (i ValidatingAdmissionPolicyStatusArgs) ToValidatingAdmissionPolicyStatusPtrOutput() ValidatingAdmissionPolicyStatusPtrOutput

func (ValidatingAdmissionPolicyStatusArgs) ToValidatingAdmissionPolicyStatusPtrOutputWithContext

func (i ValidatingAdmissionPolicyStatusArgs) ToValidatingAdmissionPolicyStatusPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyStatusPtrOutput

type ValidatingAdmissionPolicyStatusInput

type ValidatingAdmissionPolicyStatusInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyStatusOutput() ValidatingAdmissionPolicyStatusOutput
	ToValidatingAdmissionPolicyStatusOutputWithContext(context.Context) ValidatingAdmissionPolicyStatusOutput
}

ValidatingAdmissionPolicyStatusInput is an input type that accepts ValidatingAdmissionPolicyStatusArgs and ValidatingAdmissionPolicyStatusOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyStatusInput` via:

ValidatingAdmissionPolicyStatusArgs{...}

type ValidatingAdmissionPolicyStatusOutput

type ValidatingAdmissionPolicyStatusOutput struct{ *pulumi.OutputState }

ValidatingAdmissionPolicyStatus represents the status of a ValidatingAdmissionPolicy.

func (ValidatingAdmissionPolicyStatusOutput) Conditions

The conditions represent the latest available observations of a policy's current state.

func (ValidatingAdmissionPolicyStatusOutput) ElementType

func (ValidatingAdmissionPolicyStatusOutput) ObservedGeneration

The generation observed by the controller.

func (ValidatingAdmissionPolicyStatusOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyStatusOutput) ToValidatingAdmissionPolicyStatusOutput

func (o ValidatingAdmissionPolicyStatusOutput) ToValidatingAdmissionPolicyStatusOutput() ValidatingAdmissionPolicyStatusOutput

func (ValidatingAdmissionPolicyStatusOutput) ToValidatingAdmissionPolicyStatusOutputWithContext

func (o ValidatingAdmissionPolicyStatusOutput) ToValidatingAdmissionPolicyStatusOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyStatusOutput

func (ValidatingAdmissionPolicyStatusOutput) ToValidatingAdmissionPolicyStatusPtrOutput

func (o ValidatingAdmissionPolicyStatusOutput) ToValidatingAdmissionPolicyStatusPtrOutput() ValidatingAdmissionPolicyStatusPtrOutput

func (ValidatingAdmissionPolicyStatusOutput) ToValidatingAdmissionPolicyStatusPtrOutputWithContext

func (o ValidatingAdmissionPolicyStatusOutput) ToValidatingAdmissionPolicyStatusPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyStatusPtrOutput

func (ValidatingAdmissionPolicyStatusOutput) TypeChecking

The results of type checking for each expression. Presence of this field indicates the completion of the type checking.

type ValidatingAdmissionPolicyStatusPatch

type ValidatingAdmissionPolicyStatusPatch struct {
	// The conditions represent the latest available observations of a policy's current state.
	Conditions []metav1.ConditionPatch `pulumi:"conditions"`
	// The generation observed by the controller.
	ObservedGeneration *int `pulumi:"observedGeneration"`
	// The results of type checking for each expression. Presence of this field indicates the completion of the type checking.
	TypeChecking *TypeCheckingPatch `pulumi:"typeChecking"`
}

ValidatingAdmissionPolicyStatus represents the status of a ValidatingAdmissionPolicy.

type ValidatingAdmissionPolicyStatusPatchArgs

type ValidatingAdmissionPolicyStatusPatchArgs struct {
	// The conditions represent the latest available observations of a policy's current state.
	Conditions metav1.ConditionPatchArrayInput `pulumi:"conditions"`
	// The generation observed by the controller.
	ObservedGeneration pulumi.IntPtrInput `pulumi:"observedGeneration"`
	// The results of type checking for each expression. Presence of this field indicates the completion of the type checking.
	TypeChecking TypeCheckingPatchPtrInput `pulumi:"typeChecking"`
}

ValidatingAdmissionPolicyStatus represents the status of a ValidatingAdmissionPolicy.

func (ValidatingAdmissionPolicyStatusPatchArgs) ElementType

func (ValidatingAdmissionPolicyStatusPatchArgs) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyStatusPatchArgs) ToValidatingAdmissionPolicyStatusPatchOutput

func (i ValidatingAdmissionPolicyStatusPatchArgs) ToValidatingAdmissionPolicyStatusPatchOutput() ValidatingAdmissionPolicyStatusPatchOutput

func (ValidatingAdmissionPolicyStatusPatchArgs) ToValidatingAdmissionPolicyStatusPatchOutputWithContext

func (i ValidatingAdmissionPolicyStatusPatchArgs) ToValidatingAdmissionPolicyStatusPatchOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyStatusPatchOutput

func (ValidatingAdmissionPolicyStatusPatchArgs) ToValidatingAdmissionPolicyStatusPatchPtrOutput

func (i ValidatingAdmissionPolicyStatusPatchArgs) ToValidatingAdmissionPolicyStatusPatchPtrOutput() ValidatingAdmissionPolicyStatusPatchPtrOutput

func (ValidatingAdmissionPolicyStatusPatchArgs) ToValidatingAdmissionPolicyStatusPatchPtrOutputWithContext

func (i ValidatingAdmissionPolicyStatusPatchArgs) ToValidatingAdmissionPolicyStatusPatchPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyStatusPatchPtrOutput

type ValidatingAdmissionPolicyStatusPatchInput

type ValidatingAdmissionPolicyStatusPatchInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyStatusPatchOutput() ValidatingAdmissionPolicyStatusPatchOutput
	ToValidatingAdmissionPolicyStatusPatchOutputWithContext(context.Context) ValidatingAdmissionPolicyStatusPatchOutput
}

