merge main

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
kyverno · Oct 17, 2023 · 9bdcdf1 · 9bdcdf1
2 parents 677f303 + 9b0bb3b
commit 9bdcdf1
Show file tree

Hide file tree

Showing 34 changed files with 539 additions and 621 deletions.
diff --git a/catalog/aws/policy-1.yaml b/catalog/aws/policy-1.yaml
@@ -1,5 +1,5 @@
 apiVersion: json.kyverno.io/v1alpha1
-kind: Policy
+kind: ValidationPolicy
 metadata:
   name: test
   labels:
@@ -10,9 +10,8 @@ metadata:
 spec:
   rules:
     - name: foo-bar
-      validate:
-        assert:
-          all:
-          - check:
-              foo:
-                /(bar)/: 10
+      assert:
+        all:
+        - check:
+            foo:
+              /(bar)/: 10
diff --git a/catalog/ecs/policy-1.yaml b/catalog/ecs/policy-1.yaml
@@ -1,13 +1,12 @@
 apiVersion: json.kyverno.io/v1alpha1
-kind: Policy
+kind: ValidationPolicy
 metadata:
   name: test
 spec:
   rules:
     - name: foo-bar
-      validate:
-        assert:
-          all:
-          - check:
-              foo:
-                /(bar)/: 10
+      assert:
+        all:
+        - check:
+            foo:
+              /(bar)/: 10
diff --git a/config/crds/json.kyverno.io_policies.yaml → ...s/json.kyverno.io_validationpolicies.yaml b/config/crds/json.kyverno.io_policies.yaml → ...s/json.kyverno.io_validationpolicies.yaml
@@ -4,20 +4,20 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.12.0
-  name: policies.json.kyverno.io
+  name: validationpolicies.json.kyverno.io
 spec:
   group: json.kyverno.io
   names:
-    kind: Policy
-    listKind: PolicyList
-    plural: policies
-    singular: policy
+    kind: ValidationPolicy
+    listKind: ValidationPolicyList
+    plural: validationpolicies
+    singular: validationpolicy
   scope: Cluster
   versions:
   - name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: Policy is the resource that contains the policy definition.
+        description: ValidationPolicy is the resource that contains the policy definition.
         properties:
           apiVersion:
             description: 'APIVersion defines the versioned schema of this representation
@@ -39,6 +39,42 @@ spec:
                   multiple rules and each rule can validate, mutate, or generate resources.
                 items:
                   properties:
+                    assert:
+                      description: Assert is used to validate matching resources.
+                      properties:
+                        all:
+                          description: All allows specifying resources which will
+                            be ANDed.
+                          items:
+                            properties:
+                              check:
+                                description: Check is the assertion check definition.
+                                type: object
+                                x-kubernetes-preserve-unknown-fields: true
+                              message:
+                                description: Message is the variable associated message.
+                                type: string
+                            required:
+                            - check
+                            type: object
+                          type: array
+                        any:
+                          description: Any allows specifying resources which will
+                            be ORed.
+                          items:
+                            properties:
+                              check:
+                                description: Check is the assertion check definition.
+                                type: object
+                                x-kubernetes-preserve-unknown-fields: true
+                              message:
+                                description: Message is the variable associated message.
+                                type: string
+                            required:
+                            - check
+                            type: object
+                          type: array
+                      type: object
                     context:
                       description: Context defines variables and data sources that
                         can be used during rule execution.
@@ -105,49 +141,6 @@ spec:
                         unique within the policy.
                       maxLength: 63
                       type: string
-                    validate:
-                      description: Validation is used to validate matching resources.
-                      properties:
-                        assert:
-                          description: Assert specifies an overlay-style pattern used
-                            to check resources.
-                          properties:
-                            all:
-                              description: All allows specifying resources which will
-                                be ANDed.
-                              items:
-                                properties:
-                                  check:
-                                    description: Check is the assertion check definition.
-                                    type: object
-                                    x-kubernetes-preserve-unknown-fields: true
-                                  message:
-                                    description: Message is the variable associated
-                                      message.
-                                    type: string
-                                required:
-                                - check
-                                type: object
-                              type: array
-                            any:
-                              description: Any allows specifying resources which will
-                                be ORed.
-                              items:
-                                properties:
-                                  check:
-                                    description: Check is the assertion check definition.
-                                    type: object
-                                    x-kubernetes-preserve-unknown-fields: true
-                                  message:
-                                    description: Message is the variable associated
-                                      message.
-                                    type: string
-                                required:
-                                - check
-                                type: object
-                              type: array
-                          type: object
-                      type: object
                   required:
                   - name
                   type: object

