v1alpha1

package
v0.15.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 13, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ApplyConfigurationBlank = (&ApplyConfigurationDie{}).DieFeed(admissionregistrationv1alpha1.ApplyConfiguration{})
View Source 
var JSONPatchBlank = (&JSONPatchDie{}).DieFeed(admissionregistrationv1alpha1.JSONPatch{})
View Source 
var MatchConditionBlank = (&MatchConditionDie{}).DieFeed(admissionregistrationv1alpha1.MatchCondition{})
View Source 
var MatchResourcesBlank = (&MatchResourcesDie{}).DieFeed(admissionregistrationv1alpha1.MatchResources{})
View Source 
var MutatingAdmissionPolicyBlank = (&MutatingAdmissionPolicyDie{}).DieFeed(admissionregistrationv1alpha1.MutatingAdmissionPolicy{})
View Source 
var MutatingAdmissionPolicySpecBlank = (&MutatingAdmissionPolicySpecDie{}).DieFeed(admissionregistrationv1alpha1.MutatingAdmissionPolicySpec{})
View Source 
var MutationBlank = (&MutationDie{}).DieFeed(admissionregistrationv1alpha1.Mutation{})
View Source 
var NamedRuleWithOperationsBlank = (&NamedRuleWithOperationsDie{}).DieFeed(admissionregistrationv1alpha1.NamedRuleWithOperations{})
View Source 
var ParamKindBlank = (&ParamKindDie{}).DieFeed(admissionregistrationv1alpha1.ParamKind{})
View Source 
var VariableBlank = (&VariableDie{}).DieFeed(admissionregistrationv1alpha1.Variable{})

Functions

This section is empty.

Types

type ApplyConfigurationDie 

type ApplyConfigurationDie struct {
	// contains filtered or unexported fields
}

func (*ApplyConfigurationDie) DeepCopy 

func (d *ApplyConfigurationDie) DeepCopy() *ApplyConfigurationDie

DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die.

func (*ApplyConfigurationDie) DieDiff 

func (d *ApplyConfigurationDie) DieDiff(opts ...cmp.Option) string

DieDiff uses cmp.Diff to compare the current value of the die with the sealed value.

func (*ApplyConfigurationDie) DieFeed 

func (d *ApplyConfigurationDie) DieFeed(r admissionregistrationv1alpha1.ApplyConfiguration) *ApplyConfigurationDie

DieFeed returns a new die with the provided resource.

func (*ApplyConfigurationDie) DieFeedJSON 

func (d *ApplyConfigurationDie) DieFeedJSON(j []byte) *ApplyConfigurationDie

DieFeedJSON returns a new die with the provided JSON. Panics on error.

func (*ApplyConfigurationDie) DieFeedPtr 

func (d *ApplyConfigurationDie) DieFeedPtr(r *admissionregistrationv1alpha1.ApplyConfiguration) *ApplyConfigurationDie

DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead.

func (*ApplyConfigurationDie) DieFeedRawExtension 

func (d *ApplyConfigurationDie) DieFeedRawExtension(raw runtime.RawExtension) *ApplyConfigurationDie

DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*ApplyConfigurationDie) DieFeedYAML 

func (d *ApplyConfigurationDie) DieFeedYAML(y []byte) *ApplyConfigurationDie

DieFeedYAML returns a new die with the provided YAML. Panics on error.

func (*ApplyConfigurationDie) DieFeedYAMLFile 

func (d *ApplyConfigurationDie) DieFeedYAMLFile(name string) *ApplyConfigurationDie

DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error.

func (*ApplyConfigurationDie) DieImmutable 

func (d *ApplyConfigurationDie) DieImmutable(immutable bool) *ApplyConfigurationDie

DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`).

func (*ApplyConfigurationDie) DiePatch 

func (d *ApplyConfigurationDie) DiePatch(patchType types.PatchType) ([]byte, error)

DiePatch generates a patch between the current value of the die and the sealed value.

func (*ApplyConfigurationDie) DieRelease 

func (d *ApplyConfigurationDie) DieRelease() admissionregistrationv1alpha1.ApplyConfiguration

DieRelease returns the resource managed by the die.

func (*ApplyConfigurationDie) DieReleaseJSON 

func (d *ApplyConfigurationDie) DieReleaseJSON() []byte

DieReleaseJSON returns the resource managed by the die as JSON. Panics on error.

func (*ApplyConfigurationDie) DieReleasePtr 

func (d *ApplyConfigurationDie) DieReleasePtr() *admissionregistrationv1alpha1.ApplyConfiguration

DieReleasePtr returns a pointer to the resource managed by the die.

func (*ApplyConfigurationDie) DieReleaseRawExtension 

func (d *ApplyConfigurationDie) DieReleaseRawExtension() runtime.RawExtension

DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*ApplyConfigurationDie) DieReleaseYAML 

func (d *ApplyConfigurationDie) DieReleaseYAML() []byte

DieReleaseYAML returns the resource managed by the die as YAML. Panics on error.

func (*ApplyConfigurationDie) DieSeal 

func (d *ApplyConfigurationDie) DieSeal() *ApplyConfigurationDie

DieSeal returns a new die for the current die's state that is sealed for comparison in future diff and patch operations.

func (*ApplyConfigurationDie) DieSealFeed 

func (d *ApplyConfigurationDie) DieSealFeed(r admissionregistrationv1alpha1.ApplyConfiguration) *ApplyConfigurationDie

DieSealFeed returns a new die for the current die's state that uses a specific resource for comparison in future diff and patch operations.

func (*ApplyConfigurationDie) DieSealFeedPtr 

func (d *ApplyConfigurationDie) DieSealFeedPtr(r *admissionregistrationv1alpha1.ApplyConfiguration) *ApplyConfigurationDie

DieSealFeedPtr returns a new die for the current die's state that uses a specific resource pointer for comparison in future diff and patch operations. If the resource is nil, the empty value is used instead.

func (*ApplyConfigurationDie) DieSealRelease 

func (d *ApplyConfigurationDie) DieSealRelease() admissionregistrationv1alpha1.ApplyConfiguration

DieSealRelease returns the sealed resource managed by the die.

func (*ApplyConfigurationDie) DieSealReleasePtr 

func (d *ApplyConfigurationDie) DieSealReleasePtr() *admissionregistrationv1alpha1.ApplyConfiguration

DieSealReleasePtr returns the sealed resource pointer managed by the die.

func (*ApplyConfigurationDie) DieStamp 

func (d *ApplyConfigurationDie) DieStamp(fn func(r *admissionregistrationv1alpha1.ApplyConfiguration)) *ApplyConfigurationDie

DieStamp returns a new die with the resource passed to the callback function. The resource is mutable.

func (*ApplyConfigurationDie) DieStampAt 

func (d *ApplyConfigurationDie) DieStampAt(jp string, fn interface{}) *ApplyConfigurationDie

Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location.

Future iterations will improve type coercion from the resource to the callback argument.

func (*ApplyConfigurationDie) DieWith 

func (d *ApplyConfigurationDie) DieWith(fns ...func(d *ApplyConfigurationDie)) *ApplyConfigurationDie

DieWith returns a new die after passing the current die to the callback function. The passed die is mutable.

func (*ApplyConfigurationDie) Expression 

func (d *ApplyConfigurationDie) Expression(v string) *ApplyConfigurationDie

expression will be evaluated by CEL to create an apply configuration.

ref: https://github.com/google/cel-spec

Apply configurations are declared in CEL using object initialization. For example, this CEL expression

returns an apply configuration to set a single field:

Object{

spec: Object.spec{

serviceAccountName: "example"

}

}

Apply configurations may not modify atomic structs, maps or arrays due to the risk of accidental deletion of

values not included in the apply configuration.

CEL expressions have access to the object types needed to create apply configurations:

- 'Object' - CEL type of the resource object.

- 'Object.<fieldName>' - CEL type of object field (such as 'Object.spec')

- 'Object.<fieldName1>.<fieldName2>...<fieldNameN>` - CEL type of nested field (such as 'Object.spec.containers')

CEL expressions have access to the contents of the API request, organized into CEL variables as well as some other useful variables:

- 'object' - The object from the incoming request. The value is null for DELETE requests.

- 'oldObject' - The existing object. The value is null for CREATE requests.

- 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).

- 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.

- 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.

- 'variables' - Map of composited variables, from its name to its lazily evaluated value.

For example, a variable named 'foo' can be accessed as 'variables.foo'.

- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.

See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz

- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the

request resource.

The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the

object. No other metadata properties are accessible.

Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.