ValidatingAdmissionPolicyStatusPatchInput is an input type that accepts ValidatingAdmissionPolicyStatusPatchArgs and ValidatingAdmissionPolicyStatusPatchOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyStatusPatchInput` via:

ValidatingAdmissionPolicyStatusPatchArgs{...}

type ValidatingAdmissionPolicyStatusPatchOutput

type ValidatingAdmissionPolicyStatusPatchOutput struct{ *pulumi.OutputState }

ValidatingAdmissionPolicyStatus represents the status of a ValidatingAdmissionPolicy.

func (ValidatingAdmissionPolicyStatusPatchOutput) Conditions

The conditions represent the latest available observations of a policy's current state.

func (ValidatingAdmissionPolicyStatusPatchOutput) ElementType

func (ValidatingAdmissionPolicyStatusPatchOutput) ObservedGeneration

The generation observed by the controller.

func (ValidatingAdmissionPolicyStatusPatchOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyStatusPatchOutput) ToValidatingAdmissionPolicyStatusPatchOutput

func (o ValidatingAdmissionPolicyStatusPatchOutput) ToValidatingAdmissionPolicyStatusPatchOutput() ValidatingAdmissionPolicyStatusPatchOutput

func (ValidatingAdmissionPolicyStatusPatchOutput) ToValidatingAdmissionPolicyStatusPatchOutputWithContext

func (o ValidatingAdmissionPolicyStatusPatchOutput) ToValidatingAdmissionPolicyStatusPatchOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyStatusPatchOutput

func (ValidatingAdmissionPolicyStatusPatchOutput) ToValidatingAdmissionPolicyStatusPatchPtrOutput

func (o ValidatingAdmissionPolicyStatusPatchOutput) ToValidatingAdmissionPolicyStatusPatchPtrOutput() ValidatingAdmissionPolicyStatusPatchPtrOutput

func (ValidatingAdmissionPolicyStatusPatchOutput) ToValidatingAdmissionPolicyStatusPatchPtrOutputWithContext

func (o ValidatingAdmissionPolicyStatusPatchOutput) ToValidatingAdmissionPolicyStatusPatchPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyStatusPatchPtrOutput

func (ValidatingAdmissionPolicyStatusPatchOutput) TypeChecking

The results of type checking for each expression. Presence of this field indicates the completion of the type checking.

type ValidatingAdmissionPolicyStatusPatchPtrInput

type ValidatingAdmissionPolicyStatusPatchPtrInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyStatusPatchPtrOutput() ValidatingAdmissionPolicyStatusPatchPtrOutput
	ToValidatingAdmissionPolicyStatusPatchPtrOutputWithContext(context.Context) ValidatingAdmissionPolicyStatusPatchPtrOutput
}

ValidatingAdmissionPolicyStatusPatchPtrInput is an input type that accepts ValidatingAdmissionPolicyStatusPatchArgs, ValidatingAdmissionPolicyStatusPatchPtr and ValidatingAdmissionPolicyStatusPatchPtrOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyStatusPatchPtrInput` via:

        ValidatingAdmissionPolicyStatusPatchArgs{...}

or:

        nil

type ValidatingAdmissionPolicyStatusPatchPtrOutput

type ValidatingAdmissionPolicyStatusPatchPtrOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyStatusPatchPtrOutput) Conditions

The conditions represent the latest available observations of a policy's current state.

func (ValidatingAdmissionPolicyStatusPatchPtrOutput) Elem

func (ValidatingAdmissionPolicyStatusPatchPtrOutput) ElementType

func (ValidatingAdmissionPolicyStatusPatchPtrOutput) ObservedGeneration

The generation observed by the controller.

func (ValidatingAdmissionPolicyStatusPatchPtrOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyStatusPatchPtrOutput) ToValidatingAdmissionPolicyStatusPatchPtrOutput

func (o ValidatingAdmissionPolicyStatusPatchPtrOutput) ToValidatingAdmissionPolicyStatusPatchPtrOutput() ValidatingAdmissionPolicyStatusPatchPtrOutput

func (ValidatingAdmissionPolicyStatusPatchPtrOutput) ToValidatingAdmissionPolicyStatusPatchPtrOutputWithContext

func (o ValidatingAdmissionPolicyStatusPatchPtrOutput) ToValidatingAdmissionPolicyStatusPatchPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyStatusPatchPtrOutput

func (ValidatingAdmissionPolicyStatusPatchPtrOutput) TypeChecking

The results of type checking for each expression. Presence of this field indicates the completion of the type checking.

type ValidatingAdmissionPolicyStatusPtrInput

type ValidatingAdmissionPolicyStatusPtrInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyStatusPtrOutput() ValidatingAdmissionPolicyStatusPtrOutput
	ToValidatingAdmissionPolicyStatusPtrOutputWithContext(context.Context) ValidatingAdmissionPolicyStatusPtrOutput
}

ValidatingAdmissionPolicyStatusPtrInput is an input type that accepts ValidatingAdmissionPolicyStatusArgs, ValidatingAdmissionPolicyStatusPtr and ValidatingAdmissionPolicyStatusPtrOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyStatusPtrInput` via:

        ValidatingAdmissionPolicyStatusArgs{...}

or:

        nil

type ValidatingAdmissionPolicyStatusPtrOutput

type ValidatingAdmissionPolicyStatusPtrOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyStatusPtrOutput) Conditions

The conditions represent the latest available observations of a policy's current state.