diff --git a/hack/docs/catalog/main.go b/hack/docs/catalog/main.go
@@ -21,7 +21,7 @@ const (
 
 type pol struct {
 	Path   string
-	Policy *v1alpha1.Policy
+	Policy *v1alpha1.ValidationPolicy
 }
 
 func (p pol) TargetPath() string {

diff --git a/pkg/apis/v1alpha1/assertions.go b/pkg/apis/v1alpha1/assertions.go
diff --git a/pkg/apis/v1alpha1/validation.go b/pkg/apis/v1alpha1/validation.go
diff --git a/pkg/apis/v1alpha1/policy.go → pkg/apis/v1alpha1/validation_policy.go b/pkg/apis/v1alpha1/policy.go → pkg/apis/v1alpha1/validation_policy.go
@@ -10,8 +10,8 @@ import (
 // +kubebuilder:object:root=true
 // +kubebuilder:resource:scope=Cluster
 
-// Policy is the resource that contains the policy definition.
-type Policy struct {
+// ValidationPolicy is the resource that contains the policy definition.
+type ValidationPolicy struct {
 	metav1.TypeMeta `json:",inline"`
 
 	// Standard object's metadata.
@@ -24,9 +24,9 @@ type Policy struct {
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
-// PolicyList is a list of Policy instances.
-type PolicyList struct {
+// ValidationPolicyList is a list of Policy instances.
+type ValidationPolicyList struct {
 	metav1.TypeMeta `json:",inline" yaml:",inline"`
 	metav1.ListMeta `json:"metadata" yaml:"metadata"`
-	Items           []Policy `json:"items" yaml:"items"`
+	Items           []ValidationPolicy `json:"items" yaml:"items"`
 }
diff --git a/pkg/apis/v1alpha1/policy_spec.go → pkg/apis/v1alpha1/validation_policy_spec.go b/pkg/apis/v1alpha1/policy_spec.go → pkg/apis/v1alpha1/validation_policy_spec.go
@@ -2,5 +2,5 @@ package v1alpha1
 
 type PolicySpec struct {
 	// Rules is a list of Rule instances. A Policy contains multiple rules and each rule can validate, mutate, or generate resources.
-	Rules []Rule `json:"rules,omitempty"`
+	Rules []ValidationRule `json:"rules,omitempty"`
 }
diff --git a/pkg/apis/v1alpha1/rule.go → pkg/apis/v1alpha1/validation_rule.go b/pkg/apis/v1alpha1/rule.go → pkg/apis/v1alpha1/validation_rule.go
@@ -1,6 +1,6 @@
 package v1alpha1
 
-type Rule struct {
+type ValidationRule struct {
 	// Name is a label to identify the rule, It must be unique within the policy.
 	// +kubebuilder:validation:MaxLength=63
 	Name string `json:"name"`
@@ -19,6 +19,6 @@ type Rule struct {
 	// and admission review request information like the name or role.
 	Exclude *Match `json:"exclude,omitempty"`
 
-	// Validation is used to validate matching resources.
-	Validation *Validation `json:"validate,omitempty"`
+	// Assert is used to validate matching resources.
+	Assert *Assert `json:"assert,omitempty"`
 }