Required.

type JSONPatchDie 

type JSONPatchDie struct {
	// contains filtered or unexported fields
}

func (*JSONPatchDie) DeepCopy 

func (d *JSONPatchDie) DeepCopy() *JSONPatchDie

DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die.

func (*JSONPatchDie) DieDiff 

func (d *JSONPatchDie) DieDiff(opts ...cmp.Option) string

DieDiff uses cmp.Diff to compare the current value of the die with the sealed value.

func (*JSONPatchDie) DieFeed 

func (d *JSONPatchDie) DieFeed(r admissionregistrationv1alpha1.JSONPatch) *JSONPatchDie

DieFeed returns a new die with the provided resource.

func (*JSONPatchDie) DieFeedJSON 

func (d *JSONPatchDie) DieFeedJSON(j []byte) *JSONPatchDie

DieFeedJSON returns a new die with the provided JSON. Panics on error.

func (*JSONPatchDie) DieFeedPtr 

func (d *JSONPatchDie) DieFeedPtr(r *admissionregistrationv1alpha1.JSONPatch) *JSONPatchDie

DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead.

func (*JSONPatchDie) DieFeedRawExtension 

func (d *JSONPatchDie) DieFeedRawExtension(raw runtime.RawExtension) *JSONPatchDie

DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*JSONPatchDie) DieFeedYAML 

func (d *JSONPatchDie) DieFeedYAML(y []byte) *JSONPatchDie

DieFeedYAML returns a new die with the provided YAML. Panics on error.

func (*JSONPatchDie) DieFeedYAMLFile 

func (d *JSONPatchDie) DieFeedYAMLFile(name string) *JSONPatchDie

DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error.

func (*JSONPatchDie) DieImmutable 

func (d *JSONPatchDie) DieImmutable(immutable bool) *JSONPatchDie

DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`).

func (*JSONPatchDie) DiePatch 

func (d *JSONPatchDie) DiePatch(patchType types.PatchType) ([]byte, error)

DiePatch generates a patch between the current value of the die and the sealed value.

func (*JSONPatchDie) DieRelease 

func (d *JSONPatchDie) DieRelease() admissionregistrationv1alpha1.JSONPatch

DieRelease returns the resource managed by the die.

func (*JSONPatchDie) DieReleaseJSON 

func (d *JSONPatchDie) DieReleaseJSON() []byte

DieReleaseJSON returns the resource managed by the die as JSON. Panics on error.

func (*JSONPatchDie) DieReleasePtr 

func (d *JSONPatchDie) DieReleasePtr() *admissionregistrationv1alpha1.JSONPatch

DieReleasePtr returns a pointer to the resource managed by the die.

func (*JSONPatchDie) DieReleaseRawExtension 

func (d *JSONPatchDie) DieReleaseRawExtension() runtime.RawExtension

DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*JSONPatchDie) DieReleaseYAML 

func (d *JSONPatchDie) DieReleaseYAML() []byte

DieReleaseYAML returns the resource managed by the die as YAML. Panics on error.

func (*JSONPatchDie) DieSeal 

func (d *JSONPatchDie) DieSeal() *JSONPatchDie

DieSeal returns a new die for the current die's state that is sealed for comparison in future diff and patch operations.

func (*JSONPatchDie) DieSealFeed 

func (d *JSONPatchDie) DieSealFeed(r admissionregistrationv1alpha1.JSONPatch) *JSONPatchDie

DieSealFeed returns a new die for the current die's state that uses a specific resource for comparison in future diff and patch operations.

func (*JSONPatchDie) DieSealFeedPtr 

func (d *JSONPatchDie) DieSealFeedPtr(r *admissionregistrationv1alpha1.JSONPatch) *JSONPatchDie

DieSealFeedPtr returns a new die for the current die's state that uses a specific resource pointer for comparison in future diff and patch operations. If the resource is nil, the empty value is used instead.

func (*JSONPatchDie) DieSealRelease 

func (d *JSONPatchDie) DieSealRelease() admissionregistrationv1alpha1.JSONPatch

DieSealRelease returns the sealed resource managed by the die.

func (*JSONPatchDie) DieSealReleasePtr 

func (d *JSONPatchDie) DieSealReleasePtr() *admissionregistrationv1alpha1.JSONPatch

DieSealReleasePtr returns the sealed resource pointer managed by the die.

func (*JSONPatchDie) DieStamp 

func (d *JSONPatchDie) DieStamp(fn func(r *admissionregistrationv1alpha1.JSONPatch)) *JSONPatchDie

DieStamp returns a new die with the resource passed to the callback function. The resource is mutable.

func (*JSONPatchDie) DieStampAt 

func (d *JSONPatchDie) DieStampAt(jp string, fn interface{}) *JSONPatchDie

Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location.

Future iterations will improve type coercion from the resource to the callback argument.

func (*JSONPatchDie) DieWith 

func (d *JSONPatchDie) DieWith(fns ...func(d *JSONPatchDie)) *JSONPatchDie

DieWith returns a new die after passing the current die to the callback function. The passed die is mutable.

func (*JSONPatchDie) Expression 

func (d *JSONPatchDie) Expression(v string) *JSONPatchDie

expression will be evaluated by CEL to create a [JSON patch](https://jsonpatch.com/).

ref: https://github.com/google/cel-spec

expression must return an array of JSONPatch values.

For example, this CEL expression returns a JSON patch to conditionally modify a value:

[

JSONPatch{op: "test", path: "/spec/example", value: "Red"},

JSONPatch{op: "replace", path: "/spec/example", value: "Green"}

]

To define an object for the patch value, use Object types. For example:

[

JSONPatch{

op: "add",

path: "/spec/selector",

value: Object.spec.selector{matchLabels: {"environment": "test"}}

}

]

To use strings containing '/' and '~' as JSONPatch path keys, use "jsonpatch.escapeKey". For example:

[

JSONPatch{

op: "add",

path: "/metadata/labels/" + jsonpatch.escapeKey("example.com/environment"),

value: "test"

},

]

CEL expressions have access to the types needed to create JSON patches and objects:

- 'JSONPatch' - CEL type of JSON Patch operations. JSONPatch has the fields 'op', 'from', 'path' and 'value'.

See [JSON patch](https://jsonpatch.com/) for more details. The 'value' field may be set to any of: string,

integer, array, map or object. If set, the 'path' and 'from' fields must be set to a

[JSON pointer](https://datatracker.ietf.org/doc/html/rfc6901/) string, where the 'jsonpatch.escapeKey()' CEL

function may be used to escape path keys containing '/' and '~'.

- 'Object' - CEL type of the resource object.

- 'Object.<fieldName>' - CEL type of object field (such as 'Object.spec')

- 'Object.<fieldName1>.<fieldName2>...<fieldNameN>` - CEL type of nested field (such as 'Object.spec.containers')

CEL expressions have access to the contents of the API request, organized into CEL variables as well as some other useful variables:

- 'object' - The object from the incoming request. The value is null for DELETE requests.

- 'oldObject' - The existing object. The value is null for CREATE requests.

- 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).

- 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.

- 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.

- 'variables' - Map of composited variables, from its name to its lazily evaluated value.

For example, a variable named 'foo' can be accessed as 'variables.foo'.

- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.

See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz

- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the

request resource.

CEL expressions have access to [Kubernetes CEL function libraries](https://kubernetes.io/docs/reference/using-api/cel/#cel-options-language-features-and-libraries)

as well as:

- 'jsonpatch.escapeKey' - Performs JSONPatch key escaping. '~' and '/' are escaped as '~0' and `~1' respectively).

Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.

Required.

type MatchConditionDie 

type MatchConditionDie struct {
	// contains filtered or unexported fields
}

func (*MatchConditionDie) DeepCopy 

func (d *MatchConditionDie) DeepCopy() *MatchConditionDie

DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die.

func (*MatchConditionDie) DieDiff 

func (d *MatchConditionDie) DieDiff(opts ...cmp.Option) string

DieDiff uses cmp.Diff to compare the current value of the die with the sealed value.

func (*MatchConditionDie) DieFeed 

func (d *MatchConditionDie) DieFeed(r admissionregistrationv1alpha1.MatchCondition) *MatchConditionDie

DieFeed returns a new die with the provided resource.

func (*MatchConditionDie) DieFeedJSON 

func (d *MatchConditionDie) DieFeedJSON(j []byte) *MatchConditionDie

DieFeedJSON returns a new die with the provided JSON. Panics on error.

func (*MatchConditionDie) DieFeedPtr 

func (d *MatchConditionDie) DieFeedPtr(r *admissionregistrationv1alpha1.MatchCondition) *MatchConditionDie

DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead.

func (*MatchConditionDie) DieFeedRawExtension 

func (d *MatchConditionDie) DieFeedRawExtension(raw runtime.RawExtension) *MatchConditionDie

DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*MatchConditionDie) DieFeedYAML 

func (d *MatchConditionDie) DieFeedYAML(y []byte) *MatchConditionDie

DieFeedYAML returns a new die with the provided YAML. Panics on error.

func (*MatchConditionDie) DieFeedYAMLFile 

func (d *MatchConditionDie) DieFeedYAMLFile(name string) *MatchConditionDie

DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error.

func (*MatchConditionDie) DieImmutable 

func (d *MatchConditionDie) DieImmutable(immutable bool) *MatchConditionDie

DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`).

func (*MatchConditionDie) DiePatch 

func (d *MatchConditionDie) DiePatch(patchType types.PatchType) ([]byte, error)

DiePatch generates a patch between the current value of the die and the sealed value.

func (*MatchConditionDie) DieRelease 

func (d *MatchConditionDie) DieRelease() admissionregistrationv1alpha1.MatchCondition

DieRelease returns the resource managed by the die.

func (*MatchConditionDie) DieReleaseJSON 

func (d *MatchConditionDie) DieReleaseJSON() []byte

DieReleaseJSON returns the resource managed by the die as JSON. Panics on error.

func (*MatchConditionDie) DieReleasePtr 

func (d *MatchConditionDie) DieReleasePtr() *admissionregistrationv1alpha1.MatchCondition

DieReleasePtr returns a pointer to the resource managed by the die.

func (*MatchConditionDie) DieReleaseRawExtension 

func (d *MatchConditionDie) DieReleaseRawExtension() runtime.RawExtension

DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*MatchConditionDie) DieReleaseYAML 

func (d *MatchConditionDie) DieReleaseYAML() []byte

DieReleaseYAML returns the resource managed by the die as YAML. Panics on error.

func (*MatchConditionDie) DieSeal 

func (d *MatchConditionDie) DieSeal() *MatchConditionDie

DieSeal returns a new die for the current die's state that is sealed for comparison in future diff and patch operations.

func (*MatchConditionDie) DieSealFeed 

func (d *MatchConditionDie) DieSealFeed(r admissionregistrationv1alpha1.MatchCondition) *MatchConditionDie

DieSealFeed returns a new die for the current die's state that uses a specific resource for comparison in future diff and patch operations.

func (*MatchConditionDie) DieSealFeedPtr 

func (d *MatchConditionDie) DieSealFeedPtr(r *admissionregistrationv1alpha1.MatchCondition) *MatchConditionDie

DieSealFeedPtr returns a new die for the current die's state that uses a specific resource pointer for comparison in future diff and patch operations. If the resource is nil, the empty value is used instead.

func (*MatchConditionDie) DieSealRelease 

func (d *MatchConditionDie) DieSealRelease() admissionregistrationv1alpha1.MatchCondition

DieSealRelease returns the sealed resource managed by the die.

func (*MatchConditionDie) DieSealReleasePtr 

func (d *MatchConditionDie) DieSealReleasePtr() *admissionregistrationv1alpha1.MatchCondition

DieSealReleasePtr returns the sealed resource pointer managed by the die.

func (*MatchConditionDie) DieStamp 

func (d *MatchConditionDie) DieStamp(fn func(r *admissionregistrationv1alpha1.MatchCondition)) *MatchConditionDie

DieStamp returns a new die with the resource passed to the callback function. The resource is mutable.

func (*MatchConditionDie) DieStampAt 

func (d *MatchConditionDie) DieStampAt(jp string, fn interface{}) *MatchConditionDie

Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location.