func (ValidatingAdmissionPolicyStatusPtrOutput) Elem

func (ValidatingAdmissionPolicyStatusPtrOutput) ElementType

func (ValidatingAdmissionPolicyStatusPtrOutput) ObservedGeneration

The generation observed by the controller.

func (ValidatingAdmissionPolicyStatusPtrOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyStatusPtrOutput) ToValidatingAdmissionPolicyStatusPtrOutput

func (o ValidatingAdmissionPolicyStatusPtrOutput) ToValidatingAdmissionPolicyStatusPtrOutput() ValidatingAdmissionPolicyStatusPtrOutput

func (ValidatingAdmissionPolicyStatusPtrOutput) ToValidatingAdmissionPolicyStatusPtrOutputWithContext

func (o ValidatingAdmissionPolicyStatusPtrOutput) ToValidatingAdmissionPolicyStatusPtrOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyStatusPtrOutput

func (ValidatingAdmissionPolicyStatusPtrOutput) TypeChecking

The results of type checking for each expression. Presence of this field indicates the completion of the type checking.

type ValidatingAdmissionPolicyType

type ValidatingAdmissionPolicyType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata *metav1.ObjectMeta `pulumi:"metadata"`
	// Specification of the desired behavior of the ValidatingAdmissionPolicy.
	Spec *ValidatingAdmissionPolicySpec `pulumi:"spec"`
	// The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.
	Status *ValidatingAdmissionPolicyStatus `pulumi:"status"`
}

ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.

type ValidatingAdmissionPolicyTypeArgs

type ValidatingAdmissionPolicyTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPtrInput `pulumi:"metadata"`
	// Specification of the desired behavior of the ValidatingAdmissionPolicy.
	Spec ValidatingAdmissionPolicySpecPtrInput `pulumi:"spec"`
	// The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.
	Status ValidatingAdmissionPolicyStatusPtrInput `pulumi:"status"`
}

ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.

func (ValidatingAdmissionPolicyTypeArgs) ElementType

func (ValidatingAdmissionPolicyTypeArgs) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyTypeArgs) ToValidatingAdmissionPolicyTypeOutput

func (i ValidatingAdmissionPolicyTypeArgs) ToValidatingAdmissionPolicyTypeOutput() ValidatingAdmissionPolicyTypeOutput

func (ValidatingAdmissionPolicyTypeArgs) ToValidatingAdmissionPolicyTypeOutputWithContext

func (i ValidatingAdmissionPolicyTypeArgs) ToValidatingAdmissionPolicyTypeOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyTypeOutput

type ValidatingAdmissionPolicyTypeArray

type ValidatingAdmissionPolicyTypeArray []ValidatingAdmissionPolicyTypeInput

func (ValidatingAdmissionPolicyTypeArray) ElementType

func (ValidatingAdmissionPolicyTypeArray) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyTypeArray) ToValidatingAdmissionPolicyTypeArrayOutput

func (i ValidatingAdmissionPolicyTypeArray) ToValidatingAdmissionPolicyTypeArrayOutput() ValidatingAdmissionPolicyTypeArrayOutput

func (ValidatingAdmissionPolicyTypeArray) ToValidatingAdmissionPolicyTypeArrayOutputWithContext

func (i ValidatingAdmissionPolicyTypeArray) ToValidatingAdmissionPolicyTypeArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyTypeArrayOutput

type ValidatingAdmissionPolicyTypeArrayInput

type ValidatingAdmissionPolicyTypeArrayInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyTypeArrayOutput() ValidatingAdmissionPolicyTypeArrayOutput
	ToValidatingAdmissionPolicyTypeArrayOutputWithContext(context.Context) ValidatingAdmissionPolicyTypeArrayOutput
}

ValidatingAdmissionPolicyTypeArrayInput is an input type that accepts ValidatingAdmissionPolicyTypeArray and ValidatingAdmissionPolicyTypeArrayOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyTypeArrayInput` via:

ValidatingAdmissionPolicyTypeArray{ ValidatingAdmissionPolicyTypeArgs{...} }

type ValidatingAdmissionPolicyTypeArrayOutput

type ValidatingAdmissionPolicyTypeArrayOutput struct{ *pulumi.OutputState }

func (ValidatingAdmissionPolicyTypeArrayOutput) ElementType

func (ValidatingAdmissionPolicyTypeArrayOutput) Index

func (ValidatingAdmissionPolicyTypeArrayOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyTypeArrayOutput) ToValidatingAdmissionPolicyTypeArrayOutput

func (o ValidatingAdmissionPolicyTypeArrayOutput) ToValidatingAdmissionPolicyTypeArrayOutput() ValidatingAdmissionPolicyTypeArrayOutput

func (ValidatingAdmissionPolicyTypeArrayOutput) ToValidatingAdmissionPolicyTypeArrayOutputWithContext

func (o ValidatingAdmissionPolicyTypeArrayOutput) ToValidatingAdmissionPolicyTypeArrayOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyTypeArrayOutput

type ValidatingAdmissionPolicyTypeInput

type ValidatingAdmissionPolicyTypeInput interface {
	pulumi.Input

	ToValidatingAdmissionPolicyTypeOutput() ValidatingAdmissionPolicyTypeOutput
	ToValidatingAdmissionPolicyTypeOutputWithContext(context.Context) ValidatingAdmissionPolicyTypeOutput
}

ValidatingAdmissionPolicyTypeInput is an input type that accepts ValidatingAdmissionPolicyTypeArgs and ValidatingAdmissionPolicyTypeOutput values. You can construct a concrete instance of `ValidatingAdmissionPolicyTypeInput` via:

