cri-o/vendor/k8s.io/api/admissionregistration/v1alpha1/generated.proto

/*
Copyright 2017 The Kubernetes Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/


// This file was autogenerated by go-to-protobuf. Do not edit it manually!

syntax = 'proto2';

package k8s.io.api.admissionregistration.v1alpha1;

import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";

// Package-wide variables from generator "generated".
option go_package = "v1alpha1";

// AdmissionHookClientConfig contains the information to make a TLS
// connection with the webhook
message AdmissionHookClientConfig {
  // Service is a reference to the service for this webhook. If there is only
  // one port open for the service, that port will be used. If there are multiple
  // ports open, port 443 will be used if it is open, otherwise it is an error.
  // Required
  optional ServiceReference service = 1;

  // URLPath is an optional field that specifies the URL path to use when posting the AdmissionReview object.
  optional string urlPath = 3;

  // CABundle is a PEM encoded CA bundle which will be used to validate webhook's server certificate.
  // Required
  optional bytes caBundle = 2;
}

// ExternalAdmissionHook describes an external admission webhook and the
// resources and operations it applies to.
message ExternalAdmissionHook {
  // The name of the external admission webhook.
  // Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where
  // "imagepolicy" is the name of the webhook, and kubernetes.io is the name
  // of the organization.
  // Required.
  optional string name = 1;

  // ClientConfig defines how to communicate with the hook.
  // Required
  optional AdmissionHookClientConfig clientConfig = 2;

  // Rules describes what operations on what resources/subresources the webhook cares about.
  // The webhook cares about an operation if it matches _any_ Rule.
  repeated RuleWithOperations rules = 3;

  // FailurePolicy defines how unrecognized errors from the admission endpoint are handled -
  // allowed values are Ignore or Fail. Defaults to Ignore.
  // +optional
  optional string failurePolicy = 4;
}

// ExternalAdmissionHookConfiguration describes the configuration of initializers.
message ExternalAdmissionHookConfiguration {
  // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata.
  // +optional
  optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;

  // ExternalAdmissionHooks is a list of external admission webhooks and the
  // affected resources and operations.
  // +optional
  // +patchMergeKey=name
  // +patchStrategy=merge
  repeated ExternalAdmissionHook externalAdmissionHooks = 2;
}

// ExternalAdmissionHookConfigurationList is a list of ExternalAdmissionHookConfiguration.
message ExternalAdmissionHookConfigurationList {
  // Standard list metadata.
  // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds
  // +optional
  optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;

  // List of ExternalAdmissionHookConfiguration.
  repeated ExternalAdmissionHookConfiguration items = 2;
}

// Initializer describes the name and the failure policy of an initializer, and
// what resources it applies to.
message Initializer {
  // Name is the identifier of the initializer. It will be added to the
  // object that needs to be initialized.
  // Name should be fully qualified, e.g., alwayspullimages.kubernetes.io, where
  // "alwayspullimages" is the name of the webhook, and kubernetes.io is the name
  // of the organization.
  // Required
  optional string name = 1;

  // Rules describes what resources/subresources the initializer cares about.
  // The initializer cares about an operation if it matches _any_ Rule.
  // Rule.Resources must not include subresources.
  repeated Rule rules = 2;
}

// InitializerConfiguration describes the configuration of initializers.
message InitializerConfiguration {
  // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata.
  // +optional
  optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;

  // Initializers is a list of resources and their default initializers
  // Order-sensitive.
  // When merging multiple InitializerConfigurations, we sort the initializers
  // from different InitializerConfigurations by the name of the
  // InitializerConfigurations; the order of the initializers from the same
  // InitializerConfiguration is preserved.
  // +patchMergeKey=name
  // +patchStrategy=merge
  // +optional
  repeated Initializer initializers = 2;
}

// InitializerConfigurationList is a list of InitializerConfiguration.
message InitializerConfigurationList {
  // Standard list metadata.
  // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds
  // +optional
  optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;

  // List of InitializerConfiguration.
  repeated InitializerConfiguration items = 2;
}

// Rule is a tuple of APIGroups, APIVersion, and Resources.It is recommended
// to make sure that all the tuple expansions are valid.
message Rule {
  // APIGroups is the API groups the resources belong to. '*' is all groups.
  // If '*' is present, the length of the slice must be one.
  // Required.
  repeated string apiGroups = 1;

  // APIVersions is the API versions the resources belong to. '*' is all versions.
  // If '*' is present, the length of the slice must be one.
  // Required.
  repeated string apiVersions = 2;

  // Resources is a list of resources this rule applies to.
  //
  // For example:
  // 'pods' means pods.
  // 'pods/log' means the log subresource of pods.
  // '*' means all resources, but not subresources.
  // 'pods/*' means all subresources of pods.
  // '*/scale' means all scale subresources.
  // '*/*' means all resources and their subresources.
  //
  // If wildcard is present, the validation rule will ensure resources do not
  // overlap with each other.
  //
  // Depending on the enclosing object, subresources might not be allowed.
  // Required.
  repeated string resources = 3;
}

// RuleWithOperations is a tuple of Operations and Resources. It is recommended to make
// sure that all the tuple expansions are valid.
message RuleWithOperations {
  // Operations is the operations the admission hook cares about - CREATE, UPDATE, or *
  // for all operations.
  // If '*' is present, the length of the slice must be one.
  // Required.
  repeated string operations = 1;

  // Rule is embedded, it describes other criteria of the rule, like
  // APIGroups, APIVersions, Resources, etc.
  optional Rule rule = 2;
}

// ServiceReference holds a reference to Service.legacy.k8s.io
message ServiceReference {
  // Namespace is the namespace of the service
  // Required
  optional string namespace = 1;

  // Name is the name of the service
  // Required
  optional string name = 2;
}