Future iterations will improve type coercion from the resource to the callback argument.

func (*MatchConditionDie) DieWith 

func (d *MatchConditionDie) DieWith(fns ...func(d *MatchConditionDie)) *MatchConditionDie

DieWith returns a new die after passing the current die to the callback function. The passed die is mutable.

func (*MatchConditionDie) Expression 

func (d *MatchConditionDie) Expression(v string) *MatchConditionDie

Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:

'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request. 

See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz

'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the 

request resource.

Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/

Required.

func (*MatchConditionDie) Name 

func (d *MatchConditionDie) Name(v string) *MatchConditionDie

Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')

Required.

type MatchResourcesDie 

type MatchResourcesDie struct {
	// contains filtered or unexported fields
}

func (*MatchResourcesDie) DeepCopy 

func (d *MatchResourcesDie) DeepCopy() *MatchResourcesDie

DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die.

func (*MatchResourcesDie) DieDiff 

func (d *MatchResourcesDie) DieDiff(opts ...cmp.Option) string

DieDiff uses cmp.Diff to compare the current value of the die with the sealed value.

func (*MatchResourcesDie) DieFeed 

func (d *MatchResourcesDie) DieFeed(r admissionregistrationv1alpha1.MatchResources) *MatchResourcesDie

DieFeed returns a new die with the provided resource.

func (*MatchResourcesDie) DieFeedJSON 

func (d *MatchResourcesDie) DieFeedJSON(j []byte) *MatchResourcesDie

DieFeedJSON returns a new die with the provided JSON. Panics on error.

func (*MatchResourcesDie) DieFeedPtr 

func (d *MatchResourcesDie) DieFeedPtr(r *admissionregistrationv1alpha1.MatchResources) *MatchResourcesDie

DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead.

func (*MatchResourcesDie) DieFeedRawExtension 

func (d *MatchResourcesDie) DieFeedRawExtension(raw runtime.RawExtension) *MatchResourcesDie

DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*MatchResourcesDie) DieFeedYAML 

func (d *MatchResourcesDie) DieFeedYAML(y []byte) *MatchResourcesDie

DieFeedYAML returns a new die with the provided YAML. Panics on error.

func (*MatchResourcesDie) DieFeedYAMLFile 

func (d *MatchResourcesDie) DieFeedYAMLFile(name string) *MatchResourcesDie

DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error.

func (*MatchResourcesDie) DieImmutable 

func (d *MatchResourcesDie) DieImmutable(immutable bool) *MatchResourcesDie

DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`).

func (*MatchResourcesDie) DiePatch 

func (d *MatchResourcesDie) DiePatch(patchType types.PatchType) ([]byte, error)

DiePatch generates a patch between the current value of the die and the sealed value.

func (*MatchResourcesDie) DieRelease 

func (d *MatchResourcesDie) DieRelease() admissionregistrationv1alpha1.MatchResources

DieRelease returns the resource managed by the die.

func (*MatchResourcesDie) DieReleaseJSON 

func (d *MatchResourcesDie) DieReleaseJSON() []byte

DieReleaseJSON returns the resource managed by the die as JSON. Panics on error.

func (*MatchResourcesDie) DieReleasePtr 

func (d *MatchResourcesDie) DieReleasePtr() *admissionregistrationv1alpha1.MatchResources

DieReleasePtr returns a pointer to the resource managed by the die.

func (*MatchResourcesDie) DieReleaseRawExtension 

func (d *MatchResourcesDie) DieReleaseRawExtension() runtime.RawExtension

DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*MatchResourcesDie) DieReleaseYAML 

func (d *MatchResourcesDie) DieReleaseYAML() []byte

DieReleaseYAML returns the resource managed by the die as YAML. Panics on error.

func (*MatchResourcesDie) DieSeal 

func (d *MatchResourcesDie) DieSeal() *MatchResourcesDie

DieSeal returns a new die for the current die's state that is sealed for comparison in future diff and patch operations.

func (*MatchResourcesDie) DieSealFeed 

func (d *MatchResourcesDie) DieSealFeed(r admissionregistrationv1alpha1.MatchResources) *MatchResourcesDie

DieSealFeed returns a new die for the current die's state that uses a specific resource for comparison in future diff and patch operations.

func (*MatchResourcesDie) DieSealFeedPtr 

func (d *MatchResourcesDie) DieSealFeedPtr(r *admissionregistrationv1alpha1.MatchResources) *MatchResourcesDie

DieSealFeedPtr returns a new die for the current die's state that uses a specific resource pointer for comparison in future diff and patch operations. If the resource is nil, the empty value is used instead.

func (*MatchResourcesDie) DieSealRelease 

func (d *MatchResourcesDie) DieSealRelease() admissionregistrationv1alpha1.MatchResources

DieSealRelease returns the sealed resource managed by the die.

func (*MatchResourcesDie) DieSealReleasePtr 

func (d *MatchResourcesDie) DieSealReleasePtr() *admissionregistrationv1alpha1.MatchResources

DieSealReleasePtr returns the sealed resource pointer managed by the die.

func (*MatchResourcesDie) DieStamp 

func (d *MatchResourcesDie) DieStamp(fn func(r *admissionregistrationv1alpha1.MatchResources)) *MatchResourcesDie

DieStamp returns a new die with the resource passed to the callback function. The resource is mutable.

func (*MatchResourcesDie) DieStampAt 

func (d *MatchResourcesDie) DieStampAt(jp string, fn interface{}) *MatchResourcesDie

Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location.

Future iterations will improve type coercion from the resource to the callback argument.

func (*MatchResourcesDie) DieWith 

func (d *MatchResourcesDie) DieWith(fns ...func(d *MatchResourcesDie)) *MatchResourcesDie

DieWith returns a new die after passing the current die to the callback function. The passed die is mutable.

func (*MatchResourcesDie) ExcludeResourceRules 

func (d *MatchResourcesDie) ExcludeResourceRules(v ...admissionregistrationv1alpha1.NamedRuleWithOperations) *MatchResourcesDie

ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about.

The exclude rules take precedence over include rules (if a resource matches both, it is excluded)

func (*MatchResourcesDie) ExcludeResourceRulesDie 

func (d *MatchResourcesDie) ExcludeResourceRulesDie(v ...*NamedRuleWithOperationsDie) *MatchResourcesDie

ExcludeResourceRulesDie replaces ExcludeResourceRules by collecting the released value from each die passed.

ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about.

The exclude rules take precedence over include rules (if a resource matches both, it is excluded)

func (*MatchResourcesDie) MatchPolicy 

func (d *MatchResourcesDie) MatchPolicy(v *admissionregistrationv1alpha1.MatchPolicyType) *MatchResourcesDie

matchPolicy defines how the "MatchResources" list is used to match incoming requests.

Allowed values are "Exact" or "Equivalent".

- Exact: match a request only if it exactly matches a specified rule.

For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,

but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,

a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.

- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.

For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,

and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,

a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.

Defaults to "Equivalent"

func (*MatchResourcesDie) NamespaceSelector 

func (d *MatchResourcesDie) NamespaceSelector(v *metav1.LabelSelector) *MatchResourcesDie

NamespaceSelector decides whether to run the admission control policy on an object based

on whether the namespace for that object matches the selector. If the

object itself is a namespace, the matching is performed on

object.metadata.labels. If the object is another cluster scoped resource,

it never skips the policy.

For example, to run the webhook on any objects whose namespace is not

associated with "runlevel" of "0" or "1"; you will set the selector as

follows:

"namespaceSelector": {

"matchExpressions": [

{

"key": "runlevel",

"operator": "NotIn",

"values": [

"0",

"1"

]

}

]

}

If instead you want to only run the policy on any objects whose

namespace is associated with the "environment" of "prod" or "staging";

you will set the selector as follows:

"namespaceSelector": {

"matchExpressions": [

{

"key": "environment",

"operator": "In",

"values": [

"prod",

"staging"

]

}

]

}

See

https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

func (*MatchResourcesDie) NamespaceSelectorDie 

func (d *MatchResourcesDie) NamespaceSelectorDie(fn func(d *v1.LabelSelectorDie)) *MatchResourcesDie

NamespaceSelectorDie mutates NamespaceSelector as a die.

NamespaceSelector decides whether to run the admission control policy on an object based

on whether the namespace for that object matches the selector. If the

object itself is a namespace, the matching is performed on

object.metadata.labels. If the object is another cluster scoped resource,

it never skips the policy.

For example, to run the webhook on any objects whose namespace is not

associated with "runlevel" of "0" or "1"; you will set the selector as

follows:

"namespaceSelector": {

"matchExpressions": [

{

"key": "runlevel",

"operator": "NotIn",

"values": [

"0",

"1"

]

}

]

}

If instead you want to only run the policy on any objects whose

namespace is associated with the "environment" of "prod" or "staging";

you will set the selector as follows:

"namespaceSelector": {

"matchExpressions": [

{

"key": "environment",

"operator": "In",

"values": [

"prod",

"staging"

]

}

]

}

See

https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

func (*MatchResourcesDie) ObjectSelector 

func (d *MatchResourcesDie) ObjectSelector(v *metav1.LabelSelector) *MatchResourcesDie

ObjectSelector decides whether to run the validation based on if the

object has matching labels. objectSelector is evaluated against both

the oldObject and newObject that would be sent to the cel validation, and

is considered to match if either object matches the selector. A null

object (oldObject in the case of create, or newObject in the case of

delete) or an object that cannot have labels (like a

DeploymentRollback or a PodProxyOptions object) is not considered to

match.