ValidatingAdmissionPolicyTypeArgs{...}

type ValidatingAdmissionPolicyTypeOutput

type ValidatingAdmissionPolicyTypeOutput struct{ *pulumi.OutputState }

ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.

func (ValidatingAdmissionPolicyTypeOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingAdmissionPolicyTypeOutput) ElementType

func (ValidatingAdmissionPolicyTypeOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingAdmissionPolicyTypeOutput) Metadata

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (ValidatingAdmissionPolicyTypeOutput) Spec

Specification of the desired behavior of the ValidatingAdmissionPolicy.

func (ValidatingAdmissionPolicyTypeOutput) Status

The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.

func (ValidatingAdmissionPolicyTypeOutput) ToOutput added in v4.2.0

func (ValidatingAdmissionPolicyTypeOutput) ToValidatingAdmissionPolicyTypeOutput

func (o ValidatingAdmissionPolicyTypeOutput) ToValidatingAdmissionPolicyTypeOutput() ValidatingAdmissionPolicyTypeOutput

func (ValidatingAdmissionPolicyTypeOutput) ToValidatingAdmissionPolicyTypeOutputWithContext

func (o ValidatingAdmissionPolicyTypeOutput) ToValidatingAdmissionPolicyTypeOutputWithContext(ctx context.Context) ValidatingAdmissionPolicyTypeOutput

type Validation

type Validation struct {
	// Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:
	//
	// - 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. - 'variables' - Map of composited variables, from its name to its lazily evaluated value.
	//   For example, a variable named 'foo' can be accessed as 'variables.foo'.
	// - 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
	// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
	//   request resource.
	//
	// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object. No other metadata properties are accessible.
	//
	// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:
	// 	  "true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if",
	// 	  "import", "let", "loop", "package", "namespace", "return".
	// Examples:
	//   - Expression accessing a property named "namespace": {"Expression": "object.__namespace__ > 0"}
	//   - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"}
	//   - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"}
	//
	// Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:
	//   - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and
	//     non-intersecting elements in `Y` are appended, retaining their partial order.
	//   - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values
	//     are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with
	//     non-intersecting keys are appended, retaining their partial order.
	//     Required.
	Expression string `pulumi:"expression"`
	// Message represents the message displayed when validation fails. The message is required if the Expression contains line breaks. The message must not contain line breaks. If unset, the message is "failed rule: {Rule}". e.g. "must be a URL with the host matching spec.host" If the Expression contains line breaks. Message is required. The message must not contain line breaks. If unset, the message is "failed Expression: {Expression}".
	Message *string `pulumi:"message"`
	// messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'. Example: "object.x must be less than max ("+string(params.max)+")"
	MessageExpression *string `pulumi:"messageExpression"`
	// Reason represents a machine-readable description of why this validation failed. If this is the first validation in the list to fail, this reason, as well as the corresponding HTTP response code, are used in the HTTP response to the client. The currently supported reasons are: "Unauthorized", "Forbidden", "Invalid", "RequestEntityTooLarge". If not set, StatusReasonInvalid is used in the response to the client.
	Reason *string `pulumi:"reason"`
}

Validation specifies the CEL expression which is used to apply the validation.

type ValidationArgs

type ValidationArgs struct {
	// Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:
	//
	// - 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. - 'variables' - Map of composited variables, from its name to its lazily evaluated value.
	//   For example, a variable named 'foo' can be accessed as 'variables.foo'.
	// - 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
	// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
	//   request resource.
	//
	// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object. No other metadata properties are accessible.
	//
	// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:
	// 	  "true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if",
	// 	  "import", "let", "loop", "package", "namespace", "return".
	// Examples:
	//   - Expression accessing a property named "namespace": {"Expression": "object.__namespace__ > 0"}
	//   - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"}
	//   - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"}
	//
	// Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:
	//   - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and
	//     non-intersecting elements in `Y` are appended, retaining their partial order.
	//   - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values
	//     are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with
	//     non-intersecting keys are appended, retaining their partial order.
	//     Required.
	Expression pulumi.StringInput `pulumi:"expression"`
	// Message represents the message displayed when validation fails. The message is required if the Expression contains line breaks. The message must not contain line breaks. If unset, the message is "failed rule: {Rule}". e.g. "must be a URL with the host matching spec.host" If the Expression contains line breaks. Message is required. The message must not contain line breaks. If unset, the message is "failed Expression: {Expression}".
	Message pulumi.StringPtrInput `pulumi:"message"`
	// messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'. Example: "object.x must be less than max ("+string(params.max)+")"
	MessageExpression pulumi.StringPtrInput `pulumi:"messageExpression"`
	// Reason represents a machine-readable description of why this validation failed. If this is the first validation in the list to fail, this reason, as well as the corresponding HTTP response code, are used in the HTTP response to the client. The currently supported reasons are: "Unauthorized", "Forbidden", "Invalid", "RequestEntityTooLarge". If not set, StatusReasonInvalid is used in the response to the client.
	Reason pulumi.StringPtrInput `pulumi:"reason"`
}

Validation specifies the CEL expression which is used to apply the validation.

func (ValidationArgs) ElementType

func (ValidationArgs) ElementType() reflect.Type

func (ValidationArgs) ToOutput added in v4.2.0

func (ValidationArgs) ToValidationOutput

func (i ValidationArgs) ToValidationOutput() ValidationOutput

func (ValidationArgs) ToValidationOutputWithContext

func (i ValidationArgs) ToValidationOutputWithContext(ctx context.Context) ValidationOutput

type ValidationArray

type ValidationArray []ValidationInput

func (ValidationArray) ElementType

func (ValidationArray) ElementType() reflect.Type

func (ValidationArray) ToOutput added in v4.2.0

func (ValidationArray) ToValidationArrayOutput

func (i ValidationArray) ToValidationArrayOutput() ValidationArrayOutput

func (ValidationArray) ToValidationArrayOutputWithContext

func (i ValidationArray) ToValidationArrayOutputWithContext(ctx context.Context) ValidationArrayOutput

type ValidationArrayInput

type ValidationArrayInput interface {
	pulumi.Input

	ToValidationArrayOutput() ValidationArrayOutput
	ToValidationArrayOutputWithContext(context.Context) ValidationArrayOutput
}

