Please wait. This can take some minutes ...
Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $
You can buy this project and download/modify it how often you want.
com.pulumi.kubernetes.admissionregistration.v1.inputs.ValidatingAdmissionPolicyBindingSpecArgs Maven / Gradle / Ivy
Go to download
A Pulumi package for creating and managing Kubernetes resources.
// *** WARNING: this file was generated by pulumi-java-gen. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package com.pulumi.kubernetes.admissionregistration.v1.inputs;
import com.pulumi.core.Output;
import com.pulumi.core.annotations.Import;
import com.pulumi.kubernetes.admissionregistration.v1.inputs.MatchResourcesArgs;
import com.pulumi.kubernetes.admissionregistration.v1.inputs.ParamRefArgs;
import java.lang.String;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Nullable;
/**
* ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.
*
*/
public final class ValidatingAdmissionPolicyBindingSpecArgs extends com.pulumi.resources.ResourceArgs {
public static final ValidatingAdmissionPolicyBindingSpecArgs Empty = new ValidatingAdmissionPolicyBindingSpecArgs();
/**
* MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.
*
*/
@Import(name="matchResources")
private @Nullable Output matchResources;
/**
* @return MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.
*
*/
public Optional> matchResources() {
return Optional.ofNullable(this.matchResources);
}
/**
* paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.
*
*/
@Import(name="paramRef")
private @Nullable Output paramRef;
/**
* @return paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.
*
*/
public Optional> paramRef() {
return Optional.ofNullable(this.paramRef);
}
/**
* PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.
*
*/
@Import(name="policyName")
private @Nullable Output policyName;
/**
* @return PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.
*
*/
public Optional> policyName() {
return Optional.ofNullable(this.policyName);
}
/**
* validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.
*
* Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.
*
* validationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.
*
* The supported actions values are:
*
* "Deny" specifies that a validation failure results in a denied request.
*
* "Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.
*
* "Audit" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{"message": "Invalid value", {"policy": "policy.example.com", {"binding": "policybinding.example.com", {"expressionIndex": "1", {"validationActions": ["Audit"]}]"`
*
* Clients should expect to handle additional values by ignoring any values not recognized.
*
* "Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.
*
* Required.
*
*/
@Import(name="validationActions")
private @Nullable Output> validationActions;
/**
* @return validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.
*
* Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.
*
* validationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.
*
* The supported actions values are:
*
* "Deny" specifies that a validation failure results in a denied request.
*
* "Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.
*
* "Audit" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{"message": "Invalid value", {"policy": "policy.example.com", {"binding": "policybinding.example.com", {"expressionIndex": "1", {"validationActions": ["Audit"]}]"`
*
* Clients should expect to handle additional values by ignoring any values not recognized.
*
* "Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.
*
* Required.
*
*/
public Optional>> validationActions() {
return Optional.ofNullable(this.validationActions);
}
private ValidatingAdmissionPolicyBindingSpecArgs() {}
private ValidatingAdmissionPolicyBindingSpecArgs(ValidatingAdmissionPolicyBindingSpecArgs $) {
this.matchResources = $.matchResources;
this.paramRef = $.paramRef;
this.policyName = $.policyName;
this.validationActions = $.validationActions;
}
public static Builder builder() {
return new Builder();
}
public static Builder builder(ValidatingAdmissionPolicyBindingSpecArgs defaults) {
return new Builder(defaults);
}
public static final class Builder {
private ValidatingAdmissionPolicyBindingSpecArgs $;
public Builder() {
$ = new ValidatingAdmissionPolicyBindingSpecArgs();
}
public Builder(ValidatingAdmissionPolicyBindingSpecArgs defaults) {
$ = new ValidatingAdmissionPolicyBindingSpecArgs(Objects.requireNonNull(defaults));
}
/**
* @param matchResources MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.
*
* @return builder
*
*/
public Builder matchResources(@Nullable Output matchResources) {
$.matchResources = matchResources;
return this;
}
/**
* @param matchResources MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.
*
* @return builder
*
*/
public Builder matchResources(MatchResourcesArgs matchResources) {
return matchResources(Output.of(matchResources));
}
/**
* @param paramRef paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.
*
* @return builder
*
*/
public Builder paramRef(@Nullable Output paramRef) {
$.paramRef = paramRef;
return this;
}
/**
* @param paramRef paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.
*
* @return builder
*
*/
public Builder paramRef(ParamRefArgs paramRef) {
return paramRef(Output.of(paramRef));
}
/**
* @param policyName PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.
*
* @return builder
*
*/
public Builder policyName(@Nullable Output policyName) {
$.policyName = policyName;
return this;
}
/**
* @param policyName PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.
*
* @return builder
*
*/
public Builder policyName(String policyName) {
return policyName(Output.of(policyName));
}
/**
* @param validationActions validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.
*
* Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.
*
* validationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.
*
* The supported actions values are:
*
* "Deny" specifies that a validation failure results in a denied request.
*
* "Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.
*
* "Audit" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{"message": "Invalid value", {"policy": "policy.example.com", {"binding": "policybinding.example.com", {"expressionIndex": "1", {"validationActions": ["Audit"]}]"`
*
* Clients should expect to handle additional values by ignoring any values not recognized.
*
* "Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.
*
* Required.
*
* @return builder
*
*/
public Builder validationActions(@Nullable Output> validationActions) {
$.validationActions = validationActions;
return this;
}
/**
* @param validationActions validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.
*
* Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.
*
* validationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.
*
* The supported actions values are:
*
* "Deny" specifies that a validation failure results in a denied request.
*
* "Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.
*
* "Audit" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{"message": "Invalid value", {"policy": "policy.example.com", {"binding": "policybinding.example.com", {"expressionIndex": "1", {"validationActions": ["Audit"]}]"`
*
* Clients should expect to handle additional values by ignoring any values not recognized.
*
* "Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.
*
* Required.
*
* @return builder
*
*/
public Builder validationActions(List validationActions) {
return validationActions(Output.of(validationActions));
}
/**
* @param validationActions validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.
*
* Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.
*
* validationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.
*
* The supported actions values are:
*
* "Deny" specifies that a validation failure results in a denied request.
*
* "Warn" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.
*
* "Audit" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `"validation.policy.admission.k8s.io/validation_failure": "[{"message": "Invalid value", {"policy": "policy.example.com", {"binding": "policybinding.example.com", {"expressionIndex": "1", {"validationActions": ["Audit"]}]"`
*
* Clients should expect to handle additional values by ignoring any values not recognized.
*
* "Deny" and "Warn" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.
*
* Required.
*
* @return builder
*
*/
public Builder validationActions(String... validationActions) {
return validationActions(List.of(validationActions));
}
public ValidatingAdmissionPolicyBindingSpecArgs build() {
return $;
}
}
}