Use the object selector only if the webhook is opt-in, because end

users may skip the admission webhook by setting the labels.

Default to the empty LabelSelector, which matches everything.

func (*MatchResourcesDie) ObjectSelectorDie 

func (d *MatchResourcesDie) ObjectSelectorDie(fn func(d *v1.LabelSelectorDie)) *MatchResourcesDie

ObjectSelectorDie mutates ObjectSelector as a die.

ObjectSelector decides whether to run the validation based on if the

object has matching labels. objectSelector is evaluated against both

the oldObject and newObject that would be sent to the cel validation, and

is considered to match if either object matches the selector. A null

object (oldObject in the case of create, or newObject in the case of

delete) or an object that cannot have labels (like a

DeploymentRollback or a PodProxyOptions object) is not considered to

match.

Use the object selector only if the webhook is opt-in, because end

users may skip the admission webhook by setting the labels.

Default to the empty LabelSelector, which matches everything.

func (*MatchResourcesDie) ResourceRules 

func (d *MatchResourcesDie) ResourceRules(v ...admissionregistrationv1alpha1.NamedRuleWithOperations) *MatchResourcesDie

ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches.

The policy cares about an operation if it matches _any_ Rule.

func (*MatchResourcesDie) ResourceRulesDie 

func (d *MatchResourcesDie) ResourceRulesDie(v ...*NamedRuleWithOperationsDie) *MatchResourcesDie

ResourceRulesDie replaces ResourceRules by collecting the released value from each die passed.

ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches.

The policy cares about an operation if it matches _any_ Rule.

type MutatingAdmissionPolicyDie 

type MutatingAdmissionPolicyDie struct {
	v1.FrozenObjectMeta
	// contains filtered or unexported fields
}

func (*MutatingAdmissionPolicyDie) APIVersion 

func (d *MutatingAdmissionPolicyDie) APIVersion(v string) *MutatingAdmissionPolicyDie

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (*MutatingAdmissionPolicyDie) DeepCopy 

func (d *MutatingAdmissionPolicyDie) DeepCopy() *MutatingAdmissionPolicyDie

DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die.

func (*MutatingAdmissionPolicyDie) DeepCopyObject 

func (d *MutatingAdmissionPolicyDie) DeepCopyObject() runtime.Object

func (*MutatingAdmissionPolicyDie) DieDefaultTypeMetadata 

func (d *MutatingAdmissionPolicyDie) DieDefaultTypeMetadata() *MutatingAdmissionPolicyDie

DieDefaultTypeMetadata sets the APIVersion and Kind to "admissionregistration.k8s.io/v1alpha1" and "MutatingAdmissionPolicy" respectively.

func (*MutatingAdmissionPolicyDie) DieDiff 

func (d *MutatingAdmissionPolicyDie) DieDiff(opts ...cmp.Option) string

DieDiff uses cmp.Diff to compare the current value of the die with the sealed value.

func (*MutatingAdmissionPolicyDie) DieFeed 

func (d *MutatingAdmissionPolicyDie) DieFeed(r admissionregistrationv1alpha1.MutatingAdmissionPolicy) *MutatingAdmissionPolicyDie

DieFeed returns a new die with the provided resource.

func (*MutatingAdmissionPolicyDie) DieFeedJSON 

func (d *MutatingAdmissionPolicyDie) DieFeedJSON(j []byte) *MutatingAdmissionPolicyDie

DieFeedJSON returns a new die with the provided JSON. Panics on error.

func (*MutatingAdmissionPolicyDie) DieFeedPtr 

func (d *MutatingAdmissionPolicyDie) DieFeedPtr(r *admissionregistrationv1alpha1.MutatingAdmissionPolicy) *MutatingAdmissionPolicyDie

DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead.

func (*MutatingAdmissionPolicyDie) DieFeedRawExtension 

func (d *MutatingAdmissionPolicyDie) DieFeedRawExtension(raw runtime.RawExtension) *MutatingAdmissionPolicyDie

DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*MutatingAdmissionPolicyDie) DieFeedYAML 

func (d *MutatingAdmissionPolicyDie) DieFeedYAML(y []byte) *MutatingAdmissionPolicyDie

DieFeedYAML returns a new die with the provided YAML. Panics on error.

func (*MutatingAdmissionPolicyDie) DieFeedYAMLFile 

func (d *MutatingAdmissionPolicyDie) DieFeedYAMLFile(name string) *MutatingAdmissionPolicyDie

DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error.

func (*MutatingAdmissionPolicyDie) DieImmutable 

func (d *MutatingAdmissionPolicyDie) DieImmutable(immutable bool) *MutatingAdmissionPolicyDie

DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`).

func (*MutatingAdmissionPolicyDie) DiePatch 

func (d *MutatingAdmissionPolicyDie) DiePatch(patchType types.PatchType) ([]byte, error)

DiePatch generates a patch between the current value of the die and the sealed value.

func (*MutatingAdmissionPolicyDie) DieRelease 

func (d *MutatingAdmissionPolicyDie) DieRelease() admissionregistrationv1alpha1.MutatingAdmissionPolicy

DieRelease returns the resource managed by the die.

func (*MutatingAdmissionPolicyDie) DieReleaseJSON 

func (d *MutatingAdmissionPolicyDie) DieReleaseJSON() []byte

DieReleaseJSON returns the resource managed by the die as JSON. Panics on error.

func (*MutatingAdmissionPolicyDie) DieReleasePtr 

func (d *MutatingAdmissionPolicyDie) DieReleasePtr() *admissionregistrationv1alpha1.MutatingAdmissionPolicy

DieReleasePtr returns a pointer to the resource managed by the die.

func (*MutatingAdmissionPolicyDie) DieReleaseRawExtension 

func (d *MutatingAdmissionPolicyDie) DieReleaseRawExtension() runtime.RawExtension

DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*MutatingAdmissionPolicyDie) DieReleaseUnstructured 

func (d *MutatingAdmissionPolicyDie) DieReleaseUnstructured() *unstructured.Unstructured

DieReleaseUnstructured returns the resource managed by the die as an unstructured object. Panics on error.

func (*MutatingAdmissionPolicyDie) DieReleaseYAML 

func (d *MutatingAdmissionPolicyDie) DieReleaseYAML() []byte

DieReleaseYAML returns the resource managed by the die as YAML. Panics on error.

func (*MutatingAdmissionPolicyDie) DieSeal 

func (d *MutatingAdmissionPolicyDie) DieSeal() *MutatingAdmissionPolicyDie

DieSeal returns a new die for the current die's state that is sealed for comparison in future diff and patch operations.

func (*MutatingAdmissionPolicyDie) DieSealFeed 

func (d *MutatingAdmissionPolicyDie) DieSealFeed(r admissionregistrationv1alpha1.MutatingAdmissionPolicy) *MutatingAdmissionPolicyDie

DieSealFeed returns a new die for the current die's state that uses a specific resource for comparison in future diff and patch operations.

func (*MutatingAdmissionPolicyDie) DieSealFeedPtr 

func (d *MutatingAdmissionPolicyDie) DieSealFeedPtr(r *admissionregistrationv1alpha1.MutatingAdmissionPolicy) *MutatingAdmissionPolicyDie

DieSealFeedPtr returns a new die for the current die's state that uses a specific resource pointer for comparison in future diff and patch operations. If the resource is nil, the empty value is used instead.

func (*MutatingAdmissionPolicyDie) DieSealRelease 

func (d *MutatingAdmissionPolicyDie) DieSealRelease() admissionregistrationv1alpha1.MutatingAdmissionPolicy

DieSealRelease returns the sealed resource managed by the die.

func (*MutatingAdmissionPolicyDie) DieSealReleasePtr 

func (d *MutatingAdmissionPolicyDie) DieSealReleasePtr() *admissionregistrationv1alpha1.MutatingAdmissionPolicy

DieSealReleasePtr returns the sealed resource pointer managed by the die.

func (*MutatingAdmissionPolicyDie) DieStamp 

func (d *MutatingAdmissionPolicyDie) DieStamp(fn func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicy)) *MutatingAdmissionPolicyDie

DieStamp returns a new die with the resource passed to the callback function. The resource is mutable.

func (*MutatingAdmissionPolicyDie) DieStampAt 

func (d *MutatingAdmissionPolicyDie) DieStampAt(jp string, fn interface{}) *MutatingAdmissionPolicyDie

Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location.