ValidationArrayInput is an input type that accepts ValidationArray and ValidationArrayOutput values. You can construct a concrete instance of `ValidationArrayInput` via:

ValidationArray{ ValidationArgs{...} }

type ValidationArrayOutput

type ValidationArrayOutput struct{ *pulumi.OutputState }

func (ValidationArrayOutput) ElementType

func (ValidationArrayOutput) ElementType() reflect.Type

func (ValidationArrayOutput) Index

func (ValidationArrayOutput) ToOutput added in v4.2.0

func (ValidationArrayOutput) ToValidationArrayOutput

func (o ValidationArrayOutput) ToValidationArrayOutput() ValidationArrayOutput

func (ValidationArrayOutput) ToValidationArrayOutputWithContext

func (o ValidationArrayOutput) ToValidationArrayOutputWithContext(ctx context.Context) ValidationArrayOutput

type ValidationInput

type ValidationInput interface {
	pulumi.Input

	ToValidationOutput() ValidationOutput
	ToValidationOutputWithContext(context.Context) ValidationOutput
}

ValidationInput is an input type that accepts ValidationArgs and ValidationOutput values. You can construct a concrete instance of `ValidationInput` via:

ValidationArgs{...}

type ValidationOutput

type ValidationOutput struct{ *pulumi.OutputState }

Validation specifies the CEL expression which is used to apply the validation.

func (ValidationOutput) ElementType

func (ValidationOutput) ElementType() reflect.Type

func (ValidationOutput) Expression

func (o ValidationOutput) Expression() pulumi.StringOutput

Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:

  • 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. - 'variables' - Map of composited variables, from its name to its lazily evaluated value. For example, a variable named 'foo' can be accessed as 'variables.foo'.
  • 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request. See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
  • 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the request resource.

The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object. No other metadata properties are accessible.

Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:

"true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if",
"import", "let", "loop", "package", "namespace", "return".

Examples:

  • Expression accessing a property named "namespace": {"Expression": "object.__namespace__ > 0"}
  • Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"}
  • Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"}

Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:

  • 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and non-intersecting elements in `Y` are appended, retaining their partial order.
  • 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with non-intersecting keys are appended, retaining their partial order. Required.

func (ValidationOutput) Message

Message represents the message displayed when validation fails. The message is required if the Expression contains line breaks. The message must not contain line breaks. If unset, the message is "failed rule: {Rule}". e.g. "must be a URL with the host matching spec.host" If the Expression contains line breaks. Message is required. The message must not contain line breaks. If unset, the message is "failed Expression: {Expression}".

func (ValidationOutput) MessageExpression

func (o ValidationOutput) MessageExpression() pulumi.StringPtrOutput

messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'. Example: "object.x must be less than max ("+string(params.max)+")"

func (ValidationOutput) Reason

Reason represents a machine-readable description of why this validation failed. If this is the first validation in the list to fail, this reason, as well as the corresponding HTTP response code, are used in the HTTP response to the client. The currently supported reasons are: "Unauthorized", "Forbidden", "Invalid", "RequestEntityTooLarge". If not set, StatusReasonInvalid is used in the response to the client.

func (ValidationOutput) ToOutput added in v4.2.0

func (ValidationOutput) ToValidationOutput

func (o ValidationOutput) ToValidationOutput() ValidationOutput

func (ValidationOutput) ToValidationOutputWithContext

func (o ValidationOutput) ToValidationOutputWithContext(ctx context.Context) ValidationOutput

type ValidationPatch

type ValidationPatch struct {
	// Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:
	//
	// - 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. - 'variables' - Map of composited variables, from its name to its lazily evaluated value.
	//   For example, a variable named 'foo' can be accessed as 'variables.foo'.
	// - 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
	// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
	//   request resource.
	//
	// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object. No other metadata properties are accessible.
	//
	// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:
	// 	  "true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if",
	// 	  "import", "let", "loop", "package", "namespace", "return".
	// Examples:
	//   - Expression accessing a property named "namespace": {"Expression": "object.__namespace__ > 0"}
	//   - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"}
	//   - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"}
	//
	// Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:
	//   - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and
	//     non-intersecting elements in `Y` are appended, retaining their partial order.
	//   - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values
	//     are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with
	//     non-intersecting keys are appended, retaining their partial order.
	//     Required.
	Expression *string `pulumi:"expression"`
	// Message represents the message displayed when validation fails. The message is required if the Expression contains line breaks. The message must not contain line breaks. If unset, the message is "failed rule: {Rule}". e.g. "must be a URL with the host matching spec.host" If the Expression contains line breaks. Message is required. The message must not contain line breaks. If unset, the message is "failed Expression: {Expression}".
	Message *string `pulumi:"message"`
	// messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'. Example: "object.x must be less than max ("+string(params.max)+")"
	MessageExpression *string `pulumi:"messageExpression"`
	// Reason represents a machine-readable description of why this validation failed. If this is the first validation in the list to fail, this reason, as well as the corresponding HTTP response code, are used in the HTTP response to the client. The currently supported reasons are: "Unauthorized", "Forbidden", "Invalid", "RequestEntityTooLarge". If not set, StatusReasonInvalid is used in the response to the client.
	Reason *string `pulumi:"reason"`
}