Future iterations will improve type coercion from the resource to the callback argument.

func (*MutatingAdmissionPolicyDie) DieWith 

func (d *MutatingAdmissionPolicyDie) DieWith(fns ...func(d *MutatingAdmissionPolicyDie)) *MutatingAdmissionPolicyDie

DieWith returns a new die after passing the current die to the callback function. The passed die is mutable.

func (*MutatingAdmissionPolicyDie) GetObjectKind 

func (d *MutatingAdmissionPolicyDie) GetObjectKind() schema.ObjectKind

func (*MutatingAdmissionPolicyDie) Kind 

func (d *MutatingAdmissionPolicyDie) Kind(v string) *MutatingAdmissionPolicyDie

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (*MutatingAdmissionPolicyDie) MarshalJSON 

func (d *MutatingAdmissionPolicyDie) MarshalJSON() ([]byte, error)

func (*MutatingAdmissionPolicyDie) Metadata 

func (d *MutatingAdmissionPolicyDie) Metadata(v metav1.ObjectMeta) *MutatingAdmissionPolicyDie

Metadata standard object's metadata.

func (*MutatingAdmissionPolicyDie) MetadataDie 

func (d *MutatingAdmissionPolicyDie) MetadataDie(fn func(d *v1.ObjectMetaDie)) *MutatingAdmissionPolicyDie

MetadataDie stamps the resource's ObjectMeta field with a mutable die.

func (*MutatingAdmissionPolicyDie) Spec 

func (d *MutatingAdmissionPolicyDie) Spec(v admissionregistrationv1alpha1.MutatingAdmissionPolicySpec) *MutatingAdmissionPolicyDie

Specification of the desired behavior of the MutatingAdmissionPolicy.

func (*MutatingAdmissionPolicyDie) SpecDie 

func (d *MutatingAdmissionPolicyDie) SpecDie(fn func(d *MutatingAdmissionPolicySpecDie)) *MutatingAdmissionPolicyDie

SpecDie stamps the resource's spec field with a mutable die.

func (*MutatingAdmissionPolicyDie) TypeMetadata 

func (d *MutatingAdmissionPolicyDie) TypeMetadata(v metav1.TypeMeta) *MutatingAdmissionPolicyDie

TypeMetadata standard object's type metadata.

func (*MutatingAdmissionPolicyDie) TypeMetadataDie 

func (d *MutatingAdmissionPolicyDie) TypeMetadataDie(fn func(d *v1.TypeMetaDie)) *MutatingAdmissionPolicyDie

TypeMetadataDie stamps the resource's TypeMeta field with a mutable die.

func (*MutatingAdmissionPolicyDie) UnmarshalJSON 

func (d *MutatingAdmissionPolicyDie) UnmarshalJSON(b []byte) error

type MutatingAdmissionPolicySpecDie 

type MutatingAdmissionPolicySpecDie struct {
	// contains filtered or unexported fields
}

func (*MutatingAdmissionPolicySpecDie) DeepCopy 

func (d *MutatingAdmissionPolicySpecDie) DeepCopy() *MutatingAdmissionPolicySpecDie

DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die.

func (*MutatingAdmissionPolicySpecDie) DieDiff 

func (d *MutatingAdmissionPolicySpecDie) DieDiff(opts ...cmp.Option) string

DieDiff uses cmp.Diff to compare the current value of the die with the sealed value.

func (*MutatingAdmissionPolicySpecDie) DieFeed 

func (d *MutatingAdmissionPolicySpecDie) DieFeed(r admissionregistrationv1alpha1.MutatingAdmissionPolicySpec) *MutatingAdmissionPolicySpecDie

DieFeed returns a new die with the provided resource.

func (*MutatingAdmissionPolicySpecDie) DieFeedJSON 

func (d *MutatingAdmissionPolicySpecDie) DieFeedJSON(j []byte) *MutatingAdmissionPolicySpecDie

DieFeedJSON returns a new die with the provided JSON. Panics on error.

func (*MutatingAdmissionPolicySpecDie) DieFeedPtr 

func (d *MutatingAdmissionPolicySpecDie) DieFeedPtr(r *admissionregistrationv1alpha1.MutatingAdmissionPolicySpec) *MutatingAdmissionPolicySpecDie

DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead.

func (*MutatingAdmissionPolicySpecDie) DieFeedRawExtension 

func (d *MutatingAdmissionPolicySpecDie) DieFeedRawExtension(raw runtime.RawExtension) *MutatingAdmissionPolicySpecDie

DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*MutatingAdmissionPolicySpecDie) DieFeedYAML 

func (d *MutatingAdmissionPolicySpecDie) DieFeedYAML(y []byte) *MutatingAdmissionPolicySpecDie

DieFeedYAML returns a new die with the provided YAML. Panics on error.

func (*MutatingAdmissionPolicySpecDie) DieFeedYAMLFile 

func (d *MutatingAdmissionPolicySpecDie) DieFeedYAMLFile(name string) *MutatingAdmissionPolicySpecDie

DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error.

func (*MutatingAdmissionPolicySpecDie) DieImmutable 

func (d *MutatingAdmissionPolicySpecDie) DieImmutable(immutable bool) *MutatingAdmissionPolicySpecDie

DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`).

func (*MutatingAdmissionPolicySpecDie) DiePatch 

func (d *MutatingAdmissionPolicySpecDie) DiePatch(patchType types.PatchType) ([]byte, error)

DiePatch generates a patch between the current value of the die and the sealed value.

func (*MutatingAdmissionPolicySpecDie) DieRelease 

func (d *MutatingAdmissionPolicySpecDie) DieRelease() admissionregistrationv1alpha1.MutatingAdmissionPolicySpec

DieRelease returns the resource managed by the die.

func (*MutatingAdmissionPolicySpecDie) DieReleaseJSON 

func (d *MutatingAdmissionPolicySpecDie) DieReleaseJSON() []byte

DieReleaseJSON returns the resource managed by the die as JSON. Panics on error.

func (*MutatingAdmissionPolicySpecDie) DieReleasePtr 

func (d *MutatingAdmissionPolicySpecDie) DieReleasePtr() *admissionregistrationv1alpha1.MutatingAdmissionPolicySpec

DieReleasePtr returns a pointer to the resource managed by the die.

func (*MutatingAdmissionPolicySpecDie) DieReleaseRawExtension 

func (d *MutatingAdmissionPolicySpecDie) DieReleaseRawExtension() runtime.RawExtension

DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*MutatingAdmissionPolicySpecDie) DieReleaseYAML 

func (d *MutatingAdmissionPolicySpecDie) DieReleaseYAML() []byte

DieReleaseYAML returns the resource managed by the die as YAML. Panics on error.

func (*MutatingAdmissionPolicySpecDie) DieSeal 

func (d *MutatingAdmissionPolicySpecDie) DieSeal() *MutatingAdmissionPolicySpecDie

DieSeal returns a new die for the current die's state that is sealed for comparison in future diff and patch operations.

func (*MutatingAdmissionPolicySpecDie) DieSealFeed 

func (d *MutatingAdmissionPolicySpecDie) DieSealFeed(r admissionregistrationv1alpha1.MutatingAdmissionPolicySpec) *MutatingAdmissionPolicySpecDie

DieSealFeed returns a new die for the current die's state that uses a specific resource for comparison in future diff and patch operations.

func (*MutatingAdmissionPolicySpecDie) DieSealFeedPtr 

func (d *MutatingAdmissionPolicySpecDie) DieSealFeedPtr(r *admissionregistrationv1alpha1.MutatingAdmissionPolicySpec) *MutatingAdmissionPolicySpecDie

DieSealFeedPtr returns a new die for the current die's state that uses a specific resource pointer for comparison in future diff and patch operations. If the resource is nil, the empty value is used instead.

func (*MutatingAdmissionPolicySpecDie) DieSealRelease 

func (d *MutatingAdmissionPolicySpecDie) DieSealRelease() admissionregistrationv1alpha1.MutatingAdmissionPolicySpec

DieSealRelease returns the sealed resource managed by the die.

func (*MutatingAdmissionPolicySpecDie) DieSealReleasePtr 

func (d *MutatingAdmissionPolicySpecDie) DieSealReleasePtr() *admissionregistrationv1alpha1.MutatingAdmissionPolicySpec

DieSealReleasePtr returns the sealed resource pointer managed by the die.

func (*MutatingAdmissionPolicySpecDie) DieStamp 

func (d *MutatingAdmissionPolicySpecDie) DieStamp(fn func(r *admissionregistrationv1alpha1.MutatingAdmissionPolicySpec)) *MutatingAdmissionPolicySpecDie

DieStamp returns a new die with the resource passed to the callback function. The resource is mutable.

func (*MutatingAdmissionPolicySpecDie) DieStampAt 

func (d *MutatingAdmissionPolicySpecDie) DieStampAt(jp string, fn interface{}) *MutatingAdmissionPolicySpecDie

Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location.

Future iterations will improve type coercion from the resource to the callback argument.

func (*MutatingAdmissionPolicySpecDie) DieWith 

func (d *MutatingAdmissionPolicySpecDie) DieWith(fns ...func(d *MutatingAdmissionPolicySpecDie)) *MutatingAdmissionPolicySpecDie

DieWith returns a new die after passing the current die to the callback function. The passed die is mutable.

func (*MutatingAdmissionPolicySpecDie) FailurePolicy 

func (d *MutatingAdmissionPolicySpecDie) FailurePolicy(v *admissionregistrationv1alpha1.FailurePolicyType) *MutatingAdmissionPolicySpecDie

failurePolicy defines how to handle failures for the admission policy. Failures can

occur from CEL expression parse errors, type check errors, runtime errors and invalid

or mis-configured policy definitions or bindings.

A policy is invalid if paramKind refers to a non-existent Kind.

A binding is invalid if paramRef.name refers to a non-existent resource.

failurePolicy does not define how validations that evaluate to false are handled.

Allowed values are Ignore or Fail. Defaults to Fail.

func (*MutatingAdmissionPolicySpecDie) MatchConditionDie 

func (d *MutatingAdmissionPolicySpecDie) MatchConditionDie(v string, fn func(d *MatchConditionDie)) *MutatingAdmissionPolicySpecDie

MatchConditionDie mutates a single item in MatchConditions matched by the nested field Name, appending a new item if no match is found.

matchConditions is a list of conditions that must be met for a request to be validated.

Match conditions filter requests that have already been matched by the matchConstraints.

An empty list of matchConditions matches all requests.

There are a maximum of 64 match conditions allowed.

If a parameter object is provided, it can be accessed via the `params` handle in the same

manner as validation expressions.

The exact matching logic is (in order):

1. If ANY matchCondition evaluates to FALSE, the policy is skipped.

2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.

3. If any matchCondition evaluates to an error (but none are FALSE):

- If failurePolicy=Fail, reject the request

- If failurePolicy=Ignore, the policy is skipped

func (*MutatingAdmissionPolicySpecDie) MatchConditions 

func (d *MutatingAdmissionPolicySpecDie) MatchConditions(v ...admissionregistrationv1alpha1.MatchCondition) *MutatingAdmissionPolicySpecDie

matchConditions is a list of conditions that must be met for a request to be validated.

Match conditions filter requests that have already been matched by the matchConstraints.

An empty list of matchConditions matches all requests.

There are a maximum of 64 match conditions allowed.

If a parameter object is provided, it can be accessed via the `params` handle in the same

manner as validation expressions.

The exact matching logic is (in order):

1. If ANY matchCondition evaluates to FALSE, the policy is skipped.

2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.

3. If any matchCondition evaluates to an error (but none are FALSE):

- If failurePolicy=Fail, reject the request

- If failurePolicy=Ignore, the policy is skipped

func (*MutatingAdmissionPolicySpecDie) MatchConstraints 

func (d *MutatingAdmissionPolicySpecDie) MatchConstraints(v *admissionregistrationv1alpha1.MatchResources) *MutatingAdmissionPolicySpecDie

matchConstraints specifies what resources this policy is designed to validate.

The MutatingAdmissionPolicy cares about a request if it matches _all_ Constraints.

However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API

MutatingAdmissionPolicy cannot match MutatingAdmissionPolicy and MutatingAdmissionPolicyBinding.

The CREATE, UPDATE and CONNECT operations are allowed. The DELETE operation may not be matched.

'*' matches CREATE, UPDATE and CONNECT.

Required.

func (*MutatingAdmissionPolicySpecDie) MatchConstraintsDie 

func (d *MutatingAdmissionPolicySpecDie) MatchConstraintsDie(fn func(d *MatchResourcesDie)) *MutatingAdmissionPolicySpecDie

MatchConstraintsDie mutates MatchConstraints as a die.

matchConstraints specifies what resources this policy is designed to validate.

The MutatingAdmissionPolicy cares about a request if it matches _all_ Constraints.

However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API

MutatingAdmissionPolicy cannot match MutatingAdmissionPolicy and MutatingAdmissionPolicyBinding.

The CREATE, UPDATE and CONNECT operations are allowed. The DELETE operation may not be matched.

'*' matches CREATE, UPDATE and CONNECT.

Required.

func (*MutatingAdmissionPolicySpecDie) Mutations 

func (d *MutatingAdmissionPolicySpecDie) Mutations(v ...admissionregistrationv1alpha1.Mutation) *MutatingAdmissionPolicySpecDie

mutations contain operations to perform on matching objects.

mutations may not be empty; a minimum of one mutation is required.

mutations are evaluated in order, and are reinvoked according to

the reinvocationPolicy.

The mutations of a policy are invoked for each binding of this policy

and reinvocation of mutations occurs on a per binding basis.

func (*MutatingAdmissionPolicySpecDie) MutationsDie 

func (d *MutatingAdmissionPolicySpecDie) MutationsDie(v ...*MutationDie) *MutatingAdmissionPolicySpecDie

MutationsDie replaces Mutations by collecting the released value from each die passed.

mutations contain operations to perform on matching objects.

mutations may not be empty; a minimum of one mutation is required.

mutations are evaluated in order, and are reinvoked according to

the reinvocationPolicy.

The mutations of a policy are invoked for each binding of this policy

and reinvocation of mutations occurs on a per binding basis.

func (*MutatingAdmissionPolicySpecDie) ParamKind 

func (d *MutatingAdmissionPolicySpecDie) ParamKind(v *admissionregistrationv1alpha1.ParamKind) *MutatingAdmissionPolicySpecDie

paramKind specifies the kind of resources used to parameterize this policy.

If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions.

If paramKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied.

If paramKind is specified but paramRef is unset in MutatingAdmissionPolicyBinding, the params variable will be null.

func (*MutatingAdmissionPolicySpecDie) ParamKindDie 

func (d *MutatingAdmissionPolicySpecDie) ParamKindDie(fn func(d *ParamKindDie)) *MutatingAdmissionPolicySpecDie

ParamKindDie mutates ParamKind as a die.

paramKind specifies the kind of resources used to parameterize this policy.

If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions.

If paramKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied.

If paramKind is specified but paramRef is unset in MutatingAdmissionPolicyBinding, the params variable will be null.

func (*MutatingAdmissionPolicySpecDie) ReinvocationPolicy 

func (d *MutatingAdmissionPolicySpecDie) ReinvocationPolicy(v admissionregistrationv1alpha1.ReinvocationPolicyType) *MutatingAdmissionPolicySpecDie

reinvocationPolicy indicates whether mutations may be called multiple times per MutatingAdmissionPolicyBinding

as part of a single admission evaluation.

Allowed values are "Never" and "IfNeeded".

Never: These mutations will not be called more than once per binding in a single admission evaluation.

IfNeeded: These mutations may be invoked more than once per binding for a single admission request and there is no guarantee of

order with respect to other admission plugins, admission webhooks, bindings of this policy and admission policies. Mutations are only

reinvoked when mutations change the object after this mutation is invoked.

Required.

func (*MutatingAdmissionPolicySpecDie) Variables 

func (d *MutatingAdmissionPolicySpecDie) Variables(v ...admissionregistrationv1alpha1.Variable) *MutatingAdmissionPolicySpecDie

variables contain definitions of variables that can be used in composition of other expressions.

Each variable is defined as a named CEL expression.

The variables defined here will be available under `variables` in other expressions of the policy

except matchConditions because matchConditions are evaluated before the rest of the policy.

The expression of a variable can refer to other variables defined earlier in the list but not those after.

Thus, variables must be sorted by the order of first appearance and acyclic.

func (*MutatingAdmissionPolicySpecDie) VariablesDie 

func (d *MutatingAdmissionPolicySpecDie) VariablesDie(v ...*VariableDie) *MutatingAdmissionPolicySpecDie

VariablesDie replaces Variables by collecting the released value from each die passed.

variables contain definitions of variables that can be used in composition of other expressions.

Each variable is defined as a named CEL expression.

The variables defined here will be available under `variables` in other expressions of the policy

except matchConditions because matchConditions are evaluated before the rest of the policy.

The expression of a variable can refer to other variables defined earlier in the list but not those after.

Thus, variables must be sorted by the order of first appearance and acyclic.

type MutationDie 

type MutationDie struct {
	// contains filtered or unexported fields
}

func (*MutationDie) ApplyConfiguration 

func (d *MutationDie) ApplyConfiguration(v *admissionregistrationv1alpha1.ApplyConfiguration) *MutationDie

applyConfiguration defines the desired configuration values of an object.

The configuration is applied to the admission object using

[structured merge diff](https://github.com/kubernetes-sigs/structured-merge-diff).

A CEL expression is used to create apply configuration.

func (*MutationDie) ApplyConfigurationDie 

func (d *MutationDie) ApplyConfigurationDie(fn func(d *ApplyConfigurationDie)) *MutationDie

ApplyConfigurationDie mutates ApplyConfiguration as a die.

applyConfiguration defines the desired configuration values of an object.

The configuration is applied to the admission object using

[structured merge diff](https://github.com/kubernetes-sigs/structured-merge-diff).

A CEL expression is used to create apply configuration.

func (*MutationDie) DeepCopy 

func (d *MutationDie) DeepCopy() *MutationDie

DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die.

func (*MutationDie) DieDiff 

func (d *MutationDie) DieDiff(opts ...cmp.Option) string

DieDiff uses cmp.Diff to compare the current value of the die with the sealed value.

func (*MutationDie) DieFeed 

func (d *MutationDie) DieFeed(r admissionregistrationv1alpha1.Mutation) *MutationDie

DieFeed returns a new die with the provided resource.

func (*MutationDie) DieFeedJSON 

func (d *MutationDie) DieFeedJSON(j []byte) *MutationDie

DieFeedJSON returns a new die with the provided JSON. Panics on error.

func (*MutationDie) DieFeedPtr 

func (d *MutationDie) DieFeedPtr(r *admissionregistrationv1alpha1.Mutation) *MutationDie

DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead.

func (*MutationDie) DieFeedRawExtension 

func (d *MutationDie) DieFeedRawExtension(raw runtime.RawExtension) *MutationDie

DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*MutationDie) DieFeedYAML 

func (d *MutationDie) DieFeedYAML(y []byte) *MutationDie

DieFeedYAML returns a new die with the provided YAML. Panics on error.

func (*MutationDie) DieFeedYAMLFile 

func (d *MutationDie) DieFeedYAMLFile(name string) *MutationDie

DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error.

func (*MutationDie) DieImmutable 

func (d *MutationDie) DieImmutable(immutable bool) *MutationDie

DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`).

func (*MutationDie) DiePatch 

func (d *MutationDie) DiePatch(patchType types.PatchType) ([]byte, error)

DiePatch generates a patch between the current value of the die and the sealed value.

func (*MutationDie) DieRelease 

func (d *MutationDie) DieRelease() admissionregistrationv1alpha1.Mutation

DieRelease returns the resource managed by the die.

func (*MutationDie) DieReleaseJSON 

func (d *MutationDie) DieReleaseJSON() []byte

DieReleaseJSON returns the resource managed by the die as JSON. Panics on error.

func (*MutationDie) DieReleasePtr 

func (d *MutationDie) DieReleasePtr() *admissionregistrationv1alpha1.Mutation

DieReleasePtr returns a pointer to the resource managed by the die.

func (*MutationDie) DieReleaseRawExtension 

func (d *MutationDie) DieReleaseRawExtension() runtime.RawExtension

DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*MutationDie) DieReleaseYAML 

func (d *MutationDie) DieReleaseYAML() []byte

DieReleaseYAML returns the resource managed by the die as YAML. Panics on error.

func (*MutationDie) DieSeal 

func (d *MutationDie) DieSeal() *MutationDie

DieSeal returns a new die for the current die's state that is sealed for comparison in future diff and patch operations.

func (*MutationDie) DieSealFeed 

func (d *MutationDie) DieSealFeed(r admissionregistrationv1alpha1.Mutation) *MutationDie

DieSealFeed returns a new die for the current die's state that uses a specific resource for comparison in future diff and patch operations.

func (*MutationDie) DieSealFeedPtr 

func (d *MutationDie) DieSealFeedPtr(r *admissionregistrationv1alpha1.Mutation) *MutationDie

DieSealFeedPtr returns a new die for the current die's state that uses a specific resource pointer for comparison in future diff and patch operations. If the resource is nil, the empty value is used instead.

func (*MutationDie) DieSealRelease 

func (d *MutationDie) DieSealRelease() admissionregistrationv1alpha1.Mutation

DieSealRelease returns the sealed resource managed by the die.

func (*MutationDie) DieSealReleasePtr 

func (d *MutationDie) DieSealReleasePtr() *admissionregistrationv1alpha1.Mutation

DieSealReleasePtr returns the sealed resource pointer managed by the die.

func (*MutationDie) DieStamp 

func (d *MutationDie) DieStamp(fn func(r *admissionregistrationv1alpha1.Mutation)) *MutationDie

DieStamp returns a new die with the resource passed to the callback function. The resource is mutable.

func (*MutationDie) DieStampAt 

func (d *MutationDie) DieStampAt(jp string, fn interface{}) *MutationDie

Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location.