Validation specifies the CEL expression which is used to apply the validation.

type ValidationPatchArgs

type ValidationPatchArgs struct {
	// Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:
	//
	// - 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. - 'variables' - Map of composited variables, from its name to its lazily evaluated value.
	//   For example, a variable named 'foo' can be accessed as 'variables.foo'.
	// - 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
	// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
	//   request resource.
	//
	// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object. No other metadata properties are accessible.
	//
	// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:
	// 	  "true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if",
	// 	  "import", "let", "loop", "package", "namespace", "return".
	// Examples:
	//   - Expression accessing a property named "namespace": {"Expression": "object.__namespace__ > 0"}
	//   - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"}
	//   - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"}
	//
	// Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:
	//   - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and
	//     non-intersecting elements in `Y` are appended, retaining their partial order.
	//   - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values
	//     are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with
	//     non-intersecting keys are appended, retaining their partial order.
	//     Required.
	Expression pulumi.StringPtrInput `pulumi:"expression"`
	// Message represents the message displayed when validation fails. The message is required if the Expression contains line breaks. The message must not contain line breaks. If unset, the message is "failed rule: {Rule}". e.g. "must be a URL with the host matching spec.host" If the Expression contains line breaks. Message is required. The message must not contain line breaks. If unset, the message is "failed Expression: {Expression}".
	Message pulumi.StringPtrInput `pulumi:"message"`
	// messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'. Example: "object.x must be less than max ("+string(params.max)+")"
	MessageExpression pulumi.StringPtrInput `pulumi:"messageExpression"`
	// Reason represents a machine-readable description of why this validation failed. If this is the first validation in the list to fail, this reason, as well as the corresponding HTTP response code, are used in the HTTP response to the client. The currently supported reasons are: "Unauthorized", "Forbidden", "Invalid", "RequestEntityTooLarge". If not set, StatusReasonInvalid is used in the response to the client.
	Reason pulumi.StringPtrInput `pulumi:"reason"`
}

Validation specifies the CEL expression which is used to apply the validation.

func (ValidationPatchArgs) ElementType

func (ValidationPatchArgs) ElementType() reflect.Type

func (ValidationPatchArgs) ToOutput added in v4.2.0

func (ValidationPatchArgs) ToValidationPatchOutput

func (i ValidationPatchArgs) ToValidationPatchOutput() ValidationPatchOutput

func (ValidationPatchArgs) ToValidationPatchOutputWithContext

func (i ValidationPatchArgs) ToValidationPatchOutputWithContext(ctx context.Context) ValidationPatchOutput

type ValidationPatchArray

type ValidationPatchArray []ValidationPatchInput

func (ValidationPatchArray) ElementType

func (ValidationPatchArray) ElementType() reflect.Type

func (ValidationPatchArray) ToOutput added in v4.2.0

func (ValidationPatchArray) ToValidationPatchArrayOutput

func (i ValidationPatchArray) ToValidationPatchArrayOutput() ValidationPatchArrayOutput

func (ValidationPatchArray) ToValidationPatchArrayOutputWithContext

func (i ValidationPatchArray) ToValidationPatchArrayOutputWithContext(ctx context.Context) ValidationPatchArrayOutput

type ValidationPatchArrayInput

type ValidationPatchArrayInput interface {
	pulumi.Input

	ToValidationPatchArrayOutput() ValidationPatchArrayOutput
	ToValidationPatchArrayOutputWithContext(context.Context) ValidationPatchArrayOutput
}

ValidationPatchArrayInput is an input type that accepts ValidationPatchArray and ValidationPatchArrayOutput values. You can construct a concrete instance of `ValidationPatchArrayInput` via:

ValidationPatchArray{ ValidationPatchArgs{...} }

type ValidationPatchArrayOutput

type ValidationPatchArrayOutput struct{ *pulumi.OutputState }

func (ValidationPatchArrayOutput) ElementType

func (ValidationPatchArrayOutput) ElementType() reflect.Type

func (ValidationPatchArrayOutput) Index

func (ValidationPatchArrayOutput) ToOutput added in v4.2.0

func (ValidationPatchArrayOutput) ToValidationPatchArrayOutput

func (o ValidationPatchArrayOutput) ToValidationPatchArrayOutput() ValidationPatchArrayOutput

func (ValidationPatchArrayOutput) ToValidationPatchArrayOutputWithContext

func (o ValidationPatchArrayOutput) ToValidationPatchArrayOutputWithContext(ctx context.Context) ValidationPatchArrayOutput

type ValidationPatchInput

type ValidationPatchInput interface {
	pulumi.Input

	ToValidationPatchOutput() ValidationPatchOutput
	ToValidationPatchOutputWithContext(context.Context) ValidationPatchOutput
}

ValidationPatchInput is an input type that accepts ValidationPatchArgs and ValidationPatchOutput values. You can construct a concrete instance of `ValidationPatchInput` via:

ValidationPatchArgs{...}

type ValidationPatchOutput

type ValidationPatchOutput struct{ *pulumi.OutputState }

Validation specifies the CEL expression which is used to apply the validation.

func (ValidationPatchOutput) ElementType

func (ValidationPatchOutput) ElementType() reflect.Type

func (ValidationPatchOutput) Expression

Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:

  • 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. - 'variables' - Map of composited variables, from its name to its lazily evaluated value. For example, a variable named 'foo' can be accessed as 'variables.foo'.
  • 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request. See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
  • 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the request resource.

The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object. No other metadata properties are accessible.

Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:

"true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if",
"import", "let", "loop", "package", "namespace", "return".

Examples:

  • Expression accessing a property named "namespace": {"Expression": "object.__namespace__ > 0"}
  • Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"}
  • Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"}

Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:

  • 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and non-intersecting elements in `Y` are appended, retaining their partial order.
  • 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with non-intersecting keys are appended, retaining their partial order. Required.

func (ValidationPatchOutput) Message

Message represents the message displayed when validation fails. The message is required if the Expression contains line breaks. The message must not contain line breaks. If unset, the message is "failed rule: {Rule}". e.g. "must be a URL with the host matching spec.host" If the Expression contains line breaks. Message is required. The message must not contain line breaks. If unset, the message is "failed Expression: {Expression}".

func (ValidationPatchOutput) MessageExpression

func (o ValidationPatchOutput) MessageExpression() pulumi.StringPtrOutput

messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'. Example: "object.x must be less than max ("+string(params.max)+")"

func (ValidationPatchOutput) Reason

Reason represents a machine-readable description of why this validation failed. If this is the first validation in the list to fail, this reason, as well as the corresponding HTTP response code, are used in the HTTP response to the client. The currently supported reasons are: "Unauthorized", "Forbidden", "Invalid", "RequestEntityTooLarge". If not set, StatusReasonInvalid is used in the response to the client.

func (ValidationPatchOutput) ToOutput added in v4.2.0

func (ValidationPatchOutput) ToValidationPatchOutput

func (o ValidationPatchOutput) ToValidationPatchOutput() ValidationPatchOutput

func (ValidationPatchOutput) ToValidationPatchOutputWithContext

func (o ValidationPatchOutput) ToValidationPatchOutputWithContext(ctx context.Context) ValidationPatchOutput

type Variable added in v4.1.0

type Variable struct {
	// Expression is the expression that will be evaluated as the value of the variable. The CEL expression has access to the same identifiers as the CEL expressions in Validation.
	Expression string `pulumi:"expression"`
	// Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables. The variable can be accessed in other expressions through `variables` For example, if name is "foo", the variable will be available as `variables.foo`
	Name string `pulumi:"name"`
}

Variable is the definition of a variable that is used for composition.

type VariableArgs added in v4.1.0

type VariableArgs struct {
	// Expression is the expression that will be evaluated as the value of the variable. The CEL expression has access to the same identifiers as the CEL expressions in Validation.
	Expression pulumi.StringInput `pulumi:"expression"`
	// Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables. The variable can be accessed in other expressions through `variables` For example, if name is "foo", the variable will be available as `variables.foo`
	Name pulumi.StringInput `pulumi:"name"`
}

Variable is the definition of a variable that is used for composition.

func (VariableArgs) ElementType added in v4.1.0

func (VariableArgs) ElementType() reflect.Type

func (VariableArgs) ToOutput added in v4.2.0

func (VariableArgs) ToVariableOutput added in v4.1.0

func (i VariableArgs) ToVariableOutput() VariableOutput

func (VariableArgs) ToVariableOutputWithContext added in v4.1.0

func (i VariableArgs) ToVariableOutputWithContext(ctx context.Context) VariableOutput

type VariableArray added in v4.1.0

type VariableArray []VariableInput

func (VariableArray) ElementType added in v4.1.0

func (VariableArray) ElementType() reflect.Type

func (VariableArray) ToOutput added in v4.2.0

func (i VariableArray) ToOutput(ctx context.Context) pulumix.Output[[]Variable]

func (VariableArray) ToVariableArrayOutput added in v4.1.0

func (i VariableArray) ToVariableArrayOutput() VariableArrayOutput

func (VariableArray) ToVariableArrayOutputWithContext added in v4.1.0

func (i VariableArray) ToVariableArrayOutputWithContext(ctx context.Context) VariableArrayOutput

type VariableArrayInput added in v4.1.0

type VariableArrayInput interface {
	pulumi.Input

	ToVariableArrayOutput() VariableArrayOutput
	ToVariableArrayOutputWithContext(context.Context) VariableArrayOutput
}

VariableArrayInput is an input type that accepts VariableArray and VariableArrayOutput values. You can construct a concrete instance of `VariableArrayInput` via:

VariableArray{ VariableArgs{...} }

type VariableArrayOutput added in v4.1.0

type VariableArrayOutput struct{ *pulumi.OutputState }

func (VariableArrayOutput) ElementType added in v4.1.0

func (VariableArrayOutput) ElementType() reflect.Type

func (VariableArrayOutput) Index added in v4.1.0

func (VariableArrayOutput) ToOutput added in v4.2.0

func (VariableArrayOutput) ToVariableArrayOutput added in v4.1.0

func (o VariableArrayOutput) ToVariableArrayOutput() VariableArrayOutput

func (VariableArrayOutput) ToVariableArrayOutputWithContext added in v4.1.0

func (o VariableArrayOutput) ToVariableArrayOutputWithContext(ctx context.Context) VariableArrayOutput

type VariableInput added in v4.1.0

type VariableInput interface {
	pulumi.Input

	ToVariableOutput() VariableOutput
	ToVariableOutputWithContext(context.Context) VariableOutput
}

VariableInput is an input type that accepts VariableArgs and VariableOutput values. You can construct a concrete instance of `VariableInput` via:

VariableArgs{...}

type VariableOutput added in v4.1.0

type VariableOutput struct{ *pulumi.OutputState }

Variable is the definition of a variable that is used for composition.

func (VariableOutput) ElementType added in v4.1.0

func (VariableOutput) ElementType() reflect.Type

func (VariableOutput) Expression added in v4.1.0

func (o VariableOutput) Expression() pulumi.StringOutput

Expression is the expression that will be evaluated as the value of the variable. The CEL expression has access to the same identifiers as the CEL expressions in Validation.