Future iterations will improve type coercion from the resource to the callback argument.

func (*MutationDie) DieWith 

func (d *MutationDie) DieWith(fns ...func(d *MutationDie)) *MutationDie

DieWith returns a new die after passing the current die to the callback function. The passed die is mutable.

func (*MutationDie) JSONPatch 

func (d *MutationDie) JSONPatch(v *admissionregistrationv1alpha1.JSONPatch) *MutationDie

jsonPatch defines a [JSON patch](https://jsonpatch.com/) operation to perform a mutation to the object.

A CEL expression is used to create the JSON patch.

func (*MutationDie) JSONPatchDie 

func (d *MutationDie) JSONPatchDie(fn func(d *JSONPatchDie)) *MutationDie

JSONPatchDie mutates JSONPatch as a die.

jsonPatch defines a [JSON patch](https://jsonpatch.com/) operation to perform a mutation to the object.

A CEL expression is used to create the JSON patch.

func (*MutationDie) PatchType 

func (d *MutationDie) PatchType(v admissionregistrationv1alpha1.PatchType) *MutationDie

patchType indicates the patch strategy used.

Allowed values are "ApplyConfiguration" and "JSONPatch".

Required.

type NamedRuleWithOperationsDie 

type NamedRuleWithOperationsDie struct {
	// contains filtered or unexported fields
}

func (*NamedRuleWithOperationsDie) DeepCopy 

func (d *NamedRuleWithOperationsDie) DeepCopy() *NamedRuleWithOperationsDie

DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die.

func (*NamedRuleWithOperationsDie) DieDiff 

func (d *NamedRuleWithOperationsDie) DieDiff(opts ...cmp.Option) string

DieDiff uses cmp.Diff to compare the current value of the die with the sealed value.

func (*NamedRuleWithOperationsDie) DieFeed 

func (d *NamedRuleWithOperationsDie) DieFeed(r admissionregistrationv1alpha1.NamedRuleWithOperations) *NamedRuleWithOperationsDie

DieFeed returns a new die with the provided resource.

func (*NamedRuleWithOperationsDie) DieFeedJSON 

func (d *NamedRuleWithOperationsDie) DieFeedJSON(j []byte) *NamedRuleWithOperationsDie

DieFeedJSON returns a new die with the provided JSON. Panics on error.

func (*NamedRuleWithOperationsDie) DieFeedPtr 

func (d *NamedRuleWithOperationsDie) DieFeedPtr(r *admissionregistrationv1alpha1.NamedRuleWithOperations) *NamedRuleWithOperationsDie

DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead.

func (*NamedRuleWithOperationsDie) DieFeedRawExtension 

func (d *NamedRuleWithOperationsDie) DieFeedRawExtension(raw runtime.RawExtension) *NamedRuleWithOperationsDie

DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*NamedRuleWithOperationsDie) DieFeedYAML 

func (d *NamedRuleWithOperationsDie) DieFeedYAML(y []byte) *NamedRuleWithOperationsDie

DieFeedYAML returns a new die with the provided YAML. Panics on error.

func (*NamedRuleWithOperationsDie) DieFeedYAMLFile 

func (d *NamedRuleWithOperationsDie) DieFeedYAMLFile(name string) *NamedRuleWithOperationsDie

DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error.

func (*NamedRuleWithOperationsDie) DieImmutable 

func (d *NamedRuleWithOperationsDie) DieImmutable(immutable bool) *NamedRuleWithOperationsDie

DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`).

func (*NamedRuleWithOperationsDie) DiePatch 

func (d *NamedRuleWithOperationsDie) DiePatch(patchType types.PatchType) ([]byte, error)

DiePatch generates a patch between the current value of the die and the sealed value.

func (*NamedRuleWithOperationsDie) DieRelease 

func (d *NamedRuleWithOperationsDie) DieRelease() admissionregistrationv1alpha1.NamedRuleWithOperations

DieRelease returns the resource managed by the die.

func (*NamedRuleWithOperationsDie) DieReleaseJSON 

func (d *NamedRuleWithOperationsDie) DieReleaseJSON() []byte

DieReleaseJSON returns the resource managed by the die as JSON. Panics on error.

func (*NamedRuleWithOperationsDie) DieReleasePtr 

func (d *NamedRuleWithOperationsDie) DieReleasePtr() *admissionregistrationv1alpha1.NamedRuleWithOperations

DieReleasePtr returns a pointer to the resource managed by the die.

func (*NamedRuleWithOperationsDie) DieReleaseRawExtension 

func (d *NamedRuleWithOperationsDie) DieReleaseRawExtension() runtime.RawExtension

DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*NamedRuleWithOperationsDie) DieReleaseYAML 

func (d *NamedRuleWithOperationsDie) DieReleaseYAML() []byte

DieReleaseYAML returns the resource managed by the die as YAML. Panics on error.

func (*NamedRuleWithOperationsDie) DieSeal 

func (d *NamedRuleWithOperationsDie) DieSeal() *NamedRuleWithOperationsDie

DieSeal returns a new die for the current die's state that is sealed for comparison in future diff and patch operations.

func (*NamedRuleWithOperationsDie) DieSealFeed 

func (d *NamedRuleWithOperationsDie) DieSealFeed(r admissionregistrationv1alpha1.NamedRuleWithOperations) *NamedRuleWithOperationsDie

DieSealFeed returns a new die for the current die's state that uses a specific resource for comparison in future diff and patch operations.

func (*NamedRuleWithOperationsDie) DieSealFeedPtr 

func (d *NamedRuleWithOperationsDie) DieSealFeedPtr(r *admissionregistrationv1alpha1.NamedRuleWithOperations) *NamedRuleWithOperationsDie

DieSealFeedPtr returns a new die for the current die's state that uses a specific resource pointer for comparison in future diff and patch operations. If the resource is nil, the empty value is used instead.

func (*NamedRuleWithOperationsDie) DieSealRelease 

func (d *NamedRuleWithOperationsDie) DieSealRelease() admissionregistrationv1alpha1.NamedRuleWithOperations

DieSealRelease returns the sealed resource managed by the die.

func (*NamedRuleWithOperationsDie) DieSealReleasePtr 

func (d *NamedRuleWithOperationsDie) DieSealReleasePtr() *admissionregistrationv1alpha1.NamedRuleWithOperations

DieSealReleasePtr returns the sealed resource pointer managed by the die.

func (*NamedRuleWithOperationsDie) DieStamp 

func (d *NamedRuleWithOperationsDie) DieStamp(fn func(r *admissionregistrationv1alpha1.NamedRuleWithOperations)) *NamedRuleWithOperationsDie

DieStamp returns a new die with the resource passed to the callback function. The resource is mutable.

func (*NamedRuleWithOperationsDie) DieStampAt 

func (d *NamedRuleWithOperationsDie) DieStampAt(jp string, fn interface{}) *NamedRuleWithOperationsDie

Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location.

Future iterations will improve type coercion from the resource to the callback argument.

func (*NamedRuleWithOperationsDie) DieWith 

func (d *NamedRuleWithOperationsDie) DieWith(fns ...func(d *NamedRuleWithOperationsDie)) *NamedRuleWithOperationsDie

DieWith returns a new die after passing the current die to the callback function. The passed die is mutable.

func (*NamedRuleWithOperationsDie) ResourceNames 

func (d *NamedRuleWithOperationsDie) ResourceNames(v ...string) *NamedRuleWithOperationsDie

ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.

func (*NamedRuleWithOperationsDie) RuleWithOperations 

func (d *NamedRuleWithOperationsDie) RuleWithOperations(v admissionregistrationv1alpha1.RuleWithOperations) *NamedRuleWithOperationsDie

RuleWithOperations is a tuple of Operations and Resources.

func (*NamedRuleWithOperationsDie) RuleWithOperationsDie 

func (d *NamedRuleWithOperationsDie) RuleWithOperationsDie(fn func(d *admissionregistrationv1.RuleWithOperationsDie)) *NamedRuleWithOperationsDie

RuleWithOperationsDie mutates RuleWithOperations as a die.

RuleWithOperations is a tuple of Operations and Resources.

type ParamKindDie 

type ParamKindDie struct {
	// contains filtered or unexported fields
}

func (*ParamKindDie) APIVersion 

func (d *ParamKindDie) APIVersion(v string) *ParamKindDie

APIVersion is the API group version the resources belong to.

In format of "group/version".

Required.

func (*ParamKindDie) DeepCopy 

func (d *ParamKindDie) DeepCopy() *ParamKindDie

DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die.

func (*ParamKindDie) DieDiff 

func (d *ParamKindDie) DieDiff(opts ...cmp.Option) string

DieDiff uses cmp.Diff to compare the current value of the die with the sealed value.

func (*ParamKindDie) DieFeed 

func (d *ParamKindDie) DieFeed(r admissionregistrationv1alpha1.ParamKind) *ParamKindDie

DieFeed returns a new die with the provided resource.

func (*ParamKindDie) DieFeedJSON 

func (d *ParamKindDie) DieFeedJSON(j []byte) *ParamKindDie

DieFeedJSON returns a new die with the provided JSON. Panics on error.

func (*ParamKindDie) DieFeedPtr 

func (d *ParamKindDie) DieFeedPtr(r *admissionregistrationv1alpha1.ParamKind) *ParamKindDie

DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead.

func (*ParamKindDie) DieFeedRawExtension 

func (d *ParamKindDie) DieFeedRawExtension(raw runtime.RawExtension) *ParamKindDie

DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*ParamKindDie) DieFeedYAML 

func (d *ParamKindDie) DieFeedYAML(y []byte) *ParamKindDie

DieFeedYAML returns a new die with the provided YAML. Panics on error.

func (*ParamKindDie) DieFeedYAMLFile 

func (d *ParamKindDie) DieFeedYAMLFile(name string) *ParamKindDie

DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error.

func (*ParamKindDie) DieImmutable 

func (d *ParamKindDie) DieImmutable(immutable bool) *ParamKindDie

DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`).

func (*ParamKindDie) DiePatch 

func (d *ParamKindDie) DiePatch(patchType types.PatchType) ([]byte, error)

DiePatch generates a patch between the current value of the die and the sealed value.

func (*ParamKindDie) DieRelease 

func (d *ParamKindDie) DieRelease() admissionregistrationv1alpha1.ParamKind

DieRelease returns the resource managed by the die.

func (*ParamKindDie) DieReleaseJSON 

func (d *ParamKindDie) DieReleaseJSON() []byte

DieReleaseJSON returns the resource managed by the die as JSON. Panics on error.

func (*ParamKindDie) DieReleasePtr 

func (d *ParamKindDie) DieReleasePtr() *admissionregistrationv1alpha1.ParamKind

DieReleasePtr returns a pointer to the resource managed by the die.

func (*ParamKindDie) DieReleaseRawExtension 

func (d *ParamKindDie) DieReleaseRawExtension() runtime.RawExtension

DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*ParamKindDie) DieReleaseYAML 

func (d *ParamKindDie) DieReleaseYAML() []byte

DieReleaseYAML returns the resource managed by the die as YAML. Panics on error.

func (*ParamKindDie) DieSeal 

func (d *ParamKindDie) DieSeal() *ParamKindDie

DieSeal returns a new die for the current die's state that is sealed for comparison in future diff and patch operations.

func (*ParamKindDie) DieSealFeed 

func (d *ParamKindDie) DieSealFeed(r admissionregistrationv1alpha1.ParamKind) *ParamKindDie

DieSealFeed returns a new die for the current die's state that uses a specific resource for comparison in future diff and patch operations.

func (*ParamKindDie) DieSealFeedPtr 

func (d *ParamKindDie) DieSealFeedPtr(r *admissionregistrationv1alpha1.ParamKind) *ParamKindDie

DieSealFeedPtr returns a new die for the current die's state that uses a specific resource pointer for comparison in future diff and patch operations. If the resource is nil, the empty value is used instead.

func (*ParamKindDie) DieSealRelease 

func (d *ParamKindDie) DieSealRelease() admissionregistrationv1alpha1.ParamKind

DieSealRelease returns the sealed resource managed by the die.

func (*ParamKindDie) DieSealReleasePtr 

func (d *ParamKindDie) DieSealReleasePtr() *admissionregistrationv1alpha1.ParamKind

DieSealReleasePtr returns the sealed resource pointer managed by the die.

func (*ParamKindDie) DieStamp 

func (d *ParamKindDie) DieStamp(fn func(r *admissionregistrationv1alpha1.ParamKind)) *ParamKindDie

DieStamp returns a new die with the resource passed to the callback function. The resource is mutable.

func (*ParamKindDie) DieStampAt 

func (d *ParamKindDie) DieStampAt(jp string, fn interface{}) *ParamKindDie

Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location.

Future iterations will improve type coercion from the resource to the callback argument.

func (*ParamKindDie) DieWith 

func (d *ParamKindDie) DieWith(fns ...func(d *ParamKindDie)) *ParamKindDie

DieWith returns a new die after passing the current die to the callback function. The passed die is mutable.

func (*ParamKindDie) Kind 

func (d *ParamKindDie) Kind(v string) *ParamKindDie

Kind is the API kind the resources belong to.

Required.

type VariableDie 

type VariableDie struct {
	// contains filtered or unexported fields
}

func (*VariableDie) DeepCopy 

func (d *VariableDie) DeepCopy() *VariableDie

DeepCopy returns a new die with equivalent state. Useful for snapshotting a mutable die.

func (*VariableDie) DieDiff 

func (d *VariableDie) DieDiff(opts ...cmp.Option) string

DieDiff uses cmp.Diff to compare the current value of the die with the sealed value.

func (*VariableDie) DieFeed 

func (d *VariableDie) DieFeed(r admissionregistrationv1alpha1.Variable) *VariableDie

DieFeed returns a new die with the provided resource.

func (*VariableDie) DieFeedJSON 

func (d *VariableDie) DieFeedJSON(j []byte) *VariableDie

DieFeedJSON returns a new die with the provided JSON. Panics on error.

func (*VariableDie) DieFeedPtr 

func (d *VariableDie) DieFeedPtr(r *admissionregistrationv1alpha1.Variable) *VariableDie

DieFeedPtr returns a new die with the provided resource pointer. If the resource is nil, the empty value is used instead.

func (*VariableDie) DieFeedRawExtension 

func (d *VariableDie) DieFeedRawExtension(raw runtime.RawExtension) *VariableDie

DieFeedRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*VariableDie) DieFeedYAML 

func (d *VariableDie) DieFeedYAML(y []byte) *VariableDie

DieFeedYAML returns a new die with the provided YAML. Panics on error.

func (*VariableDie) DieFeedYAMLFile 

func (d *VariableDie) DieFeedYAMLFile(name string) *VariableDie

DieFeedYAMLFile returns a new die loading YAML from a file path. Panics on error.

func (*VariableDie) DieImmutable 

func (d *VariableDie) DieImmutable(immutable bool) *VariableDie

DieImmutable returns a new die for the current die's state that is either mutable (`false`) or immutable (`true`).

func (*VariableDie) DiePatch 

func (d *VariableDie) DiePatch(patchType types.PatchType) ([]byte, error)

DiePatch generates a patch between the current value of the die and the sealed value.

func (*VariableDie) DieRelease 

func (d *VariableDie) DieRelease() admissionregistrationv1alpha1.Variable

DieRelease returns the resource managed by the die.

func (*VariableDie) DieReleaseJSON 

func (d *VariableDie) DieReleaseJSON() []byte

DieReleaseJSON returns the resource managed by the die as JSON. Panics on error.

func (*VariableDie) DieReleasePtr 

func (d *VariableDie) DieReleasePtr() *admissionregistrationv1alpha1.Variable

DieReleasePtr returns a pointer to the resource managed by the die.

func (*VariableDie) DieReleaseRawExtension 

func (d *VariableDie) DieReleaseRawExtension() runtime.RawExtension

DieReleaseRawExtension returns the resource managed by the die as an raw extension. Panics on error.

func (*VariableDie) DieReleaseYAML 

func (d *VariableDie) DieReleaseYAML() []byte

DieReleaseYAML returns the resource managed by the die as YAML. Panics on error.

func (*VariableDie) DieSeal 

func (d *VariableDie) DieSeal() *VariableDie

DieSeal returns a new die for the current die's state that is sealed for comparison in future diff and patch operations.

func (*VariableDie) DieSealFeed 

func (d *VariableDie) DieSealFeed(r admissionregistrationv1alpha1.Variable) *VariableDie

DieSealFeed returns a new die for the current die's state that uses a specific resource for comparison in future diff and patch operations.

func (*VariableDie) DieSealFeedPtr 

func (d *VariableDie) DieSealFeedPtr(r *admissionregistrationv1alpha1.Variable) *VariableDie

DieSealFeedPtr returns a new die for the current die's state that uses a specific resource pointer for comparison in future diff and patch operations. If the resource is nil, the empty value is used instead.

func (*VariableDie) DieSealRelease 

func (d *VariableDie) DieSealRelease() admissionregistrationv1alpha1.Variable

DieSealRelease returns the sealed resource managed by the die.

func (*VariableDie) DieSealReleasePtr 

func (d *VariableDie) DieSealReleasePtr() *admissionregistrationv1alpha1.Variable

DieSealReleasePtr returns the sealed resource pointer managed by the die.

func (*VariableDie) DieStamp 

func (d *VariableDie) DieStamp(fn func(r *admissionregistrationv1alpha1.Variable)) *VariableDie

DieStamp returns a new die with the resource passed to the callback function. The resource is mutable.

func (*VariableDie) DieStampAt 

func (d *VariableDie) DieStampAt(jp string, fn interface{}) *VariableDie

Experimental: DieStampAt uses a JSON path (http://goessner.net/articles/JsonPath/) expression to stamp portions of the resource. The callback is invoked with each JSON path match. Panics if the callback function does not accept a single argument of the same type or a pointer to that type as found on the resource at the target location.

Future iterations will improve type coercion from the resource to the callback argument.

func (*VariableDie) DieWith 

func (d *VariableDie) DieWith(fns ...func(d *VariableDie)) *VariableDie

DieWith returns a new die after passing the current die to the callback function. The passed die is mutable.

func (*VariableDie) Expression 

func (d *VariableDie) Expression(v string) *VariableDie

Expression is the expression that will be evaluated as the value of the variable.

The CEL expression has access to the same identifiers as the CEL expressions in Validation.

func (*VariableDie) Name 

func (d *VariableDie) Name(v string) *VariableDie

Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables.

The variable can be accessed in other expressions through `variables`

For example, if name is "foo", the variable will be available as `variables.foo`

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.