func (VariableOutput) Name added in v4.1.0

Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables. The variable can be accessed in other expressions through `variables` For example, if name is "foo", the variable will be available as `variables.foo`

func (VariableOutput) ToOutput added in v4.2.0

func (VariableOutput) ToVariableOutput added in v4.1.0

func (o VariableOutput) ToVariableOutput() VariableOutput

func (VariableOutput) ToVariableOutputWithContext added in v4.1.0

func (o VariableOutput) ToVariableOutputWithContext(ctx context.Context) VariableOutput

type VariablePatch added in v4.1.0

type VariablePatch struct {
	// Expression is the expression that will be evaluated as the value of the variable. The CEL expression has access to the same identifiers as the CEL expressions in Validation.
	Expression *string `pulumi:"expression"`
	// Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables. The variable can be accessed in other expressions through `variables` For example, if name is "foo", the variable will be available as `variables.foo`
	Name *string `pulumi:"name"`
}

Variable is the definition of a variable that is used for composition.

type VariablePatchArgs added in v4.1.0

type VariablePatchArgs struct {
	// Expression is the expression that will be evaluated as the value of the variable. The CEL expression has access to the same identifiers as the CEL expressions in Validation.
	Expression pulumi.StringPtrInput `pulumi:"expression"`
	// Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables. The variable can be accessed in other expressions through `variables` For example, if name is "foo", the variable will be available as `variables.foo`
	Name pulumi.StringPtrInput `pulumi:"name"`
}

Variable is the definition of a variable that is used for composition.

func (VariablePatchArgs) ElementType added in v4.1.0

func (VariablePatchArgs) ElementType() reflect.Type

func (VariablePatchArgs) ToOutput added in v4.2.0

func (VariablePatchArgs) ToVariablePatchOutput added in v4.1.0

func (i VariablePatchArgs) ToVariablePatchOutput() VariablePatchOutput

func (VariablePatchArgs) ToVariablePatchOutputWithContext added in v4.1.0

func (i VariablePatchArgs) ToVariablePatchOutputWithContext(ctx context.Context) VariablePatchOutput

type VariablePatchArray added in v4.1.0

type VariablePatchArray []VariablePatchInput

func (VariablePatchArray) ElementType added in v4.1.0

func (VariablePatchArray) ElementType() reflect.Type

func (VariablePatchArray) ToOutput added in v4.2.0

func (VariablePatchArray) ToVariablePatchArrayOutput added in v4.1.0

func (i VariablePatchArray) ToVariablePatchArrayOutput() VariablePatchArrayOutput

func (VariablePatchArray) ToVariablePatchArrayOutputWithContext added in v4.1.0

func (i VariablePatchArray) ToVariablePatchArrayOutputWithContext(ctx context.Context) VariablePatchArrayOutput

type VariablePatchArrayInput added in v4.1.0

type VariablePatchArrayInput interface {
	pulumi.Input

	ToVariablePatchArrayOutput() VariablePatchArrayOutput
	ToVariablePatchArrayOutputWithContext(context.Context) VariablePatchArrayOutput
}

VariablePatchArrayInput is an input type that accepts VariablePatchArray and VariablePatchArrayOutput values. You can construct a concrete instance of `VariablePatchArrayInput` via:

VariablePatchArray{ VariablePatchArgs{...} }

type VariablePatchArrayOutput added in v4.1.0

type VariablePatchArrayOutput struct{ *pulumi.OutputState }

func (VariablePatchArrayOutput) ElementType added in v4.1.0

func (VariablePatchArrayOutput) ElementType() reflect.Type

func (VariablePatchArrayOutput) Index added in v4.1.0

func (VariablePatchArrayOutput) ToOutput added in v4.2.0

func (VariablePatchArrayOutput) ToVariablePatchArrayOutput added in v4.1.0

func (o VariablePatchArrayOutput) ToVariablePatchArrayOutput() VariablePatchArrayOutput

func (VariablePatchArrayOutput) ToVariablePatchArrayOutputWithContext added in v4.1.0

func (o VariablePatchArrayOutput) ToVariablePatchArrayOutputWithContext(ctx context.Context) VariablePatchArrayOutput

type VariablePatchInput added in v4.1.0

type VariablePatchInput interface {
	pulumi.Input

	ToVariablePatchOutput() VariablePatchOutput
	ToVariablePatchOutputWithContext(context.Context) VariablePatchOutput
}

VariablePatchInput is an input type that accepts VariablePatchArgs and VariablePatchOutput values. You can construct a concrete instance of `VariablePatchInput` via:

VariablePatchArgs{...}

type VariablePatchOutput added in v4.1.0

type VariablePatchOutput struct{ *pulumi.OutputState }

Variable is the definition of a variable that is used for composition.

func (VariablePatchOutput) ElementType added in v4.1.0

func (VariablePatchOutput) ElementType() reflect.Type

func (VariablePatchOutput) Expression added in v4.1.0

Expression is the expression that will be evaluated as the value of the variable. The CEL expression has access to the same identifiers as the CEL expressions in Validation.

func (VariablePatchOutput) Name added in v4.1.0

Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables. The variable can be accessed in other expressions through `variables` For example, if name is "foo", the variable will be available as `variables.foo`

func (VariablePatchOutput) ToOutput added in v4.2.0

func (VariablePatchOutput) ToVariablePatchOutput added in v4.1.0

func (o VariablePatchOutput) ToVariablePatchOutput() VariablePatchOutput

func (VariablePatchOutput) ToVariablePatchOutputWithContext added in v4.1.0

func (o VariablePatchOutput) ToVariablePatchOutputWithContext(ctx context.Context) VariablePatchOutput

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL